Asp.net身份密码哈希 [英] Asp.net Identity password hashing

问题描述

新的ASP.net身份项目带来一些有益的code和接口的网站安全。要使用接口（而不是使用标准的实体框架实现包含在MVC 5模板）实现自定义系统中的 IPasswordHasher 是必需的。

在ASP.net身份

IPasswordHasher 接口

 命名空间Microsoft.AspNet.Identity
{
    公共接口IPasswordHasher
    {
         字符串HashPassword（字符串密码）;
         PasswordVerificationResult VerifyHashedPassword（字符串hashedPassword，串providedPassword）;
    }
}
 

是否有可能在ASP.net身份和通过该接口使用密码对盐更安全的加密？

解决方案

  

是否有可能用口令盐在更安全的加密
  ASP.net身份和通过此接口？

是的，接口提供了新的实施PasswordHasher已经present的核心框架。

还要注意，默认的实现已经使用盐+字节

创建自定义的 PasswordHasher （比如 MyPasswordHasher ），你可以将其分配到的UserManager实例，如<$ C $之后C> userManager.PasswordHasher =新MyPasswordHasher（）

<一个href=\"http://stackoverflow.com/questions/19530431/how-to-set-password-rules-for-asp-net-identity/19533614#19533614\">See这种IPasswordHasher 的一个例子

  

要实现使用接口（而不是使用标准的实体框架实现包含在MVC 5模板）的IPasswordHasher需要的定制系统。

有关从EF实现备用系统，
- 您应实现所有核心接口。
- 不要求IPasswordHasher实现。 PasswordHasher在核心框架已经提供了，因为它的实现。

The new ASP.net Identity project has brought some useful code and interfaces for website security. To implement a custom system using the interfaces (instead of using the standard Entity Framework implementation included in the MVC 5 template) an IPasswordHasher is required.

IPasswordHasher interface in ASP.net Identity

namespace Microsoft.AspNet.Identity
{
    public interface IPasswordHasher
    {
         string HashPassword(string password);
         PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword);
    }
}

Is it possible to use password salting for more secure encryption in ASP.net Identity and via this interface?

解决方案

"Is it possible to use password salting for more secure encryption in ASP.net Identity and via this interface?"

Yes, the interface is provided for the new implementation of PasswordHasher already present in Core framework.

Also note that the default implementation is already using Salt+Bytes.

After creating custom PasswordHasher (say MyPasswordHasher), you can assign it to UserManager instance like userManager.PasswordHasher=new MyPasswordHasher()

See one example of such IPasswordHasher

To implement a custom system using the interfaces (instead of using the standard Entity Framework implementation included in the MVC 5 template) an IPasswordHasher is required.

For implementing alternate system from EF, - You shall implement all Core interfaces. - IPasswordHasher implementation is not required. PasswordHasher is already provided in Core framework as it's implementation.

这篇关于Asp.net身份密码哈希的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！