Aspnetcore.docs: Example on how to verify hashed password when using the given example

See the sample code

KeyDerivation.Pbkdf2(
            password: password,
            salt: salt,
            prf: KeyDerivationPrf.HMACSHA1,
            iterationCount: 10000,
            numBytesRequested: 256 / 8)

or the link to the source code.

It will be useful to include in the article body something like ValidatePassword(string password, string correctHash) from https://cmatskas.com/-net-password-hashing-using-pbkdf2/

I ended up using the PasswordHasher class from identity instead, the one that was linked on this page.

At first I was reluctant to use it because I am using authentication without identity and the mentioned class requires a user type as generic parameter, but it turns out it's not actually used anywhere in the class.

This should be documented somewhere, there is really no need to write code such as this for 99% of use cases it seems.

I'm still not sure why the PasswordHasher class requires a user parameter when the user is never used anywhere in the class.

@blowdart please review:

• > It will be useful to include in the article body something like ValidatePassword(string password, string correctHash) from https://cmatskas.com/-net-password-hashing-using-pbkdf2/
• > why the PasswordHasher class requires a user parameter

So for passwordhasher the parameter is there in case someone wants it for derived classes.

For the comparison I'd just use in the code in Identity, and cut and paste that.

Thanks for contacting us. We believe that the question you've raised have been answered. If you still feel a need to continue the discussion, feel free to reopen it and add your comments.

Can we have an example on how to verify a (string) password with a hashed password?