How to check password manually in Asp.Net identity

2019-04-27 02:59发布

This might actually be more of a conceptual question. In Asp.Net Identity the PasswordHasher generates a different hash for the same string every time you do:

new PasswordHasher.HashPassword("myString");

Now if for some reason I need to manually compare a user's input to the password saved in the database, I will most probably get a different string when I hash the user's entered password, than the one that is stored in the database.

Can someone please explain this to me? Shouldn't hashing the same string result in the same hash and if not, how does Identity itself realize that two different hashes are in fact the same?

标签： asp.net hash asp.net-identity asp.net-identity-2 password-encryption

2条回答

兄弟一词,经得起流年.

2楼-- · 2019-04-27 03:33

var user = _userManager.Users.SingleOrDefault(p => p.PhoneNumber == model.PhoneNumber);
            if (user == null)
            {
                return RedirectToAction(nameof(Login));
            }

            var result1 = _userManager.PasswordHasher.VerifyHashedPassword(user, user.PasswordHash, model.Password);
            if (result1 != PasswordVerificationResult.Success)
            {
                ModelState.AddModelError(string.Empty, "Invalid login attempt.");
                return View(model);
            }

0人赞添加讨论(0) 举报

别忘想泡老子

3楼-- · 2019-04-27 03:39

PasswordHasher generates different hashes each time because it uses salting technique. This technique secure the hashed password against dictionary attacks. By the way you could use following code to manually verify the password:

if(PasswordHasher.VerifyHashedPassword("hashedPassword", "password") 
    != PasswordVerificationResult.Failed)
{
    // password is correct 
}

0人赞添加讨论(0) 举报

How to check password manually in Asp.Net identity

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间