如何在 java 中实现 ASP.NET Core Identity 框架的密码哈希

Question

I am working on a school project where we have an ASP.NET Core web application using Identity framework for our users (they can register and sign in) and we also have to develop a java application where we also have to register and sign in using the same user data as the ASP.NET Core application (mutual db). Our problem is that Identity hashes their passwords and to be able to sign in or register from our java application we have to compare hashes or hash the same way Identity does. I have been scanning the internet but haven't found a clear answer yet.

Now I understand ASP.NET Core Indentity v3 uses

PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations

for hashing their passwords.

My question is: what would be the best method of implementing the same hashing method in our java application? Is there a viable java library available that we can use to mimic the way Identity hashes their passwords? Or are there better approaches to solve this problem?

Answer 1

you should just try to override the IPasswordHasher<> interface in the DI of the .net core app and use the same logic in the java app, for reference you can look into this: https://andrewlock.net/migrating-passwords-in-asp-net-core-identity-with-a-custom-passwordhasher/

one thing to consider, changing the way the hashing is done will make all your existing users locked out unless you migrate them, but since this is a school project i assume that its an acceptable outcome.