protected virtual async Task <bool> VerifyPasswordAsync(IUserPasswordStore <ApplicationUser, Guid> store, ApplicationUser user, string password) { var hash = await store.GetPasswordHashAsync(user).WithCurrentCulture(); return(PasswordHasher.VerifyHashedPassword(hash, password) != PasswordVerificationResult.Failed); }
protected override async Task <bool> VerifyPasswordAsync(IUserPasswordStore <User, int> store, User user, string password) { var hash = await store.GetPasswordHashAsync(user); return(hash == password); }
protected async override Task <bool> VerifyPasswordAsync(IUserPasswordStore <AppUser, int> store, AppUser user, string password) { //base.VerifyPasswordAsync 使用的是 Rfc2898DeriveBytes 密码, //而这里传入的 password , 即上面的 CheckPasswordAsync 密码,未加密 //return await base.VerifyPasswordAsync(store, user, password); var hash = await store.GetPasswordHashAsync(user); return(string.Equals(hash, password)); }
protected virtual async Task <PasswordVerificationResult> VerifyPasswordAsync(IUserPasswordStore <TUser> store, TUser user, string password) { string hash = await store.GetPasswordHashAsync(user, CancellationToken); if (hash == null) { return(PasswordVerificationResult.Failed); } return(PasswordHasher.VerifyHashedPassword(user, hash, password)); }
protected override async Task <bool> VerifyPasswordAsync( IUserPasswordStore <ApplicationUser, string> store, ApplicationUser user, string password) { var hash = await store.GetPasswordHashAsync(user); var verifyRes = PasswordHasher.VerifyHashedPassword(hash, password); if (verifyRes == PasswordVerificationResult.SuccessRehashNeeded) { await store.SetPasswordHashAsync(user, PasswordHasher.HashPassword(password)); } return(verifyRes != PasswordVerificationResult.Failed); }
public void GetPasswordHashAsync() { var user = new UserModel() { Id = Guid.NewGuid().ToString() }; repository.Setup(x => x.GetString(It.IsAny <string>(), It.IsAny <CancellationToken>(), It.IsAny <(string, object)[]>())).ReturnsAsync("test").Verifiable(); var task = userStore.GetPasswordHashAsync(user, cancellationTokenSource.Token); task.Wait(); Assert.AreEqual(task.Result, "test"); repository.Verify(); repository.VerifyNoOtherCalls(); }
protected override async Task <bool> VerifyPasswordAsync(IUserPasswordStore <CustomUser, int> store, CustomUser user, string password) { var hash = await store.GetPasswordHashAsync(user).WithCurrentCulture(); var pwdResult = PasswordHasher.VerifyHashedPassword(hash, password); if (pwdResult == PasswordVerificationResult.SuccessRehashNeeded) { var newHashedPwd = PasswordHasher.HashPassword(password); await store.SetPasswordHashAsync(user, newHashedPwd); await store.UpdateAsync(user); } return(pwdResult != PasswordVerificationResult.Failed); }
public void GetPasswordHashAsyncProcExists() { try { var userModel = new UserModel() { Id = Guid.NewGuid().ToString(), UserName = It.IsAny <string>(), NormalizedUserName = It.IsAny <string>(), PasswordHash = It.IsAny <string>(), IsActive = true, }; userStoreMethodLookup.GetPasswordHashAsync(userModel, cancellationTokenSource.Token).Wait(); } catch { Assert.Fail(); } }
protected override async Task <PasswordVerificationResult> VerifyPasswordAsync(IUserPasswordStore <IdentityUser> store, IdentityUser user, string password) { string existingHash; if (user != null) { existingHash = await store.GetPasswordHashAsync(user, CancellationToken); } else { existingHash = "not a real hash"; } if (existingHash == null) { return(PasswordVerificationResult.Failed); } return(PasswordHasher.VerifyHashedPassword(user, existingHash, password)); }
