asp.net identity - When will VerifyHashedPassword result be SuccessRehashNeeded -


when result of usermanager.verifyhashedpassword result passwordverificationresult.successrehashneeded ?

what if such result occur?

when using verifyhashedpassword check success. enough or should check failed?

i found in source of passwordhasher.cs in github

public virtual passwordverificationresult verifyhashedpassword(tuser user, string hashedpassword, string providedpassword)         {             if (hashedpassword == null)             {                 throw new argumentnullexception(nameof(hashedpassword));             }             if (providedpassword == null)             {                 throw new argumentnullexception(nameof(providedpassword));             }              byte[] decodedhashedpassword = convert.frombase64string(hashedpassword);              // read format marker hashed password             if (decodedhashedpassword.length == 0)             {                 return passwordverificationresult.failed;             }             switch (decodedhashedpassword[0])             {                 case 0x00:                     if (verifyhashedpasswordv2(decodedhashedpassword, providedpassword))                     {                         // old password hash format - caller needs rehash if we're not running in older compat mode.                         return (_compatibilitymode == passwordhashercompatibilitymode.identityv3)                             ? passwordverificationresult.successrehashneeded                             : passwordverificationresult.success;                     }                     else                     {                         return passwordverificationresult.failed;                     }                  case 0x01:                     int embeddeditercount;                     if (verifyhashedpasswordv3(decodedhashedpassword, providedpassword, out embeddeditercount))                     {                         // if hasher configured higher iteration count, change entry now.                         return (embeddeditercount < _itercount)                             ? passwordverificationresult.successrehashneeded                             : passwordverificationresult.success;                     }                     else                     {                         return passwordverificationresult.failed;                     }                  default:                     return passwordverificationresult.failed; // unknown format marker             }         } 

seems successrehashneeded result when change current identity version another.


Comments

Popular posts from this blog

c++ - Difference between pre and post decrement in recursive function argument -

php - Nothing but 'run(); ' when browsing to my local project, how do I fix this? -

php - How can I echo out this array? -