From the course: ASP.NET: Security
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Adding password hashing to the app
- [Instructor] I have implemented a rather simple helper class which provides static methods to hash a password and to verify a password against a hash. So, I'm essentially storing the Hash and the Salt. Now, you could argue that you maybe should also store the number of iterations. This would be an idea for an additional refactoring of the app. So far, the number of iterations is constant and is always 10,000. Now, I'm using these two methods when I initialize the database. So, instead of just writing the passwords directly into the database, I'm hashing them. Of course, I could use the hashes here as well so I could precalculate them, but that way you just see how we can call the HashPassword functionality from here. In the User model, conveniently I already have the Salt and the Hash as properties, but I could and should get rid of the password. This change to the model will also lead to the situation that the database will be regenerated thanks to the Shopinitializer using…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Storing secrets in Web.config4m 19s
-
(Locked)
Externalizing Web.config settings3m 35s
-
(Locked)
Encrypting Web.config4m 21s
-
(Locked)
Azure Key Vault2m 36s
-
(Locked)
Managing the Key Vault with Azure Shell4m 45s
-
(Locked)
Password hashing1m 20s
-
(Locked)
Adding password hashing to the app3m 18s
-
(Locked)
-
-
-