2

I have a Registrations table which new users get put into. A later process creates a database for that user, and inserts an ASP.NET Identity User record from the data in the registration table (email & name).

I'd like to extend this so that at the point of registration, users can enter their password, which will then be set up in the new database.

To do this properly, I'd need to create a SecurityStamp value and then encrypt the password using that to get the PasswordHash, I believe. So then I would store these values in the registrations table, and then I could copy them into the user's new database when that is set up, and they would be able to log in with the password they registered.

How would I do this - generate the SecurityStamp and then hash the password?

Sean
  • 14,359
  • 13
  • 74
  • 124
  • Identity handles all this for you, are you not using the `UserManager` class? – DavidG Sep 23 '16 at 12:53
  • @DavidG The database doesn't exist at the time of registering. I want to store the password securely until a later process creates the database and then uses the UserManager class to create the initial user account. – Sean Sep 23 '16 at 13:39

2 Answers2

9

SecurityStamp can be anything random, non-repeatable - Guid.NewGuid().ToString() does the job nicely.

For password hashing UserManager has property PasswordHasher that does password hashing for you:

var userManager = new UserManager(context);
var passwordHash = userManager.PasswordHasher.HashPassword("mySecurePassword");
trailmax
  • 34,305
  • 22
  • 140
  • 234
  • 1
    Hmm. So there there's no need for me to store the SecurityStamp in the registrations table. I just need to hash the password and store that, right? And secondly, it won't matter if I hash the password using `contextA` and then update the value into the PasswordHash field in a User table in `contextB` - is that correct? – Sean Sep 23 '16 at 18:51
  • @Sean Correct on all accounts. Change in SecurityStamp will invalidate all user's existing cookies - making them login again. Moving password hash to a different place won't affect the password. Salt is embedded together with the actual hash in the same column and actual hashing does not depend on any of the storage implementations. – trailmax Sep 23 '16 at 19:11
0

Use this namespace

using Microsoft.AspNetCore.Identity;

to generate a hash use

var pass = new PasswordHasher<object>().HashPassword(null, "your password");

to test your password hash

var passCheck = new PasswordHasher<object>().VerifyHashedPassword(null, hashedpassword, "your test password");

return ((int)passCheck) == 1 ? "correct password" : "invalid password";
Super Kai - Kazuya Ito
  • 22,221
  • 10
  • 124
  • 129
MUCHIRA JUNIOR
  • 69
  • 6