Reputation: 511
ASP.NET Core add secondary password to IdentityUser
I'm using ASP.NET Core 2.2 with EF Core. I have a User class which looks like this:
public class User : IdentityUser
{
public string FirstName { get; set; }
public string LastName { get; set; }
}
I would like to add a PIN property which will act as a secondary password for extra-secure operations. The user logs into the system, but if he wants to do something more special (like send money), he will be prompted to enter his PIN.
My question is what is the most easy way to hash a string, so I don't store the PIN in plain text in the db?
Upvotes: 0
Views: 2029
Answers (1)
Reputation: 27588
You can use the IPasswordHasher interface , when the user registers , you can create the password hash that will be stored in the database(PIN property) , when you need to verfiy , to hash the provided password/PIN and compare it to the stored hash .
For example , use DI to involve the extension :
public readonly IPasswordHasher<ApplicationUser> _passwordHasher;
public HomeController(IPasswordHasher<ApplicationUser> passwordHasher )
{
_passwordHasher = passwordHasher;
}
To create a hashed password :
var hasedPassword = _passwordHasher.HashPassword(null,"Password");
To verify :
var successResult = _passwordHasher.VerifyHashedPassword(null, hasedPassword , "Password");
You can also refer to document : Hash passwords in ASP.NET Core.
Upvotes: 3
Related Questions
- Configuring Password Requirements in ASP.net Core 3 Identity Doesn't Work
- How override ASP.NET Core Identity's password policy
- How do I set password options in Aspnet Core 2.1
- ASP.NET Core - Using multiple authentication methods
- Change password in ASP.NET Core 2.x
- extend ASP.NET Core Identity user
- How to reuse identity password validation when changing passwords
- Update Password in Asp.net Core 2 Identity
- ASP.NET Core Identity, IdentityServer4 and Changing a password
- Asp.Net Core Identity, updating existing plain text passwords