ntxinh · August 5, 2020 07:08 · Aug 5, 2020 · Aug 5, 2020
diff --git a/HashingOptions.cs b/HashingOptions.cs
@@ -3,6 +3,8 @@ namespace Core.Services.Hash
 {
     public sealed class HashingOptions
     {
+        public const string Hashing = "Hashing";
+
         public int Iterations { get; set; } = 10000;
     }
 }
diff --git a/Startup.cs b/Startup.cs
@@ -4,7 +4,7 @@ public class Startup
     {
         public void ConfigureServices(IServiceCollection services)
         {
-            services.Configure<HashingOptions>(Configuration);
+            services.Configure<HashingOptions>(Configuration.GetSection(HashingOptions.Hashing));
             services.AddScoped<IPasswordHasher, PasswordHasher>();
         }
     }

diff --git a/appsettings.json b/appsettings.json
@@ -0,0 +1,5 @@
+{
+  "Hashing": {
+    "Iterations": 10000
+  }
+}
diff --git a/HashingOptions.cs b/HashingOptions.cs
@@ -0,0 +1,8 @@
+// Source: https://medium.com/dealeron-dev/storing-passwords-in-net-core-3de29a3da4d2
+namespace Core.Services.Hash
+{
+    public sealed class HashingOptions
+    {
+        public int Iterations { get; set; } = 10000;
+    }
+}
diff --git a/IPasswordHasher.cs b/IPasswordHasher.cs
@@ -0,0 +1,9 @@
+namespace Core.Services.Hash
+{
+    public interface IPasswordHasher
+    {
+        string Hash(string password);
+
+        (bool Verified, bool NeedsUpgrade) Check(string hash, string password);
+    }
+}
diff --git a/PasswordHasher.cs b/PasswordHasher.cs
@@ -0,0 +1,65 @@
+using System;
+using System.Linq;
+using System.Security.Cryptography;
+using Microsoft.Extensions.Options;
+
+namespace Core.Services.Hash
+{
+    public sealed class PasswordHasher : IPasswordHasher
+    {
+        private const int SaltSize = 16; // 128 bit
+        private const int KeySize = 32; // 256 bit
+
+        public PasswordHasher(IOptions<HashingOptions> options)
+        {
+            Options = options.Value;
+        }
+
+        private HashingOptions Options { get; }
+
+        public string Hash(string password)
+        {
+            using (var algorithm = new Rfc2898DeriveBytes(
+                password,
+                SaltSize,
+                Options.Iterations,
+                HashAlgorithmName.SHA512))
+            {
+                var key = Convert.ToBase64String(algorithm.GetBytes(KeySize));
+                var salt = Convert.ToBase64String(algorithm.Salt);
+
+                return $"{Options.Iterations}.{salt}.{key}";
+            }
+        }
+
+        public (bool Verified, bool NeedsUpgrade) Check(string hash, string password)
+        {
+            var parts = hash.Split('.', 3);
+
+            if (parts.Length != 3)
+            {
+                throw new FormatException("Unexpected hash format. " +
+                    "Should be formatted as `{iterations}.{salt}.{hash}`");
+            }
+
+            var iterations = Convert.ToInt32(parts[0]);
+            var salt = Convert.FromBase64String(parts[1]);
+            var key = Convert.FromBase64String(parts[2]);
+
+            var needsUpgrade = iterations != Options.Iterations;
+
+            using (var algorithm = new Rfc2898DeriveBytes(
+                password,
+                salt,
+                iterations,
+                HashAlgorithmName.SHA512))
+            {
+                var keyToCheck = algorithm.GetBytes(KeySize);
+
+                var verified = keyToCheck.SequenceEqual(key);
+
+                return (verified, needsUpgrade);
+            }
+        }
+    }
+}
diff --git a/Startup.cs b/Startup.cs
@@ -0,0 +1,11 @@
+namespace Core
+{
+    public class Startup
+    {
+        public void ConfigureServices(IServiceCollection services)
+        {
+            services.Configure<HashingOptions>(Configuration);
+            services.AddScoped<IPasswordHasher, PasswordHasher>();
+        }
+    }
+}
No results found