6

Currently, I have password hashes generated using ASP.NET Identity 2.0.

Is it possible to verify these passwords using new ASP.NET Identity 3.0?

LosManos
  • 7,195
  • 6
  • 56
  • 107
Christopher Schwarz
  • 63
  • 7

1 Answers1

5

Try to set PasswordHasherCompatibilityMode to V2(below code was not tested) :

    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<PasswordHasherOptions>(options => options.CompatibilityMode = PasswordHasherCompatibilityMode.IdentityV2);
    }

also see How to set PasswordHasherCompatibilityMode.IdentityV3 in ASP.NET 5 Identity?

Community
  • 1
  • 1
adem caglin
  • 22,700
  • 10
  • 58
  • 78
  • I have this options enabled. I noticed something weird. When I created account using Identity 3.0 with IdentityV2 CompatibilityMode then it works in application which use Identity 2.0. But when I created account in application which use Identity 2.0 I can't login into this account using application with Identity 3.0 and CompatibilityMode. – Christopher Schwarz Aug 10 '16 at 12:21
  • 3
    nevermind, my old accounts had empty "NormalizedUserName" field in table. Now it works correctly. Thanks – Christopher Schwarz Aug 10 '16 at 12:38
  • 2
    Please note that `PasswordHasherCompatibilityMode.IdentityV2` will **also store the password using the old (and insecure) format**! The default password hasher for Identity 3 **already** has support for validating the old IdentityV2 formatted password, without any need of changing the compatibility mode. You should keep the compatibility mode to V3. The only good reason to modify the compatibility mode to V2 is for applications that use **both** the old and the new identity system at the same time. – Federico Dipuma Jul 13 '18 at 10:06