We are migrating a lagacy app to ABP framework. The existing user password was encryted with MD5 encrytion.
I am following the post below trying to override the IPasswordHasher<>:
https://andrewlock.net/safely-migrating-passwords-in-asp-net-core-identity-with-a-custom-passwordhasher/
I am updating the Startup.cs file under xxx.HttpApi.Host project:
using ApplicationHelpers;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.Extensions.Logging;
using System;
using System.Text;
using Volo.Abp.Identity;
namespace Bookstore
{
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddApplication<BookstoreHttpApiHostModule>();
// Replace the existing scoped IPasswordHasher<> implementation
services.Replace(new ServiceDescriptor(
serviceType: typeof(IPasswordHasher<Microsoft.AspNetCore.Identity.IdentityUser>),
implementationType: typeof(Md5PasswordHasher<Microsoft.AspNetCore.Identity.IdentityUser>),
ServiceLifetime.Scoped));
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory)
{
app.InitializeApplication();
}
}
/// <summary>
/// A drop-in replacement for the standard Identity hasher to be backwards compatible with existing MD5 hashes
/// New passwords will be hashed with Identity V3
/// </summary>
public class Md5PasswordHasher<TUser> : PasswordHasher<TUser> where TUser : class
{
public override PasswordVerificationResult VerifyHashedPassword(TUser user, string hashedPassword, string providedPassword)
{
byte[] decodedHashedPassword = Convert.FromBase64String(hashedPassword);
// read the format marker from the hashed password
if (decodedHashedPassword.Length == 0)
{
return PasswordVerificationResult.Failed;
}
// ASP.NET Core uses 0x00 and 0x01 for v2 and v3
if (decodedHashedPassword[0] == 0xFF)
{
//convert back to string for MD5 encrypt, ignoring first byte
var storedHash = Encoding.UTF8.GetString(decodedHashedPassword, 1, decodedHashedPassword.Length - 1);
// md5 hash the provided password
var md5ProvidedPassword = Cryptography.GeneratePassword(providedPassword);
if (md5ProvidedPassword == storedHash)
{
// This is an old password hash format - the caller needs to rehash if we're not running in an older compat mode.
return PasswordVerificationResult.Success;
}
else
{
return PasswordVerificationResult.Failed;
}
}
return base.VerifyHashedPassword(user, hashedPassword, providedPassword);
}
}
}
It does not seem like the implimentation gets overrode.
Please let me know how to override IPasswordHasher<>
Thanks, Tim