ASP.NET Identity 2.0: How to rehash password

后端未结

关注

 2  1722

深忆病人 2021-01-05 05:04

I am migrating users from a legacy user store to ASP.NET Identity 2.0 in my ASP.NET 5.0 web application. I have a means of verifying legacy hashes, but I want to upgrade the

2条回答

一整个雨季 (楼主)

2021-01-05 05:13

If you have implemented IPasswordHasher correctly, when returning a PasswordVerificationResult.SuccessRehashNeeded result, ASP.NET Core Identity will call the HashPassword method automatically for you, successfully authenticating the user and updating the hash in the database.

The class would look something like this:

public class PasswordHasherWithOldHashingSupport : IPasswordHasher
{
    private readonly IPasswordHasher _identityPasswordHasher;

    public PasswordHasherWithOldHashingSupport()
    {
        _identityPasswordHasher = new PasswordHasher();
    }

    public string HashPassword(ApplicationUser user, string password)
    {
        return _identityPasswordHasher.HashPassword(user, password);
    }

    public PasswordVerificationResult VerifyHashedPassword(ApplicationUser user, string hashedPassword, string providedPassword)
    {
        var passwordVerificationResult = _identityPasswordHasher.VerifyHashedPassword(user, hashedPassword, providedPassword);

        if (passwordVerificationResult == PasswordVerificationResult.Failed)
        {
            /* Do your custom verification logic and if successful, return PasswordVerificationResult.SuccessRehashNeeded */
            passwordVerificationResult = PasswordVerificationResult.SuccessRehashNeeded;
        }

        return passwordVerificationResult;
    }
}

0 讨论(0)

查看其它2个回答