I'm developing an MVC 5 web application using Entity Framework Database First approach with an existing database.
I'm also using ASP.Net Identity for my Authorisation and Authentication, however, I'm not using the built in Entity Framework code, i.e., UserManager, ApplicationUser etc instead I'm using an approach similar to this by Brock Allen.
I'm now working on Account Login and Registration and I want to hash the User password before I store it in my custom User table.
I realise I can create my own custom class which implements IPasswordHasher, however, that's where I become stuck. Below shows a mock up of how I think it should work, however, I'm not entirely sure this is even correct.
public class CustomPassword : IPasswordHasher
{
public string HashPassword(string password)
{
return password;
}
public PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
{
if (hashedPassword.Equals(providedPassword))
return PasswordVerificationResult.Success;
else return PasswordVerificationResult.Failed;
}
}
These are my questions:
Q1:When registering a new user account and I pass the user password into the HashPassword method from my Account Controller, like this, I would like the User password hashed and returned as a string, however, I don't know what code to put into the HashPassword function to do this.
CustomPassword pwd = new CustomPassword();
String UserPassword = "test@123";
String HashedNewPassword = pwd.HashPassword(UserPassword);
Q2:When a User then logs into the website, I would like to take their supplied password, retrieve the hashed password from the database user table, and then compare them inside the VerifyHashedPassword method, but again, I don't know what the code is to compare a hashed string against a non-hashed string.
I would greatly appreciate any advice on how to do this.
Thanks.
After creating UserManager instance, assign the passwordhasher property to your CustomPasswordHasher
UserManager<ApplicationUser> UserManager = new UserManager<ApplicationUser>(store);
UserManager.PasswordHasher = new CustomPasswordHasher(); // IPasswordHasher
Use the UserManager to find user with username and password.