(Classic ASP) BCrypt Verify a Password (Check if Password is Correct)

A system that uses BCrypt for storing passwords would not store the actual password, but would instead store the bcrypt hash of the password. When a user presents the password, such as for login, call BCryptVerify to verify the password against the stored bcrypt hash.

Note: This example requires Chilkat v9.5.0.65 or greater.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
' This example assumes the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Crypt2")
set crypt = Server.CreateObject("Chilkat.Crypt2")

storedHash = "$2a$10$H5kIVktMGzAPKGKNAe9DVu0iwEqfhv/o4MMJ/Dzw/MPy1leOE9NOK"
password = "mySecretPassword"

passwordValid = crypt.BCryptVerify(password,storedHash)
If (passwordValid = 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( password & " is valid.") & "</pre>"
Else
    Response.Write "<pre>" & Server.HTMLEncode( password & " is NOT valid.") & "</pre>"
End If

password = "notAValidPassword"
passwordValid = crypt.BCryptVerify(password,storedHash)
If (passwordValid = 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( password & " is valid.") & "</pre>"
Else
    Response.Write "<pre>" & Server.HTMLEncode( password & " is NOT valid.") & "</pre>"
End If

' Output should be:

' 	mySecretPassword is valid.
' 	notAValidPassword is NOT valid.

%>
</body>
</html>