我正在使用ASP.NET Identity 2和Entity Framework 5(因为我们的Oracle数据提供程序不支持EF6).由于某种原因,通过UserManager.PasswordHasher.VerifyHashedPassword验证密码会导致失败.
我的UserStore类包含:
public Task SetPasswordHashAsync(IccmUser user, string passwordHash)
{
IPasswordHasher hasher = new PasswordHasher();
var t = Task.Run(() => {
user.PasswordHash = hasher.HashPassword(passwordHash);
});
return t;
}
(明显散列的)密码存储在数据库中.因此,这段代码似乎工作正常.
我的AccountController执行密码验证,如下所示:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(SignInModel model, string returnUrl)
{
if (ModelState.IsValid) {
// This fails:
//var user = await UserManager.FindAsync(model.UserName, model.Password);
// Thus: do it step by step.
PasswordVerificationResult result = PasswordVerificationResult.Failed;
// Step 1: find user.
IccmUser user = await UserManager.FindByNameAsync(model.UserName);
if (user == null) {
ModelState.AddModelError("", "Couldn't find the user.");
} else {
// Step 2: validate password
result = UserManager.PasswordHasher.VerifyHashedPassword(user.PasswordHash, model.Password);
if (result != PasswordVerificationResult.Success) {
ModelState.AddModelError("", "The password is not valid.");
} else {
// Step 3: sign-in user.
await SignInAsync(user, model.RememberMe);
return Redirect(returnUrl);
}
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
步骤2中的VerifyHashedPassword()始终返回Failed.两个参数(PasswordHash和Password)都正确传递.
我非常感谢任何指向我缺少的东西.
最佳答案 错误发生在UserStore实现中. SetPasswordHashAsync()不应该散列密码.相反,它从UserManager.CreateAsync()接收哈希密码.因此,UserStore中的以下更改可以解决问题:
public Task SetPasswordHashAsync(IccmUser user, string passwordHash)
{
return Task.FromResult(user.PasswordHash = passwordHash);
}
对不起噪音.
