Aspnetcore.docs: Work-around for not asking password reset
Hi,
Is there any work-around for not to ask users for resetting their passwords.
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: ef1bf52a-1488-eb9b-9961-7843704d2717
- Version Independent ID: 1983fca0-2c10-a835-7a37-e67ad97793a1
- Content: Migrate from ASP.NET Membership authentication to ASP.NET Core 2.0 Identity
- Content Source: aspnetcore/migration/proper-to-2x/membership-to-core-identity.md
- Service: unspecified
- Product: asp.net-core
- GitHub Login: @isaac2004
- Microsoft Alias: scaddie
Raghumu
All 3 comments
Sadly no, @blowdart can explain more, but it has to do with the password hashing being completely different between the frameworks.
isaacrlevin
on 24 May 2018
The hashing algorithms used in membership can be, frankly, very old, and not considered safe. We don't implement some of them in ASP.NET Identity, so there's no way to migrate over, so password resets are safer for the users.
blowdart
on 24 May 2018
@Raghumu if you don't want to ask users for resetting their passwords, but want to gradually update password hashes to the new algorithm as they authenticate, I posted what I did in this Stack Overflow question.
However If you can ask for password resetting, that's better.
AlissonRS
on 17 Jul 2019
Related issues
fabich
·
3Comments
danroth27
·
3Comments
wgutierrezr
·
3Comments
madelson
·
3Comments
royshouvik
·
3Comments
Most helpful comment
The hashing algorithms used in membership can be, frankly, very old, and not considered safe. We don't implement some of them in ASP.NET Identity, so there's no way to migrate over, so password resets are safer for the users.