asp.net identity - When will VerifyHashedPassword result be SuccessRehashNeeded -
when result of usermanager.verifyhashedpassword
result passwordverificationresult.successrehashneeded
?
what if such result occur?
when using verifyhashedpassword
check success
. enough or should check failed
?
i found in source of passwordhasher.cs in github
public virtual passwordverificationresult verifyhashedpassword(tuser user, string hashedpassword, string providedpassword) { if (hashedpassword == null) { throw new argumentnullexception(nameof(hashedpassword)); } if (providedpassword == null) { throw new argumentnullexception(nameof(providedpassword)); } byte[] decodedhashedpassword = convert.frombase64string(hashedpassword); // read format marker hashed password if (decodedhashedpassword.length == 0) { return passwordverificationresult.failed; } switch (decodedhashedpassword[0]) { case 0x00: if (verifyhashedpasswordv2(decodedhashedpassword, providedpassword)) { // old password hash format - caller needs rehash if we're not running in older compat mode. return (_compatibilitymode == passwordhashercompatibilitymode.identityv3) ? passwordverificationresult.successrehashneeded : passwordverificationresult.success; } else { return passwordverificationresult.failed; } case 0x01: int embeddeditercount; if (verifyhashedpasswordv3(decodedhashedpassword, providedpassword, out embeddeditercount)) { // if hasher configured higher iteration count, change entry now. return (embeddeditercount < _itercount) ? passwordverificationresult.successrehashneeded : passwordverificationresult.success; } else { return passwordverificationresult.failed; } default: return passwordverificationresult.failed; // unknown format marker } }
seems successrehashneeded
result when change current identity
version another.
Comments
Post a Comment