ASP.NET Identity login

Question

I have a website in MVC 5 using ASP.NET Identity to login a user. Everything works great.

Now my partner needs to login a registered user in his WinForms app. Does a

Answer 1

You can securely hash passwords in .Net Winforms using System.Security.Cryptography however there are a lot of best practices surrounding password hashing. The best way currently is to add a salt to your hashed password, this makes it difficult to crack. Previously developers will save their Salt in the database which is like shooting yourself in the foot. Check out this project hope it helps.

https://github.com/frankodoom/System.Security.Cryptography

Answer 2

If you are using Microsoft.AspNet.Identity.EntityFramework from the MVC app and the WinForm app has access to the same database, then you should configure it to use the same ConnectionString as the MVC application. Add Microsoft.AspNet.Identity.EntityFramework to the WinForm application using nuget.

Then the following code can be used to verify username and password:

public async Task<bool> VerifyUserNamePassword(string userName, string password)
{
   var usermanager = new UserManager<IdentityUser>(new UserStore<IdentityUser>(new IdentityDbContext()));
   return await usermanager.FindAsync(userName, password) != null;
}