I'm developing an MVC 5 web application using Entity Framework Database First approach with an existing database .
I'm also using ASP.Net Identity for my Authorisation and Authentication, however, I'm not using the built in Entity Framework code, ie, UserManager , ApplicationUser etc instead I'm using an approach similar to this by Brock Allen.
I'm now working on Account Login and Registration and I want to hash the User password before I store it in my custom User table.
I realise I can create my own custom class which implements IPasswordHasher , however, that's where I become stuck. Below shows a mock up of how I think it should work, however, I'm not entirely sure this is even correct.
public class CustomPassword : IPasswordHasher
{
public string HashPassword(string password)
{
return password;
}
public PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
{
if (hashedPassword.Equals(providedPassword))
return PasswordVerificationResult.Success;
else return PasswordVerificationResult.Failed;
}
}
These are my questions:
Q1 :When registering a new user account and I pass the user password into the HashPassword method from my Account Controller, like this, I would like the User password hashed and returned as a string, however, I don't know what code to put into the HashPassword function to do this.
CustomPassword pwd = new CustomPassword();
String UserPassword = "test@123";
String HashedNewPassword = pwd.HashPassword(UserPassword);
Q2 :When a User then logs into the website, I would like to take their supplied password, retrieve the hashed password from the database user table, and then compare them inside the VerifyHashedPassword method, but again, I don't know what the code is to compare a hashed string against a non-hashed string.
I would greatly appreciate any advice on how to do this.
Thanks.
After creating UserManager instance, assign the passwordhasher property to your CustomPasswordHasher
UserManager<ApplicationUser> UserManager = new UserManager<ApplicationUser>(store);
UserManager.PasswordHasher = new CustomPasswordHasher(); // IPasswordHasher
Use the UserManager to find user with username and password.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.