Aspnetcore.docs: Documentation on customizing default password hashing

Yes, that's correct. You can see for yourself in the source code.

How am I able to specify which version to use? Thank you!

You can add something like the following to ConfigureServices:

services.Configure<PasswordHasherOptions>(
    o => o.CompatibilityMode = PasswordHasherCompatibilityMode.IdentityV2);

I see nice. Thank you very much! :)

Yes, we need to cover PasswordHasherOptions in the auth docs. Thanks for opening.

Yes, helpful b/c we often can make faster/better doc updates following discussion.

You can add something like the following to ConfigureServices:

services.Configure<PasswordHasherOptions>(
    o => o.CompatibilityMode = PasswordHasherCompatibilityMode.IdentityV2);

Hi, I just tried the above code and regardless whether it's V2 or V3 I could login to the database without changing anything. Is there anything else I missed? From my understanding V2 and V3 should result in different hash and therefore the user would be unable to login.

The hashed password is different, but the first byte specifies which version of the hashing algorithm was actually used. When verifying a password against a hash, the VerifyHashedPassword method is able to select the correct algorithm to use based on this "format marker" byte and so the user can log in regardless of which version of the algorithm was used. The PasswordHasherCompatibilityMode is used to specify which algorithm gets used when hashing new passwords.

@serpent5 I nominate you for ...

🥇 _Answer of the Day_ 🥇

Getting the .NET Foundation to send you a free case of :beer: is another matter tho. I have a feeling that I'm not going to get a lot of traction with that idea! 😁 lol

Great answer @serpent5 Thank you very much for sharing. Your help is much appreciated

@guardrex Thanks! They say it's the thought that counts... 🤔

@Kool-Koder It's no problem at all. Glad to be able to help. 😃