CODEWITHSUNDEEP
c#asp.net.netasp.net-core
Dmitry Vasilyuk Just3F
Dmitry Vasilyuk Just3F

Reputation: 187

How can I disable automatic hash password for identity .net core

I can't find the way to disable automatic hash password for identity .net core. Because this code hashes the password automatically:

var result = await _userManager.CreateAsync(user, model.Password);

Upvotes: 0

Views: 4151

Answers (2)

intox
intox

Reputation: 570

Since Asp.NET Core MVC uses dependency injection to setup the Identity, all you need is just create your alternate of password hashing class:

public class CustomPasswordHasher : IPasswordHasher<AppUser>
{
    public string HashPassword(AppUser user, string password)
    {
        return password;
    }

    public PasswordVerificationResult VerifyHashedPassword(AppUser user, string hashedPassword, string providedPassword)
    {
        return hashedPassword.Equals(providedPassword) ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed;
    }
}

and add:

services.AddScoped<IPasswordHasher<AppUser>, CustomPasswordHasher>();

in you mvc app statup.cs

Upvotes: 6

Gilvan J&#250;nior
Gilvan J&#250;nior

Reputation: 99

You could write a class that overwrites UserManager

public class ApplicationUserManager : UserManager<IdentityUser>
{
    public ApplicationUserManager(IUserStore<IdentityUser> store)
        : base(store)
    {
        this.PasswordHasher = new CustomPasswordHasher();
    }

    public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context)
    {
        var manager = new ApplicationUserManager(new UserStore<IdentityUser>(context.Get<ApplicationDbContext>()));         

        manager.PasswordHasher = new CustomPasswordHasher();
    }
}

And then override PasswordHasher with a new custom hasher class that inherits PasswordHasher.

internal class CustomPasswordHasher : PasswordHasher
{
    public override string HashPassword(string password)
    {
        return password;
        //return Crypto.Sha1.Encrypt(password);
    }

    public override PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
    {
        //var testHash = Crypto.Sha1.Encrypt(providedPassword);
        return hashedPassword.Equals(testHash) || hashedPassword.Equals(providedPassword) ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed;
    }
}

Finally, remember, by doing that you're going to lose your database user's safety.

Upvotes: 5

Related Questions