I am working on moving an application from Web Forms to MVC and decided to go with MVC 6 using ASP.NET Core.
In my current application, I have a user password used in Identity. The implementation is very simple in my UserManager user class:
public ApplicationUserManager() : base(new UserStore<IdentityUser>(new AuthContext())) { this.PasswordHasher = new SqlPasswordHasher(); }
I am trying to do the same with .NET Core, but the PasswordHasher property does not exist in the UserManager. I see that the constructor will take the IPasswordHasher parameter, so I tried this:
public ApplicationUserManager(IUserStore<ApplicationUser> store, IOptions<IdentityOptions> optionsAccessor, IPasswordHasher<ApplicationUser> passwordHasher, IEnumerable<IUserValidator<ApplicationUser>> userValidators, IEnumerable<IPasswordValidator<ApplicationUser>> passwordValidators, ILookupNormalizer keyNormalizer, IdentityErrorDescriber errors, IServiceProvider serviceProvider, ILogger<UserManager<ApplicationUser>> logger) : base(store, optionsAccessor, new SqlPasswordHasher(), userValidators, passwordValidators, keyNormalizer, errors, serviceProvider, logger) { }
In SqlPasswordHasher, I simply override the VerifyHashedPassword method, which looks like this:
public override PasswordVerificationResult VerifyHashedPassword(ApplicationUser user, string hashedPassword, string providedPassword) {
However, the above does not work. I have a breakpoint set in the VerifyHashedPassword SqlPasswordHasher method and it does not start.
I thought I was doing it wrong, and I should use DI for this. I updated the constructor of my user manager so that it does not instantiate a new SqlPasswordHasher, but instead uses the default interface parameter:
public ApplicationUserManager(IUserStore<ApplicationUser> store, IOptions<IdentityOptions> optionsAccessor, IPasswordHasher<ApplicationUser> passwordHasher, IEnumerable<IUserValidator<ApplicationUser>> userValidators, IEnumerable<IPasswordValidator<ApplicationUser>> passwordValidators, ILookupNormalizer keyNormalizer, IdentityErrorDescriber errors, IServiceProvider serviceProvider, ILogger<UserManager<ApplicationUser>> logger) : base(store, optionsAccessor, passwordHasher, userValidators, passwordValidators, keyNormalizer, errors, serviceProvider, logger) { }
Then in Startup.cs I added a scope service:
services.AddScoped<IPasswordHasher<ApplicationUser>, SqlPasswordHasher>();
But again, this does not work, and the breakpoint in SqlPasswordHasher never starts.
I have a similar line for my custom login manager:
services.AddScoped<SignInManager<ApplicationUser>, ApplicationSignInManager>();
This works great. ApplicationSignInManager accepts the UserManager parameter, and I see that the UserManager accepts the IPasswordHasher parameter.
I assume that SignInManager uses a UserManager that uses PasswordHasher. So my question is: how can I get UserManager to use Hasher's own user password? Or, if this is not the case, how can I get SignInManager to use my password hash?
EDIT: I was able to confirm that when creating an instance of my ApplicationUserManager my SqlPasswordHasher is used in the constructor, so the DI works correctly. I just can't understand why my redefinition of VerifyHashedPassword does not start.