How to correctly check password hash ASP.NET Core

Question

I have a sign in page and a register page in my client app and the corresponding methods in my auth controller. I'm using ASP.NET Core Identity and EntityFramework Core.

[HttpPost]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
async public Task<IActionResult> LoginPost(AuthUser authUser)
{
     //TODO: check password for signin
     var hasher = new PasswordHasher<AuthUser>();
     var hash = hasher.HashPassword(authUser, authUser.Password);
     var user = _context.Users.FirstOrDefault(user => user.Email == authUser.Email && 
     user.PasswordHash == hash);

     if (user is null) return BadRequest("Date de autentificare greșite");
     // check if sign in was successful
     await _signInManager.SignInAsync(user, false);
     return Ok();
}

This is my sign in function. I'm trying to finish my TODO. As of right now, I'm creating a hash for the password in the request and if they're equal (checks the db context) and if yes, should sign in. Now, I know this is not how it should be done but I haven't really found my answer on Google. I'm sorry if this has already been asked.

Answer 1

You don't need to hash password.

You can use User Manager.

Example :

            string userName = Request.Form["Username"];
            string password = Request.Form["Password"];

            var user = userManager.UserManager.FindByEmailAsync(userName).Result;
            var result = await userManager.PasswordSignInAsync(userName, password, false, true);