Changes related to hashing password with asp.net identity

Topics: Business Logic Layer
Mar 12, 2015 at 1:04 PM
Changeset 7ec5840b7b6a introduced hashing passwords with asp.net identity password hasher.
However it seems like it generates different hashes then SHA256 that was used for this purpose before. This makes impossible to login to blogengine with old passwords.
I see that this change still wasn't released, but it will cause lots of confusion after it will be released.
Mar 25, 2015 at 3:47 PM
That changeset is really incomplete as it doesn't works like that. You need to use VerifyHashedPassword function from asp.net identity as HashPassword will return different hash each time for the same password (as different salt is used each time). So current implementation in BlogEngime will not allow you to login
Coordinator
Mar 25, 2015 at 9:28 PM
Pretty sure it allows me to log in just fine, but will check it out, thanks. Will be rolled back if issues.