VerifyHashedPassword结果何时为SuccessRehashNeeded

Question

VerifyHashedPassword结果何时为SuccessRehashNeeded

Ruc*_*han 5 asp.net-identity asp.net-identity-2

Usermanager.VerifyHashedPassword结果PasswordVerificationResult.SuccessRehashNeeded什么时候会是？

如果出现这种结果怎么办？

使用时，VerifyHashedPassword我只能用进行检查Success。够了还是我应该检查一下Failed？

Answer 1

Bri*_*ian 7

SuccessRehashNeeded是一种在用户访问其帐户时以静默方式将现有用户密码哈希迁移到新算法的好方法。

例如，Microsoft 将其用作从 Sql 成员身份迁移到 Microsoft Identity 的开发人员的迁移指南的一部分。现有密码仍可用于登录，但一旦发生这种情况，应立即重新哈希。

有关示例，请参阅https://learn.microsoft.com/en-us/aspnet/identity/overview/migrations/migration-an-existing-website-from-sql-membership-to-aspnet-identitySuccessRehashNeeded （在页面中搜索）。

注意：您必须实现对“SuccessRehashNeeded”做出反应的逻辑并自行进行迁移。请参阅：/sf/answers/3086897901/ (2认同)

Answer 2

Ruc*_*han 6

我在github的PasswordHasher.cs 的源代码中找到了这个

public virtual PasswordVerificationResult VerifyHashedPassword(TUser user, string hashedPassword, string providedPassword)
        {
            if (hashedPassword == null)
            {
                throw new ArgumentNullException(nameof(hashedPassword));
            }
            if (providedPassword == null)
            {
                throw new ArgumentNullException(nameof(providedPassword));
            }

            byte[] decodedHashedPassword = Convert.FromBase64String(hashedPassword);

            // read the format marker from the hashed password
            if (decodedHashedPassword.Length == 0)
            {
                return PasswordVerificationResult.Failed;
            }
            switch (decodedHashedPassword[0])
            {
                case 0x00:
                    if (VerifyHashedPasswordV2(decodedHashedPassword, providedPassword))
                    {
                        // This is an old password hash format - the caller needs to rehash if we're not running in an older compat mode.
                        return (_compatibilityMode == PasswordHasherCompatibilityMode.IdentityV3)
                            ? PasswordVerificationResult.SuccessRehashNeeded
                            : PasswordVerificationResult.Success;
                    }
                    else
                    {
                        return PasswordVerificationResult.Failed;
                    }

                case 0x01:
                    int embeddedIterCount;
                    if (VerifyHashedPasswordV3(decodedHashedPassword, providedPassword, out embeddedIterCount))
                    {
                        // If this hasher was configured with a higher iteration count, change the entry now.
                        return (embeddedIterCount < _iterCount)
                            ? PasswordVerificationResult.SuccessRehashNeeded
                            : PasswordVerificationResult.Success;
                    }
                    else
                    {
                        return PasswordVerificationResult.Failed;
                    }

                default:
                    return PasswordVerificationResult.Failed; // unknown format marker
            }
        }

Run Code Online (Sandbox Code Playgroud)

似乎SuccessRehashNeeded是我们从当前Identity版本更改为另一个版本时的结果。

归档时间：	11 年，1 月前
查看次数：	2794 次
最近记录：	7 年，6 月前