ntxinh/HashingOptions.cs

## appsettings.json
{
  "Hashing": {
    "Iterations": 10000
  }
}

## HashingOptions.cs
// Source: https://medium.com/dealeron-dev/storing-passwords-in-net-core-3de29a3da4d2
namespace Core.Services.Hash
{
    public sealed class HashingOptions
    {
        public const string Hashing = "Hashing";

        public int Iterations { get; set; } = 10000;
    }
}

## IPasswordHasher.cs
namespace Core.Services.Hash
{
    public interface IPasswordHasher
    {
        string Hash(string password);

        (bool Verified, bool NeedsUpgrade) Check(string hash, string password);
    }
}

## PasswordHasher.cs
using System;
using System.Linq;
using System.Security.Cryptography;
using Microsoft.Extensions.Options;

namespace Core.Services.Hash
{
    public sealed class PasswordHasher : IPasswordHasher
    {
        private const int SaltSize = 16; // 128 bit
        private const int KeySize = 32; // 256 bit

        public PasswordHasher(IOptions<HashingOptions> options)
        {
            Options = options.Value;
        }

        private HashingOptions Options { get; }

        public string Hash(string password)
        {
            using (var algorithm = new Rfc2898DeriveBytes(
                password,
                SaltSize,
                Options.Iterations,
                HashAlgorithmName.SHA512))
            {
                var key = Convert.ToBase64String(algorithm.GetBytes(KeySize));
                var salt = Convert.ToBase64String(algorithm.Salt);

                return $"{Options.Iterations}.{salt}.{key}";
            }
        }

        public (bool Verified, bool NeedsUpgrade) Check(string hash, string password)
        {
            var parts = hash.Split('.', 3);

            if (parts.Length != 3)
            {
                throw new FormatException("Unexpected hash format. " +
                    "Should be formatted as `{iterations}.{salt}.{hash}`");
            }

            var iterations = Convert.ToInt32(parts[0]);
            var salt = Convert.FromBase64String(parts[1]);
            var key = Convert.FromBase64String(parts[2]);

            var needsUpgrade = iterations != Options.Iterations;

            using (var algorithm = new Rfc2898DeriveBytes(
                password,
                salt,
                iterations,
                HashAlgorithmName.SHA512))
            {
                var keyToCheck = algorithm.GetBytes(KeySize);

                var verified = keyToCheck.SequenceEqual(key);

                return (verified, needsUpgrade);
            }
        }
    }
}

## Startup.cs
namespace Core
{
    public class Startup
    {
        public void ConfigureServices(IServiceCollection services)
        {
            services.Configure<HashingOptions>(Configuration.GetSection(HashingOptions.Hashing));
            services.AddScoped<IPasswordHasher, PasswordHasher>();
        }
    }
}
	// Source: https://medium.com/dealeron-dev/storing-passwords-in-net-core-3de29a3da4d2
	namespace Core.Services.Hash
	{
	public sealed class HashingOptions
	{
	public const string Hashing = "Hashing";

	public int Iterations { get; set; } = 10000;
	}
	}
	namespace Core.Services.Hash
	{
	public interface IPasswordHasher
	{
	string Hash(string password);

	(bool Verified, bool NeedsUpgrade) Check(string hash, string password);
	}
	}
	using System;
	using System.Linq;
	using System.Security.Cryptography;
	using Microsoft.Extensions.Options;

	namespace Core.Services.Hash
	{
	public sealed class PasswordHasher : IPasswordHasher
	{
	private const int SaltSize = 16; // 128 bit
	private const int KeySize = 32; // 256 bit

	public PasswordHasher(IOptions<HashingOptions> options)
	{
	Options = options.Value;
	}

	private HashingOptions Options { get; }

	public string Hash(string password)
	{
	using (var algorithm = new Rfc2898DeriveBytes(
	password,
	SaltSize,
	Options.Iterations,
	HashAlgorithmName.SHA512))
	{
	var key = Convert.ToBase64String(algorithm.GetBytes(KeySize));
	var salt = Convert.ToBase64String(algorithm.Salt);

	return $"{Options.Iterations}.{salt}.{key}";
	}
	}

	public (bool Verified, bool NeedsUpgrade) Check(string hash, string password)
	{
	var parts = hash.Split('.', 3);

	if (parts.Length != 3)
	{
	throw new FormatException("Unexpected hash format. " +
	"Should be formatted as `{iterations}.{salt}.{hash}`");
	}

	var iterations = Convert.ToInt32(parts[0]);
	var salt = Convert.FromBase64String(parts[1]);
	var key = Convert.FromBase64String(parts[2]);

	var needsUpgrade = iterations != Options.Iterations;

	using (var algorithm = new Rfc2898DeriveBytes(
	password,
	salt,
	iterations,
	HashAlgorithmName.SHA512))
	{
	var keyToCheck = algorithm.GetBytes(KeySize);

	var verified = keyToCheck.SequenceEqual(key);

	return (verified, needsUpgrade);
	}
	}
	}
	}
	namespace Core
	{
	public class Startup
	{
	public void ConfigureServices(IServiceCollection services)
	{
	services.Configure<HashingOptions>(Configuration.GetSection(HashingOptions.Hashing));
	services.AddScoped<IPasswordHasher, PasswordHasher>();
	}
	}
	}