实施 ASP.NET 不带 IUserPasswordStore 的身份 IUserLockoutStore
Implement ASP.NET Identity IUserLockoutStore without IUserPasswordStore
我有 MVC5 项目,但我没有直接访问用户数据库的权限,而是为我提供了 Web 服务,例如:
bool register (string username, string password, string email) //password is plain text
bool login (string username, string password)
我的问题是我不知道如何实现 IUserPasswordStore,因为 ASP Identity 强制我使用 Hash 而我不允许存储散列密码,因为这个 Web 服务将不仅仅由我使用.
我的UserStore.cs:
public Task<string> GetPasswordHashAsync(TUser user)
{
//I'm suppose to provide hashed password here, but since I don't have any hashed password stored, I have no idea how to implement this method
string passwordHash = userTable.GetPassword(user.Id);
return Task.FromResult<string>(passwordHash);
}
public Task<bool> HasPasswordAsync(TUser user)
{
var hasPassword = !string.IsNullOrEmpty(userTable.GetPassword(user.Id));
return Task.FromResult<bool>(Boolean.Parse(hasPassword.ToString()));
}
public Task SetPasswordHashAsync(TUser user, string passwordHash)
{
//do nothing since I don't need to hash the password
return Task.FromResult<Object>(null);
}
并且我被告知不要因此实施 IUserPasswordStore,而只是在 SignInManager 中使用 SignInAsync 或覆盖 PasswordSignInAsync,这工作正常但是我 运行 遇到另一个问题,我需要锁定用户,如果他们多次登录尝试失败,如果不实施 IUserPasswordStore 就无法实施 IUserLockoutStore。
找到答案:我创建了一个新的 class 来实现 IPasswordHasher ...
public class CustomPasswordHasher : IPasswordHasher
{
public string HashPassword(string password)
{
return password; //return password as is
}
public PasswordVerificationResult VerifyHashedPassword(
string hashedPassword,
string providedPassword)
{
if (hashedPassword.Equals(providedPassword)) {
return PasswordVerificationResult.Success;
}
return PasswordVerificationResult.Failed;
}
}
...并在IdentityConfig中注册:
manager.PasswordHasher = new CustomPasswordHasher();
我有 MVC5 项目,但我没有直接访问用户数据库的权限,而是为我提供了 Web 服务,例如:
bool register (string username, string password, string email) //password is plain text
bool login (string username, string password)
我的问题是我不知道如何实现 IUserPasswordStore,因为 ASP Identity 强制我使用 Hash 而我不允许存储散列密码,因为这个 Web 服务将不仅仅由我使用.
我的UserStore.cs:
public Task<string> GetPasswordHashAsync(TUser user)
{
//I'm suppose to provide hashed password here, but since I don't have any hashed password stored, I have no idea how to implement this method
string passwordHash = userTable.GetPassword(user.Id);
return Task.FromResult<string>(passwordHash);
}
public Task<bool> HasPasswordAsync(TUser user)
{
var hasPassword = !string.IsNullOrEmpty(userTable.GetPassword(user.Id));
return Task.FromResult<bool>(Boolean.Parse(hasPassword.ToString()));
}
public Task SetPasswordHashAsync(TUser user, string passwordHash)
{
//do nothing since I don't need to hash the password
return Task.FromResult<Object>(null);
}
并且我被告知不要因此实施 IUserPasswordStore,而只是在 SignInManager 中使用 SignInAsync 或覆盖 PasswordSignInAsync,这工作正常但是我 运行 遇到另一个问题,我需要锁定用户,如果他们多次登录尝试失败,如果不实施 IUserPasswordStore 就无法实施 IUserLockoutStore。
找到答案:我创建了一个新的 class 来实现 IPasswordHasher ...
public class CustomPasswordHasher : IPasswordHasher
{
public string HashPassword(string password)
{
return password; //return password as is
}
public PasswordVerificationResult VerifyHashedPassword(
string hashedPassword,
string providedPassword)
{
if (hashedPassword.Equals(providedPassword)) {
return PasswordVerificationResult.Success;
}
return PasswordVerificationResult.Failed;
}
}
...并在IdentityConfig中注册:
manager.PasswordHasher = new CustomPasswordHasher();