This project is read-only.

Not All Passwords Are Created (Hashed) Equal

Apr 29, 2014 at 9:01 PM
My site runs off a custom database with custom hashing. I previously had the site setup with an extended MembershipProvider but am now upgrading the site to MVC5 and .NET Identity.

I've created custom User/Role Stores and have plugged them into the UserManager.

My issue is that the IPasswordHasher doesn't pass in the user object, only the password itself as a string.

This would be fine for creating new passwords but not for verifying. My custom system will periodically change the amount of iterations on the hash and sometimes even the hashing mechanism itself. I keep a record of how the password was hashed and use this to calculate the hash against whatever profile was used to verify the passwords match.

I know the User Manager isn't open sourced yet but is there anyway to see what methods in UserManager are using the password Hasher so I can override them.

Failing that can anyone think of an obvious way around this?

Many Thanks
Apr 29, 2014 at 10:04 PM
The symbols packages for the UserManager are available on codeplex. You can refer this link to setup the symbols packages and debug through the code