The new ASP.net Identity project has brought some useful code and interfaces for website security. To implement a custom system using the interfaces (instead of using the standard Entity Framework implementation included in the MVC 5 template) an
public interface IPasswordHasher
string HashPassword(string password);
PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword);
"Is it possible to use password salting for more secure encryption in ASP.net Identity and via this interface?"
Yes, the interface is provided for the new implementation of PasswordHasher already present in Core framework.
Also note that the default implementation is already using Salt+Bytes.
After creating custom
MyPasswordHasher), you can assign it to UserManager instance like
To implement a custom system using the interfaces (instead of using the standard Entity Framework implementation included in the MVC 5 template) an IPasswordHasher is required.
For implementing alternate system from EF, - You shall implement all Core interfaces. - IPasswordHasher implementation is not required. PasswordHasher is already provided in Core framework as it's implementation.