散列用户密码 - 身份服务器
[英]Hashing user password - Identity Server
问题描述
I'm currently working with Identity Server 4, at present when the user logs in I need to hash their provided password and then compare with the password stored in the database (also hashed)
我目前正在使用 Identity Server 4,目前当用户登录时,我需要 hash 他们提供的密码,然后与存储在数据库中的密码进行比较(也散列)
After some searching, I was linked to the PasswordHasher within Identity Server to handle this:经过一番搜索,我被链接到 Identity Server 中的PasswordHasher来处理这个问题:
var _hasher = new PasswordHasher<User>();
var hashpassword = _hasher.HashPassword(user, context.Password);
User is my custom class that inherits from IdentityUser , however, when checking the hashed password against the one in the database the hash is completely different, I have double checked the password and I can confirm it's correct. User是我的自定义 class 继承自IdentityUser ,但是,当检查散列密码与数据库中的密码 hash 完全不同时,我已经仔细检查了密码,我可以确认它是正确的。
Can anyone suggest why I maybe seeing a different hash compared to the one in the database?谁能建议为什么我可能会看到与数据库中的 hash 不同的 hash?
1 个解决方案
解决方案1
1 已采纳 2022-01-11 02:13:11
Each time you hash a password with PasswordHasher<T>.HashPassword you will get a total different result because of the salt .每次 hash 使用PasswordHasher<T>.HashPassword的密码时,由于salt ,您将得到完全不同的结果。
To verify such hashed salted passwords use the given method IPasswordHasher<T>.VerifyPassword .要验证这种散列加盐密码,请使用给定的方法IPasswordHasher<T>.VerifyPassword 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.