ASP.NET Core Security by null
Author:null [null]
Language: eng
Format: epub
Publisher: Manning Publications
Published: 2022-07-25T00:00:00+00:00
The size (in bytes) of the salt (itâs also possible to provide a custom salt).
The number of iterations the algorithm should use. The more iterations, the more secure the hash, but the longer hashing takes. This value is optional, but we will set it, and you will see why in a bit.
The following listing shows a username/password form that mimics the two essential aspects of using a password hash: generating the hash upon registration and validating the hash upon login.
Listing 8.1 The combined registration/login form as a Razor Page
@page @model HashingModel <div class="text-center"> <h1 class="display-4">Password Hashing</h1> <div class="mt-5 mb-5"> <form method="post" action=""> <div class="form-group"> <label class="control-label" for="UserName">User name</label> <input type="text" id="UserName" name="UserName" â¥class="form-control" value="@Model.UserName" /> ⶠ</div> <div class="form-group"> <label class="control-label" for="Password">Password</label> <input type="password" id="Password" name="Password" â¥class="form-control" value="@Model.Password" /> â· </div> <div class="form-group"> <label class="control-label" for="HashToVerify">Hash to â¥verify</label> <input type="text" id="HashToVerify" name="HashToVerify" â¥class="form-control" value="@Model.HashToVerify" /> ⸠</div> <div class="form-group"> <label class="control-label" for="SaltToVerify">Salt to â¥verify</label> <input type="text" id="SaltToVerify" name="SaltToVerify" â¥class="form-control" value="@Model.SaltToVerify" /> â¹ </div> <div class="form-group"> <input type="submit" asp-page-handler="Register" â¥value="Register" class="btn btn-primary" /> ⺠<input type="submit" asp-page-handler="Login" value="Login" â¥class="btn btn-primary" /> â» </div> </form> </div> <div class="mb-3"> @Model?.Message </div> </div>
ⶠShows the username field
â· Shows the password field
⸠Shows the hash field (for mimicking the login)
â¹ Shows the salt field (for mimicking the login)
⺠Shows the Registration button
â» Shows the Login button
The form fields are filled with the values from the model, including the password field. Thatâs not best practice, of course, but it helps us test the hash creation and verification without any extra copy-and-paste efforts. The associated page model class is shown in the next listing.
Listing 8.2 The page model class for the combined registration/login form
using System; using System.Security.Cryptography; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; namespace AspNetCoreSecurity.RazorSamples.Pages { public class HashingModel : PageModel { public string Message { get; set; } = string.Empty; [BindProperty] public string UserName { get; set; } = string.Empty; [BindProperty] public string Password { get; set; } = string.Empty; [BindProperty] public string HashToVerify { get; set; } = string.Empty; [BindProperty] public string SaltToVerify { get; set; } = string.Empty; public void OnPostRegister() ⶠ{ // TODO } public void OnPostLogin() ⷠ{ // TODO } } }
ⶠThe Handler method for the Register button
â· The Handler method for the Login button
We will fill in the blanksâthe code that runs after clicking the Register or Login buttonsâindividually for all the algorithms we will cover. First, the PBKDF2 hash creation:
public void OnPostRegister() { var rfc2898 = new Rfc2898DeriveBytes( ⶠthis.Password, ⶠ32, ⶠ310_000); ⶠvar hash = Convert.ToBase64String(rfc2898.GetBytes(20)); ⷠvar salt = Convert.ToBase64String(rfc2898.Salt); ⸠this.HashToVerify = hash; this.SaltToVerify = salt; this.Message = "Hash created"; }
ⶠInstantiates the Rfc2898DeriveBytes class
â· Pulls out the hash (and Base64-encodes it)
⸠Pulls out the salt (and Base64-encodes it)
The Rfc2898DeriveBytes class creates the hash that is available by calling GetBytes(20), 20 being the default length in bytes of the hash. The automatically generated salt is more conveniently available by accessing the Salt property. Both values are then Base64-encoded and written in the page model properties so that they show up in the form fields.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
| ActiveX | ASP.NET |
| Cold Fusion | CSS |
| DHTML | Java Server Pages |
| JavaScript | PHP |
| Python | Ruby |
| XSL |
Hello! Python by Anthony Briggs(9911)
The Mikado Method by Ola Ellnestam Daniel Brolund(9775)
Dependency Injection in .NET by Mark Seemann(9335)
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7775)
The Well-Grounded Java Developer by Benjamin J. Evans Martijn Verburg(7557)
Svelte with Test-Driven Development by Daniel Irvine(7096)
Test-Driven Development with PHP 8 by Rainier Sarabia(6826)
Layered Design for Ruby on Rails Applications by Dementyev Vladimir;(6689)
Secrets of the JavaScript Ninja by John Resig & Bear Bibeault(6532)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(6409)
Web Development with Django by Ben Shaw Saurabh Badhwar(6157)
React Application Architecture for Production by Alan Alickovic(5878)
Jquery UI in Action : Master the concepts Of Jquery UI: A Step By Step Approach by ANMOL GOYAL(5806)
Kotlin in Action by Dmitry Jemerov(5061)
Audition by Ryu Murakami(4583)
Software Architecture for Web Developers by Mihaela Roxana Ghidersa(4417)
Hands-On Full-Stack Web Development with GraphQL and React by Sebastian Grebe(4315)
Accelerating Server-Side Development with Fastify by Manuel Spigolon Maksim Sinik & Matteo Collina(4269)
Functional Programming in JavaScript by Mantyla Dan(4037)
