How to compare password by SS

I use UserAuth to create user,and now i want to user to reset their password, before reset password, i want to compare the old password(has encrypted) and the user’s input password(raw string).

Could you tell me how to compare password by SS?

i find this gist

in the TryAuthenticate method (you can search in Git) you see such call:

var saltedHash = HostContext.Resolve<IHashProvider>();
return saltedHash.VerifyHashString(password, userAuth.PasswordHash, userAuth.Salt);

where saltedHash can be new SaltedHash(); it always depend on the method that you used to create the password in the first place.

this will return true is the password is a match.

if you are using an AuthRepository you might be better just call the method yourself:

IUserAuth userAuth = null;
var authRepo = ServiceLocator.Current.GetInstance<MyAuthRepository>();
if(!authRepo.TryAuthenticate(userName, password, out userAuth)) {
  throw new Exception("User mismatch");

// you have the user as userAuth, and you can use that object to update the new password with a call to UpdateUserAuth()
1 Like