如何在Asp.Net身份2中手动检查密码? [英] How to check password manually in Asp.Net identity 2?
问题描述
new PasswordHasher.HashPassword( MyString的);
现在,如果由于某种原因,我需要手动比较用户的输入和保存在数据库中的密码,当我散列用户输入的密码时,我将最有可能得到不同的字符串,而不是存储在数据库中的密码。
有人可以向我解释这个吗?不应该散列相同的字符串导致相同的散列,如果不是,Identity本身如何认识到两个不同的散列实际上是相同的? 解决方案 / div>
PasswordHasher 每次都会生成不同的哈希值,因为它使用 salting 技术。这种技术可以确保散列密码免受字典式攻击。顺便说一下,您可以使用以下代码手动验证密码:
if(PasswordHasher.VerifyHashedPassword(hashedPassword,password )
!= PasswordVerificationResult.Failed)
{
//密码正确
}
This might actually be more of a conceptual question. In Asp.Net Identity the PasswordHasher generates a different hash for the same string every time you do:
new PasswordHasher.HashPassword("myString");
Now if for some reason I need to manually compare a user's input to the password saved in the database, I will most probably get a different string when I hash the user's entered password, than the one that is stored in the database.
Can someone please explain this to me? Shouldn't hashing the same string result in the same hash and if not, how does Identity itself realize that two different hashes are in fact the same?
PasswordHasher generates different hashes each time because it uses salting technique. This technique secure the hashed password against dictionary attacks. By the way you could use following code to manually verify the password:
if(PasswordHasher.VerifyHashedPassword("hashedPassword", "password")
!= PasswordVerificationResult.Failed)
{
// password is correct
}
这篇关于如何在Asp.Net身份2中手动检查密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
