BaseUser.cs

using System;
using System.Diagnostics.CodeAnalysis;
using System.Security.Cryptography;
using System.Text;
using Raven.Client.UniqueConstraints;

namespace Miyagi.Core.Models
{
    [ExcludeFromCodeCoverage]
    public abstract class BaseUser
    {
        public string Id { get; set; }

        [UniqueConstraint]
        public string Email { get; set; }

        const string ConstantSalt = "z125sahl32c8@";

        protected string HashedPassword { get; private set; }

        private string passwordSalt;

        private string PasswordSalt
        {
            get
            {
                return passwordSalt ?? (passwordSalt = Guid.NewGuid().ToString("N"));
            }

            set { passwordSalt = value; }
        }

        public BaseUser SetPassword(string pwd)
        {
            HashedPassword = GetHashedPassword(pwd);
            return this;
        }

        private string GetHashedPassword(string pwd)
        {
            using (var sha = SHA256.Create())
            {
                var computedHash = sha.ComputeHash(Encoding.Unicode.GetBytes(PasswordSalt + pwd + ConstantSalt));
                return Convert.ToBase64String(computedHash);
            }
        }

        public bool ValidatePassword(string maybePwd)
        {
            if (HashedPassword == null)
                return true;
            return HashedPassword == GetHashedPassword(maybePwd);
        }
    }
}