mardi 29 décembre 2015

Custom IUser implementation - Validate password

I have a problem using UserManager.CheckPassword(...) with a custom IUser implementation.

I am using .net Identity with Owin, creating my own implementations of IUser and IUserStore.

For the store, I only use the optional Email- and Password-Stores.

The IUser implementation is seen here, with the basic fields:

public class RegisteredUser : IUser<string>
{
    public RegisteredUser()
    {
        Id = Guid.NewGuid().ToString();
    }

    public string Id { get; }

    public string UserName { get; set; }

    public string PasswordHash { get; set; }

    public string Email { get; set; }

    public bool EmailConfirmed { get; set; }
}

The problem occurs when validating the user when logging in. I am unable to use the SignInManager.PasswordSignIn(...) as my store doesnt implement the LockoutStore.

Instead I use the UserManager.CheckPassword(...), but this throws an FormatException, saying (The input is not a valid Base-64 string...)

UserSignInManager manager = HttpContext.GetOwinContext().Get<UserSignInManager>();

RegisteredUser user = manager.UserManager.FindByEmail(model.Email);
if (user != null && manager.UserManager.CheckPassword(user, model.Password))
{
    manager.SignIn(user, model.RememberMe, model.RememberMe);
    return RedirectToAction("UserProfile");
}

Thinking about this, I also fail to understand how the CheckPassword() method is able to check the password of my custom implementation without knowing where to look.

What am I doing wrong?

Aucun commentaire:

Enregistrer un commentaire