问题描述
新的 ASP.net Identity 项目为网站安全带来了一些有用的代码和接口.要使用接口实现自定义系统(而不是使用包含在 MVC 5 模板中的标准实体框架实现),需要 IPPasswordHasher
.
The new ASP.net Identity project has brought some useful code and interfaces for website security. To implement a custom system using the interfaces (instead of using the standard Entity Framework implementation included in the MVC 5 template) an IPasswordHasher
is required.
namespace Microsoft.AspNet.Identity
{
public interface IPasswordHasher
{
string HashPassword(string password);
PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword);
}
}
是否可以在 ASP.net Identity 中并通过此接口使用密码加盐来实现更安全的加密?
Is it possible to use password salting for more secure encryption in ASP.net Identity and via this interface?
推荐答案
是的,该接口是为 Core 框架中已经存在的 PasswordHasher 的新实现提供的.
Yes, the interface is provided for the new implementation of PasswordHasher already present in Core framework.
另请注意,默认实现已经在使用 Salt+Bytes.
Also note that the default implementation is already using Salt+Bytes.
创建自定义PasswordHasher
(比如MyPasswordHasher
)后,您可以将其分配给UserManager 实例,如userManager.PasswordHasher=new MyPasswordHasher()
After creating custom PasswordHasher
(say MyPasswordHasher
), you can assign it to UserManager instance like userManager.PasswordHasher=new MyPasswordHasher()
要使用接口实现自定义系统(而不是使用包含在 MVC 5 模板中的标准实体框架实现),需要 IPasswordHasher.
为了实现 EF 的备用系统,- 您应实现所有核心接口.- 不需要 IPasswordHasher 实现.PasswordHasher 已经在 Core 框架中提供,因为它的实现.
For implementing alternate system from EF,- You shall implement all Core interfaces.- IPasswordHasher implementation is not required. PasswordHasher is already provided in Core framework as it's implementation.
这篇关于Asp.net 身份密码散列的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!