Identity: Why does HashPassword take in TUser as parameter?

Created on 7 Apr 2016  路  3Comments  路  Source: aspnet/Identity

The HashPassword method in https://github.com/aspnet/Identity/blob/dev/src/Microsoft.AspNetCore.Identity/PasswordHasher.cs takes in both TUser and plain text password as params, but the user param is never used. This seems to be something new that is added in the AspNetCore implementation. Why?

needs-investigation

Most helpful comment

Shouldn't IPasswordHasher<TUser> have an overload without TUser then?

All 3 comments

This is so custom implementations can access things off of the user if they so desire as part of the hashing operation, for example if they wanted the salt to live on the user entity. By default we don't use this behavior but it was requested to enable more advanced scenarios.

Shouldn't IPasswordHasher<TUser> have an overload without TUser then?

Just ignore it if your hasher implementation doesn't care about the user instance.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

PaulRReynolds picture PaulRReynolds  路  4Comments

danroth27 picture danroth27  路  4Comments

hikalkan picture hikalkan  路  6Comments

andrew-vdb picture andrew-vdb  路  9Comments

ianhong picture ianhong  路  6Comments