konstantine
konstantine
PostsComments
CC#
Created by konstantine on 1/19/2024 in #help
BCrypt : EnhancedVerify() doesn't work
Hi ! I'm using BCrypt to hash passwords. The method EnhancedHashPassword() works, but the method EnhancedVerify() doesn't. I have this error during the execution : 
 An unhandled exception has occurred while executing the request.
      BCrypt.Net.SaltParseException: Invalid salt version
 An unhandled exception has occurred while executing the request.
      BCrypt.Net.SaltParseException: Invalid salt version
I'm reading in some old forums that there is a bug in the update of those 2 methods. The hashing one converts in a 2a hashing, whereas the verifying method convets in 2y. Well, this post was 10 years ago. Is still not working ? Did you find a way to work with it ? Thank you Here my code : 
public async Task<ActionResult<User>> PostUser(User user)
{
    var PasswordUserHashed = BCrypt.Net.BCrypt.EnhancedHashPassword(user.PasswordUser, 13);
[...]
}

 [HttpPost("login")]
 public async Task<ActionResult<User>> LoginUser(UserLoginDTO userLoginDTO)
 {
     var userToVerify = await _context.Users.FirstOrDefaultAsync(u => u.EmailUser == userLoginDTO.EmailUser);
     if (BCrypt.Net.BCrypt.EnhancedVerify(userToVerify.PasswordUser, userLoginDTO.PasswordUser, HashType.SHA384))
     {

         return userToVerify;
     }
     return BadRequest();
 } 
public async Task<ActionResult<User>> PostUser(User user)
{
    var PasswordUserHashed = BCrypt.Net.BCrypt.EnhancedHashPassword(user.PasswordUser, 13);
[...]
}

 [HttpPost("login")]
 public async Task<ActionResult<User>> LoginUser(UserLoginDTO userLoginDTO)
 {
     var userToVerify = await _context.Users.FirstOrDefaultAsync(u => u.EmailUser == userLoginDTO.EmailUser);
     if (BCrypt.Net.BCrypt.EnhancedVerify(userToVerify.PasswordUser, userLoginDTO.PasswordUser, HashType.SHA384))
     {

         return userToVerify;
     }
     return BadRequest();
 }
3 replies
CC#
Created by konstantine on 1/16/2024 in #help
✅ Hashing password - ASP.NET Core Identity PasswordHasher
Hi guys, I'm trying to use ASP.NET Core Identity PasswordHasher. I followed this documentation : https://andrewlock.net/exploring-the-asp-net-core-identity-passwordhasher/ but I have errors of conversion (string to User). First, what's the best way to hash password ? Then, what documentation should your recommend to learn to use it ? Thank you!
51 replies