Home > front end >  Bcrypt Verify always returning false
Bcrypt Verify always returning false

Time:04-09

 [HttpPost("signUp")]
    public async Task<ActionResult<Users>> PostUserRegister(Users user)
    {
        if (userEmailExists(user.Email))
        {
            return BadRequest();
        }

        string salt = BC.GenerateSalt(12);
        // hash password
        user.Password = BC.HashPassword(user.Password, salt);

        _context.Database.ExecuteSqlRaw("EXECUTE dbo.UserRegister @userName, @firstName, @lastName, @Password, @userEmail, @gender, @dob",
        new SqlParameter("@userName", user.UserName.ToString()),
        new SqlParameter("@firstName", user.FirstName.ToString()),
        new SqlParameter("@lastName", user.LastName.ToString()),
        new SqlParameter("@Password", user.Password.ToString()),
        new SqlParameter("@userEmail", user.Email.ToString()),
        new SqlParameter("@gender", user.Gender.ToString()),
        new SqlParameter("@dob", user.Dob));

       /* var format = "dd/MM/yyyy";

        var date = DateTime.ParseExact(user.Dob, format);*/

        return Ok(user);
        //_context.Users.Add(users);
        //await _context.SaveChangesAsync();

        //return CreatedAtAction("GetUsers", new { id = users.UserId }, users);
    }

Im siging a new user up like this. Hashing the password using Bcrypt.

using BC = BCrypt.Net.BCrypt;

[HttpPost("login")]
    public async Task<ActionResult<Users>> PostUserLogin(Users user)
    {
        // get account from database
        var account = _context.Users.SingleOrDefault(x => x.Email == user.Email);

        // check account found and verify password
        if (account == null || !BC.Verify(user.Password, account.Password))
        {
            // authentication failed
            return Unauthorized(user);
        }
        else
        {
            // authentication successful
            return Ok(user);
        }

Then I try to verify the password in the login function. When i debug to see the values of user.Password and account.Password they are correct. the user.Password is equal to the password the user entered to register and the account.Password is the Hashed password stored in the database. I was trying to follow this tutorial ASP.NET Core 3.1 - Hash and Verify Passwords with BCrypt

CodePudding user response:

I have read the blog you provided. And I think we should double check below points.

  1. The format of Password in your db,if the orginal password is 11, then the value stored should like :

    $2a$12$NTuJLk9/xZnlxP.oFj1mu.1ZypqYP4YuS1QbTBy7ofJwzKLSEEVBq
    
  2. In this line BC.Verify(user.Password, account.Password),

    The value of user.Password

    user.Password == 11
    

    And the value of account.Password

    account.Password == $2a$12$NTuJLk9/xZnlxP.oFj1mu.1ZypqYP4YuS1QbTBy7ofJwzKLSEEVBq
    

Please double check it, if you still have some issue, you can add the picture with debugging result.

CodePudding user response:

i have same problem with bCrypt like you.

The main problem was much simpler than I thought. The main reason for this was that I used uppercase and lowercase letters when I received and saved the password.

I Fixed this problem with make my password input to lower and save it to db And When i want to verify it , i make the password lowercase again .

        user.Password = BC.HashPassword(user.Password.ToLower(), salt);

and when you want to Verify , use it like this:

  if (account == null || !BC.Verify(user.Password.ToLower(),account.Password))

I Think This is your question Answer.

  • Related