Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sasha Pleshakov2016-10-10 19:12:10
ASP.NET
Sasha Pleshakov, 2016-10-10 19:12:10

How are passwords encrypted in ASP.NET MVC?

Created a method in the ApplicationUserManager class to search the database by email and password, because FindAsync searches by name and password, but it seems to me that ASP.NET Identity has a different hashing method (I use Crypto.HashPassword), because the method I use produces a different hash.

public async Task<ApplicationUser> FindByEmailAndPasswordAsync(string email, string password)
{
    ThrowIfDisposed();
    var passwordHash = Crypto.HashPassword(password);
    ApplicationUser user;
    using(var db = new ApplicationDbContext())
    {
        user = await db.Users.Where(u => u.Email == email && u.PasswordHash == passwordHash).FirstOrDefaultAsync();
    }
    if(user == null)
    {
        return null;
    }
    return user;
}

Moved to Login controller
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
    if (ModelState.IsValid)
    {
        PasswordHasher ph = new PasswordHasher();
        var passwordHash = ph.HashPassword(model.Password);
        ApplicationUser user;
        using (var db = new ApplicationDbContext())
        {
            user = await db.Users.Where(u => u.Email == model.Email && u.PasswordHash == passwordHash).FirstOrDefaultAsync();
        }
        if (user != null)
        {
        //дальше идет код контроллера, который создается автоматически

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
#
#algooptimize #bottize, 2016-10-10
@mnepoh

asp net identity
usermanager

protected virtual async Task<bool> VerifyPasswordAsync(IUserPasswordStore<TUser, TKey> store, TUser user, string password)
    {
      string hash = await store.GetPasswordHashAsync(user).WithCurrentCulture<string>();
      return this.PasswordHasher.VerifyHashedPassword(hash, password) != PasswordVerificationResult.Failed;
    }


 public virtual async Task<bool> CheckPasswordAsync(TUser user, string password)
    {
      this.ThrowIfDisposed();
      IUserPasswordStore<TUser, TKey> passwordStore = this.GetPasswordStore();
      if ((object) user == null)
        return false;
      return await this.VerifyPasswordAsync(passwordStore, user, password).WithCurrentCulture<bool>();
    }

I see no reason to duplicate the code, you can just use usermanager.

Similar questions
M
Max Trophy2016-10-11 22:50:40
Login failed on a site on ASP + MS SQL Server? 1Reply
A
Alexey Lebedev2014-10-14 10:50:39
ASP.NET Webcache or SQL which is better? 1Reply
D
Delakey Blackhole2020-12-03 14:18:11
How to synchronize http request models in C# and TS? 1Reply
A
Andrey Plax2014-10-21 16:11:11
ASP.Net or ASP.Net MVC? 6Reply
T
termitik2019-03-21 06:01:08
How to use ASP.NET databases? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question