C
C#2y ago
Thinker

❔ Where to store hashed user passwords

I'm working on a really small project just to learn more about ASP.NET and DB stuff. I have a users system, and my DB user entity and user model look like this 
public sealed class UserEntity
{
    public ulong Id { get; set; }
    public required string Username { get; set; }
    public required string HashedPassword { get; set; }
}
public sealed class UserEntity
{
    public ulong Id { get; set; }
    public required string Username { get; set; }
    public required string HashedPassword { get; set; }
}
public sealed record UserModel(
    string Username);
public sealed record UserModel(
    string Username);
Whenever I need to check the password in my endpoints, I'm just doing so by getting the user entity directly from the DB. However, this feels kinda wrong, since ideally I'd have some kind of service which returns users from the DB. So my question is, would it be better to have the HashedPassword in the model instead of the entity? The issue then becomes that I'd need a third DTO type which is the same as the model but without the password which I return from my endpoints, and that feels kinda annoying.
8 Replies
Angius
Angius2y ago
The hashed password needs to be in the entity one way or another, since the entity describes the database table I'd say go ahead with another DTO
spontaneously broken
spontaneously broken2y ago
well the original password shouldn't be kept anyway...
Thinker
Thinker2y ago
Well it's hashed and salted (I think)
spontaneously broken
spontaneously broken2y ago
ah ok
Thinker
Thinker2y ago
That's why it's HashedPassword Need to keep it somewhere such that it's accessible to the rest of my services but not exposed to the API But yeah I'll use a DTO, sounds decent enough
spontaneously broken
spontaneously broken2y ago
we have authentication data enitrely on another db (because of gdpr and stuff) i think that's common practice (for decent size systems)
Thinker
Thinker2y ago
My system is miniscule
Accord
Accord2y ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server
More Posts
❔ Is there a way to remove brackets from empty methods?E.g. ```CS public MismatchedEnumLengthsException() : base("Length of values and enums are different.❔ compare two datessee below <:RoleAssociate:605486956700237856>hello can someone fix me please and also tell me why im dumbpublic class PlayerGUI : MonoBehaviour { public float playerMoveSpeed; public float pla❔ how to save text from TextBox to file?without save file window❔ I can't autocomplete on VS code :cI tried many ways to fix this but nothing works. Help!❔ Can I generalise this method?```CS public static IEnumerable<Enum> TransformIdToEnums(string value, params Type[] enums) { st❔ c# helphow can i make ipv6 altering application using c#❔ Cross-platform keyboard and mouse automation library wantedAnyone knows a .NET library that is on par with pyautogui? Specifically, waiting for a key to be preHow to change the icon for Android in a Maui/Blazor application?Net 7.0, latest visual studio preview. I have a simple (beginner) one page Maui/Blazor app that is ❔ EF Core Code-first relationshipsHi there, I am trying to create a coffee vending machine application. But, I can't quite work the re