stackoom
  简体   繁体   中英

ASP.Net Identity Manual Password Hashing

 原文  2014-02-03 14:52:50       c#/ asp.net-mvc-5/ password-protection/ asp.net-identity

Question

I'm developing an MVC 5 web application using Entity Framework Database First approach with an existing database .

I'm also using ASP.Net Identity for my Authorisation and Authentication, however, I'm not using the built in Entity Framework code, ie, UserManager , ApplicationUser etc instead I'm using an approach similar to this by Brock Allen.

http://brockallen.com/2013/10/24/a-primer-on-owin-cookie-authentication-middleware-for-the-asp-net-developer/

I'm now working on Account Login and Registration and I want to hash the User password before I store it in my custom User table.

I realise I can create my own custom class which implements IPasswordHasher , however, that's where I become stuck. Below shows a mock up of how I think it should work, however, I'm not entirely sure this is even correct. 

public class CustomPassword : IPasswordHasher
{
    public string HashPassword(string password)
    {
        return password;
    }

    public PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
    {
        if (hashedPassword.Equals(providedPassword))
            return PasswordVerificationResult.Success;
        else return PasswordVerificationResult.Failed;
    }
}

These are my questions:

Q1 :When registering a new user account and I pass the user password into the HashPassword method from my Account Controller, like this, I would like the User password hashed and returned as a string, however, I don't know what code to put into the HashPassword function to do this. 

CustomPassword pwd = new CustomPassword();
String UserPassword = "test@123";
String HashedNewPassword = pwd.HashPassword(UserPassword);

Q2 :When a User then logs into the website, I would like to take their supplied password, retrieve the hashed password from the database user table, and then compare them inside the VerifyHashedPassword method, but again, I don't know what the code is to compare a hashed string against a non-hashed string.

I would greatly appreciate any advice on how to do this.

Thanks.

1 answers

solution1
 22  2014-02-05 10:09:22

After creating UserManager instance, assign the passwordhasher property to your CustomPasswordHasher 

UserManager<ApplicationUser> UserManager = new UserManager<ApplicationUser>(store);
UserManager.PasswordHasher = new CustomPasswordHasher(); // IPasswordHasher

Use the UserManager to find user with username and password.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is Asp.net identity hashing Secured? Hashing method used in ASP.NET Identity ASP.NET Identity - custom hashing ASP.NET Identity's way of hashing password Compared to Crypto.HashPassword ASP.Net MVC Identity Forgotten Password ASP.NET Identity : Generate random password ASP.Net Identity - cannot login with password Asp.net Identity 2.0 temporary password Validation of asp.net identity password ASP.NET MVC Identity password RequiredLength
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM