- Store the PasswordHash and salt in the database in the user's account.
- Then, when the user attempts to logon the next time, grab the salt from the database and hash it as usual with the password provided by the user during logon and compare that value to the PasswordHash in the database. If they are the same, the user provided the correct password (whatever that may be). If they are not the same, the password entered was incorrect.
string salt = CreateSalt(TxtPassword.Text.Length); string hash = CreatePasswordHash(TxtPassword.Text, salt);