我不知道是否可能使用Membership来处理这样的迁移,而不强制用户通过密码重置流程。
但是,您可以在同时将Membership迁移到Asp.Net Identity时完成此操作:Asp.Net Identity具有扩展点,允许您处理支持旧签名的“回退”密码签名匹配。此时,您仍然在内存中拥有登录名和密码未散列的状态,因此您可以通过该方式将签名转换为新格式。
所有这些都在以下博客中详细说明了代码,包括我在下面代码中添加的一条注释中略微解释的SQL迁移。
这是实现此目的的主要类:
public class BackCompatPasswordHasher : PasswordHasher
{
public override string HashPassword(string password)
{
return base.HashPassword(password);
}
public override PasswordVerificationResult VerifyHashedPassword(
string hashedPassword, string providedPassword)
{
string[] passwordProperties = hashedPassword.Split('|');
if (passwordProperties.Length != 3)
{
return base.VerifyHashedPassword(hashedPassword,
providedPassword);
}
else
{
string passwordHash = passwordProperties[0];
int passwordformat = 1;
string salt = passwordProperties[2];
if (String.Equals(EncryptPassword(providedPassword,
passwordformat, salt),
passwordHash, StringComparison.CurrentCultureIgnoreCase))
{
return PasswordVerificationResult.SuccessRehashNeeded;
}
else
{
return PasswordVerificationResult.Failed;
}
}
}
private string EncryptPassword(string pass, int passwordFormat,
string salt)
{
if (passwordFormat == 0)
return pass;
byte[] bIn = Encoding.Unicode.GetBytes(pass);
byte[] bSalt = Convert.FromBase64String(salt);
byte[] bRet = null;
if (passwordFormat == 1)
{
HashAlgorithm hm = HashAlgorithm.Create("SHA1");
if (hm is KeyedHashAlgorithm)
{
KeyedHashAlgorithm kha = (KeyedHashAlgorithm)hm;
if (kha.Key.Length == bSalt.Length)
{
kha.Key = bSalt;
}
else if (kha.Key.Length < bSalt.Length)
{
byte[] bKey = new byte[kha.Key.Length];
Buffer.BlockCopy(bSalt, 0, bKey, 0, bKey.Length);
kha.Key = bKey;
}
else
{
byte[] bKey = new byte[kha.Key.Length];
for (int iter = 0; iter < bKey.Length; )
{
int len = Math.Min(bSalt.Length, bKey.Length - iter);
Buffer.BlockCopy(bSalt, 0, bKey, iter, len);
iter += len;
}
kha.Key = bKey;
}
bRet = kha.ComputeHash(bIn);
}
else
{
byte[] bAll = new byte[bSalt.Length + bIn.Length];
Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length);
Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length);
bRet = hm.ComputeHash(bAll);
}
}
return Convert.ToBase64String(bRet);
}
}
然后,在您的用户管理器中:
public class IdentityUserManager : UserManager<IdentityUser>
{
public IdentityUserManager(IUserStore<IdentityUser> store)
: base(store)
{
PasswordHasher = new BackCompatPasswordHasher();
}
}
在我的实际代码库中,我有一些额外的代码来处理重新哈希,但不幸的是,没有注释说明为什么需要这样做。也许这是原始实现者添加的一些多余代码,或者确实是必要的。我没有调查过,所以在IdentityUserManager中这里是额外的代码:
private ConcurrentDictionary<string, string> UserRehashed =
new ConcurrentDictionary<string, string>();
private bool CanRehash(IdentityUser user)
{
return UserRehashed.TryAdd(user.Id, user.Id);
}
protected async override Task<bool> VerifyPasswordAsync(
IUserPasswordStore<IdentityUser, string> store, IdentityUser user,
string password)
{
var hash = await store.GetPasswordHashAsync(user).ConfigureAwait(false);
var verifPassRes = PasswordHasher.VerifyHashedPassword(hash, password);
if (verifPassRes == PasswordVerificationResult.SuccessRehashNeeded &&
CanRehash(user))
{
var chPassRes = await this.ChangePasswordAsync(user.Id,
password, password).ConfigureAwait(false);
if (!chPassRes.Succeeded)
{
}
}
return verifPassRes != PasswordVerificationResult.Failed;
}