Identity Core的密码历史记录 [英] password History for Identity Core

问题描述

密码历史记录是否有任何默认实现?我试图以身份在我的项目上实现该功能，所以我添加了包含密码哈希的密码历史表.当用户更改密码时，usermanager会为密码生成哈希.

is there any default implementation for password history? i'm trying to implement that feature on my project with identity so i have added password history table which contain password hashes. when user change password usermanager generate hash for password.

var passwordHash = _userManager.PasswordHasher.HashPassword(user，newPassword);

如果此哈希未插入密码历史记录表中，则允许更改密码，否则返回错误

if this hash does not inserted in password history table it allow to change password otherwise return error

但是问题是每次为特定密码生成哈希时，它都会生成随机哈希，这些哈希也无法进行比较

but the problem is each time when generating hash for the specific password it generate random hashes which cannot be compare also

var passwordHash = _userManager.PasswordHasher.HashPassword(user，newPassword);

哈希与

_userManager.ResetPasswordAsync(user，request.Token，password);

生成的密码哈希.

可能是我正在尝试以错误的方式执行此操作.我实施密码历史记录时犯了什么错误?

May be i'm trying to do this in wrong way. what was the mistake i have done implementing password history?

谢谢

推荐答案

每次都有不同的哈希值-这是默认实现 IPasswordHasher 的工作方式.请查看此答案以获取更多详细信息: https://stackoverflow.com/a/20622428/6104621 .

Different hashes every time - it's how default implementation IPasswordHasher works. Look at this answer for more details: https://stackoverflow.com/a/20622428/6104621.

因此，对于您的实现密码历史记录，您可以实现 IPasswordHasher ，也可以使用方法 PasswordVerificationResult VerifyHashedPassword(TUser用户，字符串hashedPassword，字符串provideredPassword)来验证所有存储的密码哈希中的新密码.

So, for your implementation password history you can either implement IPasswordHasher or just verify new password with all stored passwords hashes using method PasswordVerificationResult VerifyHashedPassword(TUser user, string hashedPassword, string providedPassword);

例如:

var passAlreadyExist = user.UserHistory
                .Select(h => h.PasswordHash)
                .Distinct()
                .Any(hash =>
                {
                    var res = manager.PasswordHasher.VerifyHashedPassword(user, hash, password);
                    return res == PasswordVerificationResult.Success;
                });

其中 UserHistory -这是自定义表，其中包含一些用户信息，例如密码，电子邮件，名称 ...

where UserHistory - it's custom table with some user info like password, email, name...

这篇关于Identity Core的密码历史记录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！