Reputation: 6029
Hashing user password - Identity Server
I'm currently working with Identity Server 4, at present when the user logs in I need to hash their provided password and then compare with the password stored in the database (also hashed)
After some searching, I was linked to the PasswordHasher within Identity Server to handle this:
var _hasher = new PasswordHasher<User>();
var hashpassword = _hasher.HashPassword(user, context.Password);
User is my custom class that inherits from IdentityUser, however, when checking the hashed password against the one in the database the hash is completely different, I have double checked the password and I can confirm it's correct.
Can anyone suggest why I maybe seeing a different hash compared to the one in the database?
Upvotes: 1
Views: 3307
Answers (1)
Reputation: 19106
Each time you hash a password with PasswordHasher<T>.HashPassword you will get a total different result because of the salt.
To verify such hashed salted passwords use the given method IPasswordHasher<T>.VerifyPassword.
Upvotes: 3
Related Questions
- How to manually hash a password using Asp.Net Core 2.2 / IdentityServer4 / SP.NET Core Identity
- ASP.NET Core Identity - Creating user "manually" and providing password hash - How to generate hash correctly?
- Creating test users with password hash in asp.net identity 2.2.1
- Microsoft Identity password hash is different for the same password
- Password hash Identity framework and salt
- ASP>NET Identity: How to compare a password entered by the user with a hashed password?
- Asp.net Identity password hashing
- How to generate hash using specified salt and password in asp.net Identity?
- Hashing legacy salted passwords with ASP.NET Identity
- ASP.Net Identity Manual Password Hashing