小贝子编程

ASP.net Identity UserManager未验证密码



我正在设置一个asp.net web api 2应用程序,但我的自定义Identity.UserManager在验证用户密码时遇到了问题。当我尝试验证用户的哈希密码时,它总是返回失败!尽管我知道我提供了正确的密码。在这里,我试图验证一个用户,并向该用户返回一个令牌。用户数据表(DVUsers)存储在MySQL数据库中。我怀疑我的问题是如何将密码哈希存储在mysql中。

从一开始,我的授权服务器Proivder:

public class AuthServerProvider : OAuthAuthorizationServerProvider
{
    public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
    {
        context.Validated();
    }
    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {
        context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
        try
        {
            AuthContext _ctx = new AuthContext();
            DVUserManager userManager = new DVUserManager(_ctx);
            AuthRepo _repo = new AuthRepo(userManager, _ctx);
            DVUser user = await _repo.FindUser(context.UserName, context.Password);
            if (user == null)
            {
                context.SetError("invalid_grant", "The user name or password is incorrect.");
                return;
            }
            var identity = new ClaimsIdentity(context.Options.AuthenticationType);
            identity.AddClaim(new Claim("sub", context.UserName));
            identity.AddClaim(new Claim("role", "user"));
            context.Validated(identity);
        }
        catch (Exception ex)
        {
            context.SetError("invalid_grant", "message");
        }
    }
}

现在这是我的AuthRepo类。VerifyHashedPsssword ALWAYS在方法FindUser中返回失败。

public class AuthRepo : IDisposable
{
    private AuthContext _ctx;
    private DVUserManager _userManager;
    public AuthRepo(DVUserManager userManager, AuthContext ctx)
    {
        _ctx = ctx;
        _userManager = userManager;
    }
    public async Task<IdentityResult> RegisterUser(DVUser user)
    {
        DVUser iuser = new DVUser { UserName = user.UserName};
        var result = await _userManager.CreateAsync(iuser, user.UserName);
        return result;
    }
    public async Task<DVUser> FindUser(string userName, string Password)
    {
        //Find the user works fine, it finds the correct user
        DVUser user = await _userManager.FindByNameAsync(userName);
        //compare passwords. VerifyHasedPAssword ALWAYS is returning failed
        PasswordVerificationResult result = _userManager.PasswordHasher.VerifyHashedPassword(user.Password, Password);
        if (result == PasswordVerificationResult.Success) { return user; }
        else { return null; }
    }
    public void Dispose()
    {
        _ctx.Dispose();
        _userManager.Dispose();
    }
}

你可能也想看看我的支持课程。

public class AuthContext : IdentityDbContext<IdentityUser>
{
    public AuthContext() : base("localhost") //name of the data connection to use
    {
    }
    public DbSet<DVUser> DVUsers { get; set; }
}

我的自定义用户管理

public class DVUserManager : UserManager<DVUser>
{
    public DVUserManager(AuthContext ctx) : base(new DVUserStore(ctx))
    {
        PasswordValidator = new MinimumLengthValidator(4);
    }
}

这是实现IUser 的DVUser

public class DVUser : IUser
{
    public string Id
    {
        get; set;
    }
    public string UserName
    {
        get; set;
    }
    public string Password { get; set; }
    public int DVClientID { get; set; }
}

最后是我的客户UserStore

public class DVUserStore : IUserStore<DVUser>, IUserPasswordStore<DVUser>
{
    AuthContext _context;
    public DVUserStore(AuthContext context)
    {
        _context = context;
    }
    public Task CreateAsync(DVUser user)
    {
        user.Id = Guid.NewGuid().ToString();
        _context.DVUsers.Add(user);
        return _context.SaveChangesAsync();
    }
    public Task DeleteAsync(DVUser user)
    {
        throw new NotImplementedException();
    }
    public void Dispose()
    {
        _context.Dispose();
    }
    public Task<DVUser> FindByIdAsync(string userId)
    {
        throw new NotImplementedException();
    }
    public Task<DVUser> FindByNameAsync(string userName)
    {
        Task<DVUser> task = _context.DVUsers.Where(
                    apu => apu.UserName == userName)
                    .FirstOrDefaultAsync();
        return task;
    }
    public Task<string> GetPasswordHashAsync(DVUser user)
    {
        if (user == null)
        {
            throw new ArgumentNullException("user");
        }
        return Task.FromResult(user.Password);
    }
    public Task<bool> HasPasswordAsync(DVUser user)
    {
        return Task.FromResult(user.Password != null);
    }
    public Task SetPasswordHashAsync(DVUser user, string passwordHash)
    {
        return Task.FromResult(user.Password = passwordHash);
    }
    public Task UpdateAsync(DVUser user)
    {
        throw new NotImplementedException();
    }
}

MySQL表,DVUsers是这样的。DVUsers表,UTF8编码

这是DVUsers中的数据。只有一个用户DVUsers表数据

谢谢你的帮助!!

我找到了解决方案!有两个问题。首先,我是个白痴。在AuthRepo类中的以下行查看我的Register User方法:
var result=await _userManager.CreateAsync(iuser,user.UserName);我正在将用户密码设置为USERNAME,而不是我的表单发送的密码…天哪。。

第二个问题!我发现它仍然不起作用。我发现如果我将密码列数据类型设置为二进制(68),密码哈希将正确存储。终于奏效了。我希望我帮助了别人!

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium