Singulink.Cryptography.Pwned.Client 2.0.0

Prefix Reserved
dotnet add package Singulink.Cryptography.Pwned.Client --version 2.0.0
                    
NuGet\Install-Package Singulink.Cryptography.Pwned.Client -Version 2.0.0
                    
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Singulink.Cryptography.Pwned.Client" Version="2.0.0" />
                    
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="Singulink.Cryptography.Pwned.Client" Version="2.0.0" />
                    
Directory.Packages.props
<PackageReference Include="Singulink.Cryptography.Pwned.Client" />
                    
Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add Singulink.Cryptography.Pwned.Client --version 2.0.0
                    
#r "nuget: Singulink.Cryptography.Pwned.Client, 2.0.0"
                    
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package Singulink.Cryptography.Pwned.Client@2.0.0
                    
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=Singulink.Cryptography.Pwned.Client&version=2.0.0
                    
Install as a Cake Addin
#tool nuget:?package=Singulink.Cryptography.Pwned.Client&version=2.0.0
                    
Install as a Cake Tool

Singulink.Cryptography.Pwned

Chat on Discord View nuget packages Build and Test

Singulink.Cryptography.Pwned is a .NET project that contains a simple client and server for checking if passwords have been compromised in a data breach using the Have I Been Pwned database. It provides a simple and efficient way to verify the security of passwords against a large database of known compromised passwords.

There are limited benefits (and several drawbacks) to using this library if you do not intend to self-host the service internally - you are much better off using any one of the many other available .NET client libraries that call into the official Have I Been Pwned API service in that case.

If you are looking to self-host you are in the right place, so continue on! 😃

We are a small team of engineers and designers dedicated to building beautiful, functional, and well-engineered software solutions. We offer very competitive rates as well as fixed-price contracts and welcome inquiries to discuss any custom development / project support needs you may have.

This package is part of our Singulink Libraries collection. Visit https://github.com/Singulink to see our full list of publicly available libraries and other open-source projects.

Usage

This repository is used for our own infrastructure needs but is open-sourced so anyone else who wants to host an internal pwned password checking service to avoid calling out to an external service can easily do so. You are welcome to use the client without running your own service for testing (the client defaults to using our publicly accessible service), and while you can use our service in production, you are encouraged to host your own service for that purpose. You can take our API for a test drive at https://pwned.singulink.com/swagger.

If you do use our publicly available service, we kindly ask that you limit usage to testing and/or checking passwords during actual user interactions like registration / login / password changes, and not for anything that involves bulk checking of passwords. If you have a high-volume application or need to check large numbers of passwords for a different purpose, please run your own instance of the service or download the Pwned data locally and run your checks against that.

Installation

A client package is available on NuGet - simply install the Singulink.Cryptography.Pwned.Client package.

Supported Runtimes: Everywhere .NET Standard 2.0 is supported, including:

  • .NET
  • .NET Framework
  • Mono / Xamarin

End-of-life runtime versions that are no longer officially supported are not tested or supported by this library.

For running the service on your own infrastructure, deploy Singulink.Cryptography.Pwned.Service to your desired hosting destination. The project is a .NET 9.0 web service that can be hosted in IIS, Azure, or any other suitable .NET hosting environment. You will need to configure your own database connection string in appsettings.json and import the Pwned passwords into a Passwords table with Hash and Count columns. It is currently setup for MSSQL but any EF Core provider can be used. At the time of this writing, importing pwned data into a database results in a data file that is ~80GB in size.

You can point the client to your own service by setting PwnedClient.DefaultBaseAddress or by configuring your DI container so it injects an IHttpClientFactory that returns HttpClient instances with HttpClient.BaseAddress set.

Note: While the service contains a /CheckPassword endpoint that allows you to pass in an actual password instead of pre-hashing it, the client library never uses that endpoint - it should only be used for testing or when querying against a locally running service. The PwnedClient.CheckPasswordAsync method hashes passwords client-side using SHA1 before calling the /CheckPasswordHash endpoint so that the password is never sent over the wire. You can safely remove or disable the /CheckPassword endpoint without affecting applications that use the client library.

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2.0.0 127 6/27/2025
1.1.0 167 4/24/2025
1.0.0 161 4/23/2025