Custom authentication in ASP.NET Core using SHA512 algorithm

Download Source Code :- https://github.com/saineshwar/WebSecure

Secure ASP.NET Core Application essential feature Using SHA512 algorithm.

Everyone must store Salt in Different Database other than Main project Database For Security

Each time you create a new application you need essential feature such as

  • Registration
  • Login
  • ChangePassword
  • ResetPassword
  • Email Verification of registered User
  • Sending Email for Reset Password

For Demo, I have used Gmail. (Application is Configured with Gmail For Sending Email enter details in appsettings.json)

Making App Less Secure do at own Risk i am not responsible for it.

  • Open your Google Admin console (admin.google.com).
  • Click Security > Basic settings.
  • Under Less secure apps, select Go to settings for less secure apps.
  • In the subwindow, select the Enforce access to less secure apps for all users radio button. …
  • Click the Save button.

Enable less secure app on Gmail for sending email from localhost :- https://hotter.io/docs/email-accounts/secure-app-gmail/

Registration Process

When User register clicks on submit button on Client-Side SHA512 Hash of the password is created and sent to the server on, on serverside salt is generated and combination [ SHA512 Hash + Salt ] is stored in User Table and salt is stored in UserTokens Table.

A Verification Email is sent to the entered email id. After the Verification, User will able to log into the application. While sending Email we generate key and Unique Token. the key is created using a combination of (Ticks + UserId) “More things can be added to make it more secure” which is Encrypted using AES algorithm. And Unique Token is generated using RNGCryptoServiceProvider.

var linktoverify = _appSettings.VerifyRegistrationUrl + "?key=" + HttpUtility.UrlEncode(encrypt) + "&hashtoken=" + HttpUtility.UrlEncode(token);

Login Process

When User Log into Application using Username and password, according to Username we get UserDetails of the User from User Table and on based of UserId we get User Salt which is stored in UserTokens Table. Next, we are going to combine Posted User Password SHA512 Hash with Stored User Salt and compare with Stored Hash in User Table.

Reset Password Process

Next in Forgot Password Process, we are going ask the user to enter Username and check Username exists in database then we are going to send an email with links to reset the password.

var linktoverify = _appSettings.VerifyResetPasswordUrl + "?key=" + HttpUtility.UrlEncode(encrypt) + "&hashtoken=" + HttpUtility.UrlEncode(token);

After clicking on Reset Password Link it will redirect to Reset Password Page. where you will be entering New Password to change your Password. In the Reset Password process, New password hash and New Salt is created for more security. All Password History is Maintained in PasswordHistory Table.

Change Password Process

Next in Change Password Process, this process is done after login into the application there we are going to ask the user to enter Current password and New Password.
All Password History is Maintained in PasswordHistory Table.

About Platform Used

Targeted Framework .Net Core 3.1

Microsoft Visual Studio Community 2019

Link to download Microsoft Visual Studio Community 2019: – https://visualstudio.microsoft.com/vs/

Microsoft SQL Server 2019

Link to download SQL Server Express: – https://www.microsoft.com/en-us/sql-server/sql-server-downloads

External packages which are used in .Net Core Project

  • Dapper ORM
  • Microsoft.EntityFrameworkCore
  • System.Data.SqlClient
  • Microsoft.EntityFrameworkCore.SqlServer

External JavaScript libraries used

  • js-sha256
  • js-sha512

Getting Started

Restore Database Script

Make changes in appsettings.json Settings

Run Application

Login Page

Registration Page

Email Verification of registered User

Forgot Password

Sending Email for Reset Password

Email Sent for Reset Password

Reset Password

Database

Tables

By Saineshwar Bageri

I am Microsoft MVP | C# Corner MVP | Code Project MVP | FULL STACK .NET Developer and working on .Net Web Technology (Asp.net, Asp.net Core,.Net Core, C#, Sqlserver, MVC, Windows, Console Application, javascript, jquery, json, ORM Dapper) and also a freelance developer.