VerifyHashedPassword always returns a Failed result
We make it to the switch statement and it goes right to the default case since the decoded password doesn't match any of the cases.
Any suggestionts for what I should do about this?
9 Replies
Well, seems like the first byte is neither
0 nor 1
Any reason you even use base64 there in the first place?It gets upset if base64 isn't used
In case its not clear and I dont realize that: VerifyHashedPassword is from a aspnetcore identity, I don't really have a say modifying this.
Aaaah, that makes more sense
You need to ensure that the expected format marker is set when generating the Hash. How are you generating the Hash?
Unknown User•2w ago
Message Not Public
Sign In & Join Server To View
If you have no further questions, please use /close to mark the forum thread as answered
I was using ToBase64String
with what, plain credentials?
you need to use APIs in the identity library to set the password, that will hash it correctly
if you're using identity you shouldn't be doing any kind of password hashing yourself because it's all built into that library
(and ToBase64String would be a very insecure and wrong way to hash a password, it's not even a hash)
iirc the most recent algorithm identity uses to hash passwords is PBKDF2-HMAC-SHA256 and it also salts it with some random bytes
but that isn't something you need to know if you're using a premade auth solution like identity
this is definitely the problem. you should be using
string HashPassword(TUser user, string password) method on the IPasswordHasher<TUser> implementation.