password History for Identity Core

ぐ巨炮叔叔 提交于 2021-02-04 16:28:05

问题


is there any default implementation for password history? i'm trying to implement that feature on my project with identity so i have added password history table which contain password hashes. when user change password usermanager generate hash for password.

var passwordHash = _userManager.PasswordHasher.HashPassword(user, newPassword);

if this hash does not inserted in password history table it allow to change password otherwise return error

but the problem is each time when generating hash for the specific password it generate random hashes which cannot be compare also

var passwordHash = _userManager.PasswordHasher.HashPassword(user, newPassword);

hash differ from

_userManager.ResetPasswordAsync(user, request.Token, password);

generated password hash.

May be i'm trying to do this in wrong way. what was the mistake i have done implementing password history?

thanks


回答1:


Different hashes every time - it's how default implementation IPasswordHasher works. Look at this answer for more details: https://stackoverflow.com/a/20622428/6104621.

So, for your implementation password history you can either implement IPasswordHasher or just verify new password with all stored passwords hashes using method PasswordVerificationResult VerifyHashedPassword(TUser user, string hashedPassword, string providedPassword);

Just for example:

var passAlreadyExist = user.UserHistory
                .Select(h => h.PasswordHash)
                .Distinct()
                .Any(hash =>
                {
                    var res = manager.PasswordHasher.VerifyHashedPassword(user, hash, password);
                    return res == PasswordVerificationResult.Success;
                });

where UserHistory - it's custom table with some user info like password, email, name...



来源:https://stackoverflow.com/questions/48783202/password-history-for-identity-core

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!