diff --git a/samples/Mvc.Server/Startup.cs b/samples/Mvc.Server/Startup.cs index 622b0520..3e2e900d 100644 --- a/samples/Mvc.Server/Startup.cs +++ b/samples/Mvc.Server/Startup.cs @@ -1,4 +1,5 @@ using System.Linq; +using CryptoHelper; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.HttpOverrides; @@ -134,7 +135,7 @@ namespace Mvc.Server { DisplayName = "My client application", RedirectUri = "http://localhost:53507/signin-oidc", LogoutRedirectUri = "http://localhost:53507/", - Secret = hasher.HashPassword(null, "secret_secret_secret"), + Secret = Crypto.HashPassword("secret_secret_secret"), Type = OpenIddictConstants.ApplicationTypes.Confidential }); diff --git a/src/OpenIddict.Core/OpenIddictManager.cs b/src/OpenIddict.Core/OpenIddictManager.cs index d33fffd2..a5eff439 100644 --- a/src/OpenIddict.Core/OpenIddictManager.cs +++ b/src/OpenIddict.Core/OpenIddictManager.cs @@ -6,6 +6,7 @@ using System.Threading; using System.Threading.Tasks; using AspNet.Security.OpenIdConnect.Extensions; using AspNet.Security.OpenIdConnect.Server; +using CryptoHelper; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Identity; @@ -203,8 +204,7 @@ namespace OpenIddict { return false; } - var hasher = new PasswordHasher(); - if (hasher.VerifyHashedPassword(application, hash, secret) == PasswordVerificationResult.Failed) { + if (!Crypto.VerifyHashedPassword(hash, secret)) { Logger.LogWarning("Client authentication failed for {Client}.", await GetDisplayNameAsync(application)); return false; diff --git a/src/OpenIddict.Core/project.json b/src/OpenIddict.Core/project.json index c32bc38f..abe21956 100644 --- a/src/OpenIddict.Core/project.json +++ b/src/OpenIddict.Core/project.json @@ -5,6 +5,7 @@ "dependencies": { "AspNet.Security.OpenIdConnect.Server": "1.0.0-*", + "CryptoHelper": "1.0.0-rc2-build03", "JetBrains.Annotations": "10.1.2-eap", "Microsoft.AspNetCore.Cors": "1.0.0-*", "Microsoft.AspNetCore.Identity": "1.0.0-*",