Question 87207 in ASP.NET Question posted in
The official documentation can be found here.

Bcrypt Verify always returning false – Asp.net

 [HttpPost("signUp")]
    public async Task<ActionResult<Users>> PostUserRegister(Users user)
    {
        if (userEmailExists(user.Email))
        {
            return BadRequest();
        }

        string salt = BC.GenerateSalt(12);
        // hash password
        user.Password = BC.HashPassword(user.Password, salt);

        _context.Database.ExecuteSqlRaw("EXECUTE dbo.UserRegister @userName, @firstName, @lastName, @Password, @userEmail, @gender, @dob",
        new SqlParameter("@userName", user.UserName.ToString()),
        new SqlParameter("@firstName", user.FirstName.ToString()),
        new SqlParameter("@lastName", user.LastName.ToString()),
        new SqlParameter("@Password", user.Password.ToString()),
        new SqlParameter("@userEmail", user.Email.ToString()),
        new SqlParameter("@gender", user.Gender.ToString()),
        new SqlParameter("@dob", user.Dob));

       /* var format = "dd/MM/yyyy";

        var date = DateTime.ParseExact(user.Dob, format);*/

        return Ok(user);
        //_context.Users.Add(users);
        //await _context.SaveChangesAsync();

        //return CreatedAtAction("GetUsers", new { id = users.UserId }, users);
    }

Im siging a new user up like this. Hashing the password using Bcrypt.

using BC = BCrypt.Net.BCrypt;

[HttpPost("login")]
    public async Task<ActionResult<Users>> PostUserLogin(Users user)
    {
        // get account from database
        var account = _context.Users.SingleOrDefault(x => x.Email == user.Email);

        // check account found and verify password
        if (account == null || !BC.Verify(user.Password, account.Password))
        {
            // authentication failed
            return Unauthorized(user);
        }
        else
        {
            // authentication successful
            return Ok(user);
        }

Then I try to verify the password in the login function. When i debug to see the values of user.Password and account.Password they are correct. the user.Password is equal to the password the user entered to register and the account.Password is the Hashed password stored in the database. I was trying to follow this tutorial ASP.NET Core 3.1 – Hash and Verify Passwords with BCrypt

Tags:

2

Answers


  1. 0

    I have read the blog you provided. And I think we should double check below points.

    1. The format of Password in your db,if the orginal password is 11, then the value stored should like :

      $2a$12$NTuJLk9/xZnlxP.oFj1mu.1ZypqYP4YuS1QbTBy7ofJwzKLSEEVBq

    2. In this line BC.Verify(user.Password, account.Password),

      The value of user.Password

      user.Password == 11

      And the value of account.Password

      account.Password == $2a$12$NTuJLk9/xZnlxP.oFj1mu.1ZypqYP4YuS1QbTBy7ofJwzKLSEEVBq

    Please double check it, if you still have some issue, you can add the picture with debugging result.

    Login or Signup to reply.
  2. 0

    i have same problem with bCrypt like you.

    The main problem was much simpler than I thought. The main reason for this was that I used uppercase and lowercase letters when I received and saved the password.

    I Fixed this problem with make my password input to lower and save it to db
    And When i want to verify it , i make the password lowercase again .

            user.Password = BC.HashPassword(user.Password.ToLower(), salt);

    and when you want to Verify , use it like this:

      if (account == null || !BC.Verify(user.Password.ToLower(),account.Password))

    I Think This is your question Answer.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search