问题描述
我有MVC5项目,我没有,而不是我提供的Web服务的用户直接访问数据库,例如:
I have MVC5 project and I don't have direct access to user database instead I was provided with web services, for example:
bool register (string username, string password, string email) //password is plain text
bool login (string username, string password)
我的问题是,我不知道如何实现IUserPasswordStore因为ASP身份强迫我用哈希,而我不能存储哈希密码,因为这Web服务将不只是我使用。
My problem is that I have no idea how to implement IUserPasswordStore because ASP Identity force me to use Hash while I'm not allowed to store hashed password because this web services will be used not just by me.
我UserStore.cs:
My UserStore.cs:
public Task<string> GetPasswordHashAsync(TUser user)
{
//I'm suppose to provide hashed password here, but since I don't have any hashed password stored, I have no idea how to implement this method
string passwordHash = userTable.GetPassword(user.Id);
return Task.FromResult<string>(passwordHash);
}
public Task<bool> HasPasswordAsync(TUser user)
{
var hasPassword = !string.IsNullOrEmpty(userTable.GetPassword(user.Id));
return Task.FromResult<bool>(Boolean.Parse(hasPassword.ToString()));
}
public Task SetPasswordHashAsync(TUser user, string passwordHash)
{
//do nothing since I don't need to hash the password
return Task.FromResult<Object>(null);
}
和我被告知不执行IUserPasswordStore因为如此,只是要么使用SignInAsync或SignInManager覆盖PasswordSignInAsync,这是工作的罚款,但是我遇到了另一个问题,就是我需要停工的用户,如果他们失败了几个登录尝试,它是不可能实现IUserLockoutStore没有实现IUserPasswordStore。
And I was told not to implement IUserPasswordStore because of this and just either use SignInAsync or override PasswordSignInAsync in SignInManager, this is working fine however I ran into another problem which is I need to lockout user if they failed several login attempt and it is not possible to implement IUserLockoutStore without implement IUserPasswordStore.
推荐答案
找到了答案:我创建了一个新的类,它实现 IPasswordHasher
...
Found the answer: I create a new class that implements IPasswordHasher
...
public class CustomPasswordHasher : IPasswordHasher
{
public string HashPassword(string password)
{
return password; //return password as is
}
public PasswordVerificationResult VerifyHashedPassword(
string hashedPassword,
string providedPassword)
{
if (hashedPassword.Equals(providedPassword)) {
return PasswordVerificationResult.Success;
}
return PasswordVerificationResult.Failed;
}
}
...在其注册 IdentityConfig
:
manager.PasswordHasher = new CustomPasswordHasher();
这篇关于实现ASP.NET身份IUserLockoutStore没有IUserPasswordStore的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!