ASP.NET Identity 2.0:如何重新密码

时间:2017-05-20 00:14:39

标签: c# .net asp.net-mvc hash asp.net-identity-2

我正在将用户从旧版用户存储迁移到ASP.NET 5.0 Web应用程序中的ASP.NET Identity 2.0。我有一种验证遗留哈希的方法,但我想在登录时将它们升级到ASP.NET Identity 2.0哈希。

我创建了一个自定义IPasswordHasher,可以检测并验证遗留哈希值,并在适当的时间返回PasswordVerificationResult.SuccessRehashNeeded。 (如果它检测到散列不是遗留的,那么它只会进入内置的ASP.NET标识哈希验证。)

但是,返回PasswordVerificationResult.SuccessRehashNeeded似乎不会导致ASP.NET Identity实际执行任何操作。在IPasswordHasher返回此结果时,是否存在某个配置选项会导致系统重新哈希密码?

如果上面的答案是否定的,那么我建议我只是手动重新哈希并更新用户吗?我会在哪里这样做?我没有在控制器级别看到任何可以看到PasswordVerificationResult的地方。

我是ASP.NET身份的新手,所以我确信我错过了一些简单的东西。提前感谢您的任何指示。

2 个答案:

答案 0 :(得分:4)

似乎在内置用户管理器中没有实现rehashing机制。但希望你能轻松实现。考虑一下:

public class ApplicationUserManager : UserManager<ApplicationUser>
{
    protected override async Task<bool> VerifyPasswordAsync(
          IUserPasswordStore<ApplicationUser, string> store, 
          ApplicationUser user, string password)
    {
        var hash = await store.GetPasswordHashAsync(user);
        var verifyRes = PasswordHasher.VerifyHashedPassword(hash, password);

        if (verifyRes == PasswordVerificationResult.SuccessRehashNeeded)
           await store.SetPasswordHashAsync(user, PasswordHasher.HashPassword(password));

        return verifyRes != PasswordVerificationResult.Failed;
    }
}

答案 1 :(得分:0)

如果您已正确实现IPasswordHasher,则在返回PasswordVerificationResult.SuccessRehashNeeded结果时,ASP.NET Core Identity将自动为您调用HashPassword方法,成功验证用户身份并更新哈希在数据库中。

该课程看起来像这样:

public class PasswordHasherWithOldHashingSupport : IPasswordHasher<ApplicationUser>
{
    private readonly IPasswordHasher<ApplicationUser> _identityPasswordHasher;

    public PasswordHasherWithOldHashingSupport()
    {
        _identityPasswordHasher = new PasswordHasher<ApplicationUser>();
    }

    public string HashPassword(ApplicationUser user, string password)
    {
        return _identityPasswordHasher.HashPassword(user, password);
    }

    public PasswordVerificationResult VerifyHashedPassword(ApplicationUser user, string hashedPassword, string providedPassword)
    {
        var passwordVerificationResult = _identityPasswordHasher.VerifyHashedPassword(user, hashedPassword, providedPassword);

        if (passwordVerificationResult == PasswordVerificationResult.Failed)
        {
            /* Do your custom verification logic and if successful, return PasswordVerificationResult.SuccessRehashNeeded */
            passwordVerificationResult = PasswordVerificationResult.SuccessRehashNeeded;
        }

        return passwordVerificationResult;
    }
}
相关问题
最新问题