ASP.NET MVC 3 app, BCrypt.CheckPassword failing

Question

I\'m working on implementing security in an ASP.NET MVC 3 application, and am using the BCrypt implementation found here to handle encryption and verification of passwords.

Answer 1

HttpUtility.HtmlDecode() is used when the user is created, before the password is originally hashed:

Password = Password.Hash(HttpUtility.HtmlDecode(registration.Password)),

However, HttpUtility.HtmlDecode() is not used when later when comparing password to hash, in

var authorized = _repository.CredentialsAreValid(HttpUtility.HtmlDecode(login.username), login.password);

Perhaps a slight change to:

var authorized = _repository.CredentialsAreValid(HttpUtility.HtmlDecode(login.username), HttpUtility.HtmlDecode(login.password));

I realize this is an older question but I'm contemplating using BCrypt and this question raised a potential flag for me so I'm interested in knowing if this resolves this issue. I apologize, I'm not in a position at the moment to verify my answer, but I hope it helps.