0

I have a sign in page and a register page in my client app and the corresponding methods in my auth controller. I'm using ASP.NET Core Identity and EntityFramework Core.

[HttpPost]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
async public Task<IActionResult> LoginPost(AuthUser authUser)
{
     //TODO: check password for signin
     var hasher = new PasswordHasher<AuthUser>();
     var hash = hasher.HashPassword(authUser, authUser.Password);
     var user = _context.Users.FirstOrDefault(user => user.Email == authUser.Email && 
     user.PasswordHash == hash);

     if (user is null) return BadRequest("Date de autentificare greșite");
     // check if sign in was successful
     await _signInManager.SignInAsync(user, false);
     return Ok();
}

This is my sign in function. I'm trying to finish my TODO. As of right now, I'm creating a hash for the password in the request and if they're equal (checks the db context) and if yes, should sign in. Now, I know this is not how it should be done but I haven't really found my answer on Google. I'm sorry if this has already been asked.

Improve this question
1
  • 3
    Why are you checking the hash manually like this? You should use UserManager.CheckPasswordAsync, it will return true/false whenever the passwod is valid/invalid. learn.microsoft.com/en-us/dotnet/api/… Commented Jul 26, 2021 at 8:08

1 Answer 1

Reset to default
3

You don't need to hash password.

You can use User Manager.

Example :

            string userName = Request.Form["Username"];
            string password = Request.Form["Password"];

            var user = userManager.UserManager.FindByEmailAsync(userName).Result;
            var result = await userManager.PasswordSignInAsync(userName, password, false, true);
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I thought it involved SignInManager but didn't find any methods for that. My mistake, thanks.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.