What's the user parameter to PasswordHasher

2019-07-27 10:25发布

站内问答 / C#
361 1 6

In the non-Core version of Identity, PasswordHasher is a non-generic type. Its HashPassword method takes a single argument (the password to hash), and its VerifyHashedPassword method takes only two (the password hash generated previously by HashPassword, and the provided password to verify. This is great, because it means that I can use PasswordHasher without going all-in and using the whole Identity framework.

In Microsoft.AspNetCore.Identity, on the other hand, PasswordHasher<TUser> is now a generic class, and the HashPassword and VerifyHashedPassword methods take a user parameter in addition to the parameters that existed previously. This doesn't make much sense to me. Why does either hashing a password or verifying a hash require the user object? What's it used for?

1条回答
贼婆χ
2楼-- · 2019-07-27 10:48

Nothing. We can see in the source at https://github.com/aspnet/Identity/blob/dev/src/Microsoft.Extensions.Identity.Core/PasswordHasher.cs that neither the type parameter TUser nor any of the user parameters to the class's methods are ever used, at all.

I'd guess that the idea of having these parameters on the IPasswordHasher<TUser> interface is to permit application-specific subclasses that do depend upon the user. For instance, I can imagine a situation where after a merger of two applications with different userbases, an application ends up having to deal with users whose passwords were hashed using different algorithms. Storing something like a PasswordFormat field on the user model would then allow a custom IPasswordHasher<TUser> to select which hashing algorithm to use based upon the user.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)