问题
I'm using ASP.NET Core 2.2 with EF Core. I have a User class which looks like this:
public class User : IdentityUser
{
public string FirstName { get; set; }
public string LastName { get; set; }
}
I would like to add a PIN property which will act as a secondary password for extra-secure operations. The user logs into the system, but if he wants to do something more special (like send money), he will be prompted to enter his PIN.
My question is what is the most easy way to hash a string, so I don't store the PIN in plain text in the db?
回答1:
You can use the IPasswordHasher interface , when the user registers , you can create the password hash that will be stored in the database(PIN property) , when you need to verfiy , to hash the provided password/PIN and compare it to the stored hash .
For example , use DI to involve the extension :
public readonly IPasswordHasher<ApplicationUser> _passwordHasher;
public HomeController(IPasswordHasher<ApplicationUser> passwordHasher )
{
_passwordHasher = passwordHasher;
}
To create a hashed password :
var hasedPassword = _passwordHasher.HashPassword(null,"Password");
To verify :
var successResult = _passwordHasher.VerifyHashedPassword(null, hasedPassword , "Password");
You can also refer to document : Hash passwords in ASP.NET Core.
来源:https://stackoverflow.com/questions/55124614/asp-net-core-add-secondary-password-to-identityuser