Starts in:
2 DAYS
4 HRS
51 MIN
47 SEC
Starts in:
2 D
4 H
51 M
47 S

Activities of "tim"

We are migrating a lagacy app to ABP framework. The existing user password was encryted with MD5 encrytion.

I am following the post below trying to override the IPasswordHasher<>:

https://andrewlock.net/safely-migrating-passwords-in-asp-net-core-identity-with-a-custom-passwordhasher/

I am updating the Startup.cs file under xxx.HttpApi.Host project:

using ApplicationHelpers;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.Extensions.Logging;
using System;
using System.Text;
using Volo.Abp.Identity;

namespace Bookstore
{
    public class Startup
    {
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddApplication<BookstoreHttpApiHostModule>();

            // Replace the existing scoped IPasswordHasher<> implementation
            services.Replace(new ServiceDescriptor(
                serviceType: typeof(IPasswordHasher<Microsoft.AspNetCore.Identity.IdentityUser>),
                implementationType: typeof(Md5PasswordHasher<Microsoft.AspNetCore.Identity.IdentityUser>),
                ServiceLifetime.Scoped));
        }

        public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory)
        {
            app.InitializeApplication();
        }
    }

    /// <summary>
    /// A drop-in replacement for the standard Identity hasher to be backwards compatible with existing MD5 hashes
    /// New passwords will be hashed with Identity V3
    /// </summary>
    public class Md5PasswordHasher<TUser> : PasswordHasher<TUser> where TUser : class
    {
        public override PasswordVerificationResult VerifyHashedPassword(TUser user, string hashedPassword, string providedPassword)
        {
            byte[] decodedHashedPassword = Convert.FromBase64String(hashedPassword);

            // read the format marker from the hashed password
            if (decodedHashedPassword.Length == 0)
            {
                return PasswordVerificationResult.Failed;
            }

            // ASP.NET Core uses 0x00 and 0x01 for v2 and v3
            if (decodedHashedPassword[0] == 0xFF)
            {
                //convert back to string for MD5 encrypt, ignoring first byte
                var storedHash = Encoding.UTF8.GetString(decodedHashedPassword, 1, decodedHashedPassword.Length - 1);

                // md5 hash the provided password
                var md5ProvidedPassword = Cryptography.GeneratePassword(providedPassword);

                if (md5ProvidedPassword == storedHash)
                {
                    // This is an old password hash format - the caller needs to rehash if we're not running in an older compat mode.
                    return PasswordVerificationResult.Success;
                }
                else
                {
                    return PasswordVerificationResult.Failed;
                }
            }

            return base.VerifyHashedPassword(user, hashedPassword, providedPassword);
        }

    }
}

It does not seem like the implimentation gets overrode.

Please let me know how to override IPasswordHasher<>

Thanks, Tim

Showing 1 to 1 of 1 entries
Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06