我有MVC5项目而且我没有直接访问用户数据库,而是提供了Web服务,例如:
bool register (string username, string password, string email) //password is plain text
bool login (string username, string password)
我的问题是我不知道如何实现IUserPasswordStore,因为ASP身份迫使我使用哈希,而我不允许存储哈希密码,因为这个Web服务不仅仅会被我使用。
我的UserStore.cs:
public Task<string> GetPasswordHashAsync(TUser user)
{
//I'm suppose to provide hashed password here, but since I don't have any hashed password stored, I have no idea how to implement this method
string passwordHash = userTable.GetPassword(user.Id);
return Task.FromResult<string>(passwordHash);
}
public Task<bool> HasPasswordAsync(TUser user)
{
var hasPassword = !string.IsNullOrEmpty(userTable.GetPassword(user.Id));
return Task.FromResult<bool>(Boolean.Parse(hasPassword.ToString()));
}
public Task SetPasswordHashAsync(TUser user, string passwordHash)
{
//do nothing since I don't need to hash the password
return Task.FromResult<Object>(null);
}
我被告知不要实现IUserPasswordStore因为这个并且只使用SignInAsync或覆盖SignInManager中的PasswordSignInAsync,这工作正常然而我遇到另一个问题,如果他们多次登录尝试失败,我需要锁定用户没有实现IUserPasswordStore,就无法实现IUserLockoutStore。
答案 0 :(得分:0)
找到答案:我创建了一个实现IPasswordHasher ...
public class CustomPasswordHasher : IPasswordHasher
{
public string HashPassword(string password)
{
return password; //return password as is
}
public PasswordVerificationResult VerifyHashedPassword(
string hashedPassword,
string providedPassword)
{
if (hashedPassword.Equals(providedPassword)) {
return PasswordVerificationResult.Success;
}
return PasswordVerificationResult.Failed;
}
}
...并在IdentityConfig注册:
manager.PasswordHasher = new CustomPasswordHasher();