0

As I noticed in default UserManager implementation has ProtectPersonalData flag and it enables encryption for NormalizedUserName and NormalizedEmail but it does not apply for non-normalized pairs like UserName and Email and thinking about these values are identical (aside from normalization) there is no point of encrypting data?, even so why we are pushing to do encryption from two places like two different layer has same concern even if we could do all of this in UserManager? and as a workaround I could override the default class but I want to learn the reasons behind these

Code for setting and updating NormalizedUserName

    public virtual async Task UpdateNormalizedUserNameAsync(TUser user)
    {
        var normalizedName = NormalizeName(await GetUserNameAsync(user));
        normalizedName = ProtectPersonalData(normalizedName);
        await Store.SetNormalizedUserNameAsync(user, normalizedName, CancellationToken);
    }

Code for setting and updating UserName

    public virtual async Task<IdentityResult> SetUserNameAsync(TUser user, string userName)
    {
        ThrowIfDisposed();
        if (user == null)
        {
            throw new ArgumentNullException(nameof(user));
        }

        await Store.SetUserNameAsync(user, userName, CancellationToken);
        await UpdateSecurityStampInternal(user);
        return await UpdateUserAsync(user);
    }
phantomcloak
  • 1
  • 1
  • 3
  • See this [thread](https://stackoverflow.com/questions/41409692/what-is-the-use-of-normalized-email-username-in-net-core-identityuser-model) may helpful. – Yinqiu Feb 26 '21 at 01:45
  • Thanks but I can see why these fields are exist but still the part that I don't get is why default implementation won't encrypt UserName along with NormalizedUserName – phantomcloak Feb 26 '21 at 07:38

0 Answers0