I have a website in MVC 5 using ASP.NET Identity to login a user. Everything works great.

Now my partner needs to login a registered user in his WinForms app. Does anyone know the password hashing algorythm used by Identity or how can I authenticate the user in the WinForms app?

Any tips would be apreciated.

Best regards.

If you are using Microsoft.AspNet.Identity.EntityFramework from the MVC app and the WinForm app has access to the same database, then you should configure it to use the same ConnectionString as the MVC application. Add Microsoft.AspNet.Identity.EntityFramework to the WinForm application using nuget.

Then the following code can be used to verify username and password:

public async Task<bool> VerifyUserNamePassword(string userName, string password)
{
   var usermanager = new UserManager<IdentityUser>(new UserStore<IdentityUser>(new IdentityDbContext()));
   return await usermanager.FindAsync(userName, password) != null;
}

You can securely hash passwords in .Net Winforms using System.Security.Cryptography however there are a lot of best practices surrounding password hashing. The best way currently is to add a salt to your hashed password, this makes it difficult to crack. Previously developers will save their Salt in the database which is like shooting yourself in the foot. Check out this project hope it helps.

https://github.com/frankodoom/System.Security.Cryptography