public override PasswordVerificationResult VerifyHashedPassword(ApplicationUser user, string hashedPassword, string providedPassword)
{
if (hashedPassword == null)
{
throw new ArgumentNullException(nameof(hashedPassword));
}
if (providedPassword == null)
{
throw new ArgumentNullException(nameof(providedPassword));
}
// Test legacy password hashes
#region Legacy Checks
byte[] hashBytes = SHA384.Hash(user.UserName.ToLower(), providedPassword);
string hash = hashBytes.ToHex();
if (hashedPassword == hash)
{
return(PasswordVerificationResult.SuccessRehashNeeded);
}
hash = Encoding.ASCII.GetString(hashBytes);
if (hashedPassword == hash)
{
return(PasswordVerificationResult.SuccessRehashNeeded);
}
hash = SHA256.Hash(providedPassword, _config.Salt1, _config.Salt2);
if (hashedPassword == hash)
{
return(PasswordVerificationResult.SuccessRehashNeeded);
}
#endregion
// Test Latest
return(base.VerifyHashedPassword(user, hashedPassword, providedPassword));
}
public static string HashPassword(string key, string password)
{
return(SHA384.Hash(key, password).ToHex());
}