How to check asp.net core hash password in stored procedure

Jose Daniel Navarro Brito 61 Reputation points
2024-09-12T17:25:29.8433333+00:00

Hi there;

There are countless of SQL stored procedures examples that check plain text passwords which is a bad security practice. I initially used ASP.NET Core Identity so the password were hashed and saved in the datatabase, but not I want to use DAPPER as a User Store. My question is

  1. Does asp.net core hashes the passwords also using Dapper as an User Store?
  2. If not, how I manually hash the password before passing as a parameter in the web Api.

Thanks in advance.

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,593 questions
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,500 questions
ASP.NET API
ASP.NET API
ASP.NET: A set of technologies in the .NET Framework for building web applications and XML web services.API: A software intermediary that allows two applications to interact with each other.
340 questions
Transact-SQL
Transact-SQL
A Microsoft extension to the ANSI SQL language that includes procedural programming, local variables, and various support functions.
4,647 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. AgaveJoe 28,456 Reputation points
    2024-09-12T19:44:10.1+00:00

    Does asp.net core hashes the passwords also using Dapper as an User Store?

    You'll write asp.net Core code to hash the password. The password hash is stored in your User Store table. The official documentation covers the basics.

    https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/consumer-apis/password-hashing?view=aspnetcore-8.0

    0 comments No comments

  2. SurferOnWww 3,066 Reputation points
    2024-09-13T01:16:25.39+00:00
    1. Does asp.net core hashes the passwords also using Dapper as an User Store?

    Yes. Please consider customizing the storage provider for the ASP.NET Core Identity as described in the following Microsoft document:

    Custom storage providers for ASP.NET Core Identity

    enter image description here

    "To create a custom storage provider, create the data source, the data access layer, and the store classes that interact with this data access layer (the green and grey boxes in the diagram above). You don't need to customize the managers or your app code that interacts with them (the blue boxes above)."

    The "Identity Manager" layer (the blue box in the above figure) automatically hashes the password and stores the hashed password in the database.

    In addition to the password hash, the "Identity Manager" layer enables the validations of user id and password according to the settings described in the Microsoft document Configure Identity services.

    Therefore, the customized provider will work as a part of the ASP.NET Core Identity system in which automatic redirect to login page, authentication cookie generation and the other functions required for the user authentication are made available.

    As for sample codes please see the following documents:

    Customize ASP.NET Core Identity

    Using your own database schema and classes with ASP.NET Core Identity and Entity Framework Core

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.