Dmi*_*t3F 0 .net c# asp.net asp.net-core
我找不到禁用身份 .net 核心的自动哈希密码的方法。因为此代码会自动散列密码:
var result = await _userManager.CreateAsync(user, model.Password);
小智 5
你可以写一个覆盖的类 UserManager
public class ApplicationUserManager : UserManager<IdentityUser>
{
public ApplicationUserManager(IUserStore<IdentityUser> store)
: base(store)
{
this.PasswordHasher = new CustomPasswordHasher();
}
public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context)
{
var manager = new ApplicationUserManager(new UserStore<IdentityUser>(context.Get<ApplicationDbContext>()));
manager.PasswordHasher = new CustomPasswordHasher();
}
}
然后PasswordHasher使用继承PasswordHasher.
internal class CustomPasswordHasher : PasswordHasher
{
public override string HashPassword(string password)
{
return password;
//return Crypto.Sha1.Encrypt(password);
}
public override PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
{
//var testHash = Crypto.Sha1.Encrypt(providedPassword);
return hashedPassword.Equals(testHash) || hashedPassword.Equals(providedPassword) ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed;
}
}
最后,请记住,这样做您将失去数据库用户的安全。
由于 Asp.NET Core MVC 使用依赖注入来设置身份,您只需要创建密码散列类的替代:
public class CustomPasswordHasher : IPasswordHasher<AppUser>
{
public string HashPassword(AppUser user, string password)
{
return password;
}
public PasswordVerificationResult VerifyHashedPassword(AppUser user, string hashedPassword, string providedPassword)
{
return hashedPassword.Equals(providedPassword) ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed;
}
}
并添加:
services.AddScoped<IPasswordHasher<AppUser>, CustomPasswordHasher>();
在你的 mvc 应用 statup.cs
| 归档时间: |
|
| 查看次数: |
2887 次 |
| 最近记录: |