发表新帖
发表新帖

ASP.NET Identity 2.0: How to rehash password

后端 未结
关注
2 1721
深忆病人
深忆病人 2021-01-05 05:04

I am migrating users from a legacy user store to ASP.NET Identity 2.0 in my ASP.NET 5.0 web application. I have a means of verifying legacy hashes, but I want to upgrade the

相关标签:
2条回答
  • 一整个雨季
    2021-01-05 05:13

    If you have implemented IPasswordHasher correctly, when returning a PasswordVerificationResult.SuccessRehashNeeded result, ASP.NET Core Identity will call the HashPassword method automatically for you, successfully authenticating the user and updating the hash in the database.

    The class would look something like this:

    public class PasswordHasherWithOldHashingSupport : IPasswordHasher<ApplicationUser>
{
    private readonly IPasswordHasher<ApplicationUser> _identityPasswordHasher;

    public PasswordHasherWithOldHashingSupport()
    {
        _identityPasswordHasher = new PasswordHasher<ApplicationUser>();
    }

    public string HashPassword(ApplicationUser user, string password)
    {
        return _identityPasswordHasher.HashPassword(user, password);
    }

    public PasswordVerificationResult VerifyHashedPassword(ApplicationUser user, string hashedPassword, string providedPassword)
    {
        var passwordVerificationResult = _identityPasswordHasher.VerifyHashedPassword(user, hashedPassword, providedPassword);

        if (passwordVerificationResult == PasswordVerificationResult.Failed)
        {
            /* Do your custom verification logic and if successful, return PasswordVerificationResult.SuccessRehashNeeded */
            passwordVerificationResult = PasswordVerificationResult.SuccessRehashNeeded;
        }

        return passwordVerificationResult;
    }
}
    0 讨论(0)
  • 有刺的猬
    2021-01-05 05:15

    It seems rehashing mechanism is not implemented in the built-in user manager. But hopefully you could easily implemented. consider this:

    public class ApplicationUserManager : UserManager<ApplicationUser>
{
    protected override async Task<bool> VerifyPasswordAsync(
          IUserPasswordStore<ApplicationUser, string> store, 
          ApplicationUser user, string password)
    {
        var hash = await store.GetPasswordHashAsync(user);
        var verifyRes = PasswordHasher.VerifyHashedPassword(hash, password);

        if (verifyRes == PasswordVerificationResult.SuccessRehashNeeded)
           await store.SetPasswordHashAsync(user, PasswordHasher.HashPassword(password));

        return verifyRes != PasswordVerificationResult.Failed;
    }
}
    0 讨论(0)
 看不清?
提交回复
热议问题