/// <summary> /// 验证密码 /// </summary> /// <param name="store"></param> /// <param name="user"></param> /// <param name="password"></param> /// <returns></returns> protected override async Task <PasswordVerificationResult> VerifyPasswordAsync(IUserPasswordStore <ApplicationUser> store, ApplicationUser user, string password) { string text = await store.GetPasswordHashAsync(user, CancellationToken); if (text == null) { return(PasswordVerificationResult.Failed); } if (text.Equals(password.MD5())) { return(PasswordVerificationResult.Success); } Logger.LogWarning("密码不正确"); throw new ApiException(402, "密码不正确"); // return PasswordVerificationResult.Failed; }
protected async override Task <bool> VerifyPasswordAsync(IUserPasswordStore <MolUser, int> store, MolUser user, string password) { var hash = await store.GetPasswordHashAsync(user).ConfigureAwait(false); if (this.PasswordHasher.VerifyHashedPassword(hash, password) == PasswordVerificationResult.SuccessRehashNeeded) { // Make our new hash hash = PasswordHasher.HashPassword(password); // Save it to the DB await store.SetPasswordHashAsync(user, hash).ConfigureAwait(false); // Invoke internal method to upgrade the security stamp BindingFlags bindingFlags = BindingFlags.Instance | BindingFlags.NonPublic; MethodInfo minfo = typeof(UserManager <MolUser, int>).GetMethod("UpdateSecurityStampInternal", bindingFlags); var updateSecurityStampInternalTask = (Task)minfo.Invoke(this, new[] { user }); await updateSecurityStampInternalTask.ConfigureAwait(false); // Update user await UpdateAsync(user).ConfigureAwait(false); } return(PasswordHasher.VerifyHashedPassword(hash, password) != PasswordVerificationResult.Failed); }
/// <summary> /// Same as <see cref="VerifyPasswordAsync(IUserPasswordStore{ApplicationUser, string}, ApplicationUser, string)"/> but the <paramref name="password"/> is the hashed password. /// </summary> /// <param name="store"></param> /// <param name="user"></param> /// <param name="password"></param> /// <returns></returns> protected virtual async Task <bool> VerifyHashedPasswordAsync(IUserPasswordStore <ApplicationUser, string> store, ApplicationUser user, string password) { string hashedPassword = await store.GetPasswordHashAsync(user).WithCurrentCulture(); return(((DataSecurity)PasswordHasher).VerifyUnHashedPassword(hashedPassword, password) != PasswordVerificationResult.Failed); }
public async Task <LoginResultModel> Login(LoginModel model) { var errors = new Dictionary <string, string>(); var user = await _userPasswordStore.FindByNameAsync(model.UserName, new CancellationToken()); if (user != null) { var password = await _userPasswordStore.GetPasswordHashAsync(user, new CancellationToken()); if (_passwordHasher.VerifyHashedPassword(user, password, model.UserName.ToLower() + model.Password) == PasswordVerificationResult.Success) { var clientId = Guid.NewGuid().ToString(); var loginResult = new LoginResultModel { Succeeded = true, Errors = null, LoginedUser = new LoginUserInfo() { UserName = user.UserName, UserId = user.UserId.ToString(), Roles = user.Roles, Title = user.Title } }; var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_config.Secret); var claims = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, loginResult.LoginedUser.UserName), new Claim("UserId", loginResult.LoginedUser.UserId), new Claim("ClientId", clientId) }); if (loginResult.LoginedUser.Roles != null) { claims.AddClaims(loginResult.LoginedUser.Roles.Select(role => new Claim(ClaimTypes.Role, role.ToString()))); } var tokenDescriptor = new SecurityTokenDescriptor { Subject = claims, Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); loginResult.Token = tokenHandler.WriteToken(token); return(loginResult); } else { errors.Add("INVALID_LOGIN", "INVALID_LOGIN"); } } else { errors.Add("INVALID_LOGIN", "INVALID_LOGIN"); } return(new LoginResultModel { Succeeded = false, Errors = errors, LoginedUser = null }); }