如何解决ASP .NET Core身份-Microsoft.AspNetCore.Identity.SignInManager:警告:用户无法提供正确的密码
我有一个运行Identity的现有.NET 4.x数据库。我可以用它登录。我正在将应用程序升级到具有身份的.NET Core。我经历了很多问题。我正在尝试以身份获取错误消息:
Microsoft.AspNetCore.Identity.UserManager:警告:无效的密码 为用户。 Microsoft.AspNetCore.Identity.SignInManager:警告:用户 无法提供正确的密码。
我正在使用的代码是:
var findUser = await signinManager.PasswordSignInAsync(userName,Password,false,false);
-或- var au = new AspNetUser(){UserName = userName,EmailConfirmed = true}; var res =等待_userManager.CheckPasswordAsync(au,密码);
我得到的确切错误取决于我是否尝试通过UserManager
或SignInManager
登录。
我在Startup.cs
文件中设置了以下内容:
services.AddIdentity<AspNetUser,AspNetRole>().AddEntityFrameworkStores<GolfGameContext>();
services.Configure<IdentityOptions>(options =>
{
options.SignIn.RequireConfirmedAccount = false;
options.SignIn.RequireConfirmedEmail = false;
options.SignIn.RequireConfirmedPhoneNumber = false;
});
services.Configure<PasswordHasherOptions>(options => options.CompatibilityMode = PasswordHasherCompatibilityMode.IdentityV2);
我认为更改密码哈希算法的设置将允许我现有的userid / password组合连接到数据库。
我已经更新了我的数据库模式。我已将NormalizedEmail
和NormalizedUserName
设置为电子邮件和用户名的大写版本。我还直接在数据库中将确认的电话号码和确认的电子邮件值设置为true。
任何有关如何正确连接的想法都会受到赞赏。
解决方法
也许问题在于:Asp.net身份和Asp.net核心身份使用不同的哈希算法来生成哈希密码。即使您已将Asp.net核心PasswordHasherOptions设置更改为V2版本,生成的哈希密码仍然与Asp.net身份生成的哈希密码不同。
对于Asp.net身份,它使用以下代码对密码进行哈希处理(请参阅source code):
private const int PBKDF2IterCount = 1000; // default for Rfc2898DeriveBytes
private const int PBKDF2SubkeyLength = 256/8; // 256 bits
private const int SaltSize = 128/8; // 128 bits
/* =======================
* HASHED PASSWORD FORMATS
* =======================
*
* Version 0:
* PBKDF2 with HMAC-SHA1,128-bit salt,256-bit subkey,1000 iterations.
* (See also: SDL crypto guidelines v5.1,Part III)
* Format: { 0x00,salt,subkey }
*/
public static string HashPassword(string password)
{
if (password == null)
{
throw new ArgumentNullException("password");
}
// Produce a version 0 (see comment above) text hash.
byte[] salt;
byte[] subkey;
using (var deriveBytes = new Rfc2898DeriveBytes(password,SaltSize,PBKDF2IterCount))
{
salt = deriveBytes.Salt;
subkey = deriveBytes.GetBytes(PBKDF2SubkeyLength);
}
var outputBytes = new byte[1 + SaltSize + PBKDF2SubkeyLength];
Buffer.BlockCopy(salt,outputBytes,1,SaltSize);
Buffer.BlockCopy(subkey,1 + SaltSize,PBKDF2SubkeyLength);
return Convert.ToBase64String(outputBytes);
}
在Asp.net Core Identity中,它将使用PasswordHasher对密码进行哈希处理(请参阅source code):
public virtual string HashPassword(TUser user,string password)
{
if (password == null)
{
throw new ArgumentNullException(nameof(password));
}
if (_compatibilityMode == PasswordHasherCompatibilityMode.IdentityV2)
{
return Convert.ToBase64String(HashPasswordV2(password,_rng));
}
else
{
return Convert.ToBase64String(HashPasswordV3(password,_rng));
}
}
private static byte[] HashPasswordV2(string password,RandomNumberGenerator rng)
{
const KeyDerivationPrf Pbkdf2Prf = KeyDerivationPrf.HMACSHA1; // default for Rfc2898DeriveBytes
const int Pbkdf2IterCount = 1000; // default for Rfc2898DeriveBytes
const int Pbkdf2SubkeyLength = 256 / 8; // 256 bits
const int SaltSize = 128 / 8; // 128 bits
// Produce a version 2 (see comment above) text hash.
byte[] salt = new byte[SaltSize];
rng.GetBytes(salt);
byte[] subkey = KeyDerivation.Pbkdf2(password,Pbkdf2Prf,Pbkdf2IterCount,Pbkdf2SubkeyLength);
var outputBytes = new byte[1 + SaltSize + Pbkdf2SubkeyLength];
outputBytes[0] = 0x00; // format marker
Buffer.BlockCopy(salt,Pbkdf2SubkeyLength);
return outputBytes;
}
为解决此问题,因为使用Asp.net Identity对现有用户密码进行了哈希处理。登录时,您可以查询数据库并根据用户名获取HashedPassword,然后使用Asp.net Identity VerifyHashedPassword方法来验证HashedPassword。代码如下:
public async Task<IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
if (ModelState.IsValid)
{
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout,set lockoutOnFailure: true
//var result = await _signInManager.PasswordSignInAsync(Input.Email,Input.Password,Input.RememberMe,lockoutOnFailure: false);
//get the hashedpassword from the database.
var hashedpassword = _dbContext.Users.Where(c => c.UserName == Input.Email).FirstOrDefault().PasswordHash;
var result = VerifyHashedPassword(hashedpassword,Input.Password);
//if success,reditect to returnUrl,else show error message.
Asp.net身份VerifyHashedPassword方法:
private const int PBKDF2IterCount = 1000; // default for Rfc2898DeriveBytes
private const int PBKDF2SubkeyLength = 256 / 8; // 256 bits
private const int SaltSize = 128 / 8; // 128 bits
// hashedPassword must be of the format of HashWithPassword (salt + Hash(salt+input)
public static bool VerifyHashedPassword(string hashedPassword,string password)
{
if (hashedPassword == null)
{
return false;
}
if (password == null)
{
throw new ArgumentNullException("password");
}
var hashedPasswordBytes = Convert.FromBase64String(hashedPassword);
// Verify a version 0 (see comment above) text hash.
if (hashedPasswordBytes.Length != (1 + SaltSize + PBKDF2SubkeyLength) || hashedPasswordBytes[0] != 0x00)
{
// Wrong length or version header.
return false;
}
var salt = new byte[SaltSize];
Buffer.BlockCopy(hashedPasswordBytes,SaltSize);
var storedSubkey = new byte[PBKDF2SubkeyLength];
Buffer.BlockCopy(hashedPasswordBytes,storedSubkey,PBKDF2SubkeyLength);
byte[] generatedSubkey;
using (var deriveBytes = new Rfc2898DeriveBytes(password,PBKDF2IterCount))
{
generatedSubkey = deriveBytes.GetBytes(PBKDF2SubkeyLength);
}
return ByteArraysEqual(storedSubkey,generatedSubkey);
}
// Compares two byte arrays for equality. The method is specifically written so that the loop is not optimized.
[MethodImpl(MethodImplOptions.NoOptimization)]
private static bool ByteArraysEqual(byte[] a,byte[] b)
{
if (ReferenceEquals(a,b))
{
return true;
}
if (a == null || b == null || a.Length != b.Length)
{
return false;
}
var areSame = true;
for (var i = 0; i < a.Length; i++)
{
areSame &= (a[i] == b[i]);
}
return areSame;
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。