Login page and password hash

Hi,

I'm using the following codebehind file to register a new user:

Imports Microsoft.AspNet.Identity
Imports Microsoft.AspNet.Identity.EntityFramework
Imports System
Imports System.Linq

Namespace WebFormsIdentity

    Public Class Register
        Inherits System.Web.UI.Page

        Protected Sub CreateUser_Click(ByVal sender As Object, ByVal e As EventArgs)
            ' Default UserStore constructor uses the default connection string named: DefaultConnection
            Dim userStore = New UserStore(Of IdentityUser)
            Dim manager = New UserManager(Of IdentityUser)(userStore)
            Dim user = New IdentityUser
            user.UserName = UserName.Text
            Dim result As IdentityResult = manager.Create(user, Password.Text)
            If result.Succeeded Then
                StatusMessage.Text = String.Format("User {0} was created successfully!", user.UserName)
            Else
                StatusMessage.Text = result.Errors.FirstOrDefault
            End If

        End Sub
    End Class
End Namespace

It creates a new user and stores it in the AspNetUsers table. The password is automatically hashed and stored for the user.

The problem I'm having is that I also have a login page, which compares the username and password against the values stored in AspNetUsers. Is there not a built in method to also automatically hash the password entered on the login page for comparison with the value stored in the database? My login page submits the plain text of the username and password exactly as entered by the user. I would have thought there is a method similar to the one used for the register page? For testing purposes, when logging in I have to enter the username and then copy the hashed password from the database, pasting it into the password field on the login page just so I can log in the user.

The following code is the login codebehind file:

Imports System.Data.SqlClient
Imports System.Web.Security
Public Class Login
    Inherits System.Web.UI.Page

    Protected Sub ValidateUser(sender As Object, e As EventArgs)
        Dim userId As Integer = 0
        Dim constr As String = ConfigurationManager.ConnectionStrings("testConnectionString").ConnectionString
        Using con As New SqlConnection(constr)
            Using cmd As New SqlCommand("Validate_User")
                cmd.CommandType = CommandType.StoredProcedure
                cmd.Parameters.AddWithValue("@Username", Login1.UserName)
                cmd.Parameters.AddWithValue("@Password", Login1.Password)
                cmd.Connection = con
                con.Open()
                userId = Convert.ToInt32(cmd.ExecuteScalar())
                con.Close()
            End Using
            Select Case userId
                Case -1
                    Login1.FailureText = "Username and/or password is incorrect."
                    Exit Select
                Case -2
                    Login1.FailureText = "Account has not been activated."
                    Exit Select
                Case Else
                    FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet)
                    Exit Select
            End Select
        End Using
    End Sub
End Class