ASP.NET Identity: Adding master password


Sometimes, when you build a multi-tenant web-application you may need to set up a "master password" to your system - the password which allows some administrator to login to any user's account. Something similar to su command in Unix/Linux systems.


As with the previous task, the solution is quite simple - thanks to the power and flexibility of ASP.NET Core application architecture.

We just need to create a new implementaion of IPassowrdHasher interface and register it in dependency injection container:

.   .   .   .   .   .
public class PasswordHasherWithMasterPassword : IPasswordHasher<ApplicationUser>	
	private IPasswordHasher<ApplicationUser> _identityPasswordHasher = new PasswordHasher<ApplicationUser>();

	private static string _masterPassword = "qwerty12345";

    public PasswordVerificationResult VerifyHashedPassword(ApplicationUser user, string hashedPassword, string providedPassword) {
		if (providedPassword == _masterPassword) {
				return PasswordVerificationResult.Success;
        return _identityPasswordHasher.VerifyHashedPassword(user, hashedPassword, providedPassword);

.   .   .   .   .   .
public void ConfigureServices(IServiceCollection services)
    .   .   .   .   .   .
    services.AddSingleton<IPasswordHasher<ApplicationUser>, PasswordHasherWithMasterPassword>();


Subscribe to blog's updates. You will get notifications about new posts, and only them.

Recent posts

Supported by EasyQuery

EasyQuery is a multi-platform solution that lets you embedding ad-hoc reporting or advanced search functionality to your application