I have a table "admins" , and I want to seed data into it. the table has a password(nvarchar(128)) field and a password_salt(varbinary(1024)) field.
And the model is like this :
public string Password { get; set; }
public byte[] PasswordSalt { get; set; }
when I create a new admin, I create a password hash and a password salt like this :
public Admins Register(Admins admin)
{
CreatePasswordHash(admin.Password, out string passwordHash, out Byte[] passwordSalt);
admin.Password = passwordHash;
admin.PasswordSalt = passwordSalt;
//rest of code
}
private void CreatePasswordHash(string password, out string passwordHash, out Byte[] passwordSalt)
{
using (var hmac = new System.Security.Cryptography.HMACSHA512())
{
Byte[] buffer = hmac.ComputeHash(Encoding.Unicode.GetBytes(password));
passwordHash = Encoding.Unicode.GetString(buffer);
passwordSalt = hmac.Key;
}
}
How can I seed such table? what should I put in the password salt field? it's a byte[] and I don't know how to acquire it and put in in my migrationBuilder.InsertData()
method.
You could generate a 128-bit salt using a secure RandomNumberGenerator, and use KeyDerivation.Pbkdf2 to hash the passwords, please refer the following sample:
Create Admin Class and add the related properties:
public class Admin
{
[Key]
public int ID { get; set; }
public string AdminName { get; set; }
public string Password { get; set; }
public byte[] PasswordSalt { get; set; }
}
Create ModelBuilderExtensions: add initial data and hash the passwords
public static class ModelBuilderExtensions
{
public static void Seed(this ModelBuilder modelBuilder)
{
modelBuilder.Entity<Admin>().HasData(
CreateAdmin(1,"Dillion", "Password01"),
CreateAdmin(2,"Tom", "Password02"),
CreateAdmin(3, "David", "Password03")
);
}
public static Admin CreateAdmin(int id, string name, string password)
{
var admin = new Admin();
byte[] salt = new byte[128 / 8];
using (var rng = RandomNumberGenerator.Create())
{
rng.GetBytes(salt);
}
admin.PasswordSalt = salt;
//Console.WriteLine($"Salt: {Convert.ToBase64String(salt)}");
// derive a 256-bit subkey (use HMACSHA1 with 10,000 iterations)
string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
password: password,
salt: salt,
prf: KeyDerivationPrf.HMACSHA1,
iterationCount: 10000,
numBytesRequested: 256 / 8));
admin.Password = hashed;
admin.AdminName = name;
admin.ID = id;
return admin;
}
}
Call the seed() method in the OnModelCreating method:
public class ApplicationDbContext : DbContext
{
public DbSet<Admin> Admins { get; set; }
public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options) : base(options)
{
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.Seed();
}
}
Enable migration using the following commands:
add-migration AddAdmin -context ApplicationDbContext
update-database -context ApplicationDbContext
Check the Admin table:
More details information, check the following articles:
Hash passwords in ASP.NET Core