Reputation: 860
JWT Authentication in ASP.Net Core with ASP Identity
A couple of years ago I implemented a web application using .Net 4.6 and ASP Identity and I used JWT for authorization and authentication on the backend and used AngularJS for the client. As I recall, I used a series of posts on BitOfTech.net as a basis for the implementation. I used VS2015 community for the implementation.
I am now trying to re-implement this application in VS2017 Community using ASP Identity Core, .Net Core and Angular 4.
I have parts of the Angular working and have re-implemented the JWT tokens, and while it responds to the .well-known/openid-configuration end point with the correct data and the AuthorizationController is called with the Token Endpoint the login fails.
I have worked through a number of the problems, the biggest of these being upgrading that database using a SQL Query but the AccountController fails when it calls _userManager.CheckPasswordAsync() which returns false. I am using Postman to run the test and the username and password are correct because the old version running against the same aspnet Identity DB works.
In the earlier project I had to implement a SQLPasswordHasher derived from PasswordHasher which overrode VerifyHashedPassword(). I forget the reasons why I needed to do this but I seem to recall that because the DB was initially built using ASP.Net Membership the stored passwords were generated using an older algorithm.
So I decided to re-implement this and found that I needed to create a class based on IPasswordHasher which implemented VerifyHashedPassword() and HashPassword()
Then all I had to do was during startup inject my SQLPasswordHasher into the UserManager by assigning userManager.PasswordHasher = SQLPasswordHasher
But that is where I am stuck. In my old implementation there was a place in my code where I created a UserManager but the startup has changed so much that I can't find where I would do this. Google suggested modifying IdentityConfig.cs but this no longer appears to be used.
If someone could explain to me how I inject my own PasswordHasher into the UserManager as it is created I would be eternally grateful.
I'm not sure if this is relevant, but I am using OpenIddict.
Thanks for reading this far.
Upvotes: 0
Views: 542
Answers (1)
Reputation: 860
I was correct. I needed to override PasswordHasher and not create a totally new class.
This can be closed
Upvotes: 0
Related Questions
- Use .NET Core Identity with an API
- ASP.NET Core Sign In with JWT
- Handling authorization with IdentityServer4
- How to handle JWT in ASPNET Core MVC
- .NET Core Web API Authentication and .NET Identity
- .NET Core 2.0 Identity AND jwt?
- JWT Authentication for .net core 2.2 application not using Identity
- ASP .NET CORE 2.2 JWT & Claims identity Authentication for Website
- Sharing Authentication Between Asp .Net and Asp .Net Core
- Dotnet core 2.0 Use Identity with JwtBearer Authentication