UserManager.CheckPasswordAsync vs SignInManager.PasswordSignInAsync

by

The two methods you’ve mentioned serve different purposes:

1. UserManager.CheckPasswordAsync

This method hashes the provided password and compares it against the existing password hash (stored in the database, for example).

2. SignInManager.PasswordSignInAsync

This method does a lot more. Here’s a rough breakdown:

  • Checks whether sign-in is allowed. For example, if the user must have a confirmed email before being allowed to sign-in, the method returns SignInResult.Failed.
  • Calls UserManager.CheckPasswordAsync to check that the password is correct (as detailed above).
    • If the password is not correct and lockout is supported, the method tracks the failed sign-in attempt. If the configured amount of failed sign-in attempts is exceeded, the method locks the user out.
  • If two-factor authentication is enabled for the user, the method sets up the relevant cookie and returns SignInResult.TwoFactorRequired.
  • Finally, performs the sign-in process, which ends up creating a ClaimsPrincipal and persisting it via a cookie.

If you are not interested in requiring confirmed emails, lockout, etc, then using UserManager.CheckPasswordAsync as in your question will suffice.

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)