Esempio n. 1
0
        public override PasswordVerificationResult VerifyHashedPassword(ApplicationUser user, string hashedPassword, string providedPassword)
        {
            if (hashedPassword == null)
            {
                throw new ArgumentNullException(nameof(hashedPassword));
            }
            if (providedPassword == null)
            {
                throw new ArgumentNullException(nameof(providedPassword));
            }

            // Test legacy password hashes
            #region Legacy Checks
            byte[] hashBytes = SHA384.Hash(user.UserName.ToLower(), providedPassword);
            string hash      = hashBytes.ToHex();
            if (hashedPassword == hash)
            {
                return(PasswordVerificationResult.SuccessRehashNeeded);
            }

            hash = Encoding.ASCII.GetString(hashBytes);
            if (hashedPassword == hash)
            {
                return(PasswordVerificationResult.SuccessRehashNeeded);
            }

            hash = SHA256.Hash(providedPassword, _config.Salt1, _config.Salt2);
            if (hashedPassword == hash)
            {
                return(PasswordVerificationResult.SuccessRehashNeeded);
            }
            #endregion

            // Test Latest
            return(base.VerifyHashedPassword(user, hashedPassword, providedPassword));
        }
Esempio n. 2
0
 public static string HashPassword(string key, string password)
 {
     return(SHA384.Hash(key, password).ToHex());
 }