PasswordHasher方法使用的用户参数是什么？ [英] What's the user parameter to PasswordHasher's methods used for?

问题描述

在Identity的非核心版本中， PasswordHasher 是非通用类型。它的 HashPassword 方法采用一个参数（用于哈希的密码），而它的 VerifyHashedPassword 方法仅采用两个参数（密码 HashPassword 之前生成的哈希值，以及提供的密码进行验证。这很好，因为这意味着我可以使用 PasswordHasher 而无需全力以赴并使用整个Identity框架。

In the non-Core version of Identity, PasswordHasher is a non-generic type. Its HashPassword method takes a single argument (the password to hash), and its VerifyHashedPassword method takes only two (the password hash generated previously by HashPassword, and the provided password to verify. This is great, because it means that I can use PasswordHasher without going all-in and using the whole Identity framework.

在 Microsoft.AspNetCore.Identity 中，另一方面， PasswordHasher< TUser> 现在是通用类，并且 HashPassword 和 VerifyHashedPassword 方法除了以前存在的参数外，还包含一个 user 参数，这对我来说意义不大，为什么要对密码进行哈希处理或验证哈希需要用户对象？它是做什么用的？

In Microsoft.AspNetCore.Identity, on the other hand, PasswordHasher<TUser> is now a generic class, and the HashPassword and VerifyHashedPassword methods take a user parameter in addition to the parameters that existed previously. This doesn't make much sense to me. Why does either hashing a password or verifying a hash require the user object? What's it used for?

推荐答案

没什么。我们可以在 https：的源中看到： //github.com/aspnet/Identity/blob/dev/src/Microsoft.Extensions.Identity.Core/PasswordHasher.cs 都不是类型参数 TUser 甚至根本没有使用过该类方法的任何 user 参数。

Nothing. We can see in the source at https://github.com/aspnet/Identity/blob/dev/src/Microsoft.Extensions.Identity.Core/PasswordHasher.cs that neither the type parameter TUser nor any of the user parameters to the class's methods are ever used, at all.

我想在 IPasswordHasher< TUser> 接口用于允许要做依赖于用户的特定于应用程序的子类。例如，我可以想象这样一种情况，在两个具有不同用户群的应用程序合并之后，一个应用程序最终不得不处理使用不同算法对密码进行哈希处理的用户。然后在用户模型上存储类似 PasswordFormat 字段的内容，将允许自定义 IPasswordHasher< TUser> 选择哪种哈希算法根据用户使用。

I'd guess that the idea of having these parameters on the IPasswordHasher<TUser> interface is to permit application-specific subclasses that do depend upon the user. For instance, I can imagine a situation where after a merger of two applications with different userbases, an application ends up having to deal with users whose passwords were hashed using different algorithms. Storing something like a PasswordFormat field on the user model would then allow a custom IPasswordHasher<TUser> to select which hashing algorithm to use based upon the user.

这篇关于PasswordHasher方法使用的用户参数是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！