Using Asp.Net Identity 2.x with WebApi 2.x (both latest), is it possible to just validate a given username and password in order to know if the provided information is valid, without actually authenticating the user?
I am working on a partial login in our identity service and it's essential that I don't authenticate the user till the approval of EULA licanse agreement after providing the valid credentials. That is where I'am struggling...
Sorry for not providing any code, I hope the problem is obvious :)
If you have created/defined a UserManager (see here) in your project you can try to find your user by his/her username and, if found, call VerifyHashedPassword method using the PasswordHasher member.
string userName = "my-user-name";
string password = "my-password";
var user = await ApplicationUserManager.FindByNameAsync(userName);
if (user != null)
{
PasswordVerificationResult result = ApplicationUserManager.PasswordHasher.VerifyHashedPassword(user.PasswordHash, password);
}
It returns a PasswordVerificationResult: Failed, Success, SuccessRehashNeeded.
NOTES:
ApplicationUserManager is my implementation of UserManager.