c# - Manually validating ASP.NET Identity user account -



c# - Manually validating ASP.NET Identity user account -

i have asp.net mvc 5 site uses asp.net identity (pre 2.0), site comes webapi. have windows phone app consume services site, want validate user account; wp app inquire username , password send them server validated. now, i'd employ same hashing technique asp.net identity using on phone, can send hash, , compare on other side, not sure hash uses, plus, seems using sort of salt, because have couple of test user accounts same password, have different hashes, maybe it's securitystamp? prefer not send plain text password on wire, i'm pretty sure that's huge no no.

how should approach issue?

thank you

i won't steal thunder of first-class existing answer explains how asp.net identity performing hashing under hood.

that beingness said, problem much easier think. can send "plain text" password on wire, but need sending on ssl/tls! how websites send credentials. entire http request encrypted while going on wire. easy solution certificate , stand web server ssl/tls.

to reply question (even though don't believe right solution), while looks can source how hashing beingness performed, wouldn't recommend implementing on client side. reason beingness if upgrade newer version of asp.net identity? need track downwards source code , update hashing method client side application. how users new hashing method on device? need upgrade latest version of application. you're stuck users can't authenticate until upgrade application because server-side version has been upgraded.

c# asp.net-mvc asp.net-web-api asp.net-identity

Comments

Post a Comment

Popular posts from this blog

php - Android app custom user registration and login with cookie using facebook sdk -

php - Android app custom user registration and login with cookie using facebook sdk - i developing android application in users need register , log in using facebook. approximately, flow. open app first time, authenticate facebook, data, send info server create them business relationship in application, start session new business relationship in server, cookie perform later interactions. so far good. what need know wich info have send server, can able identify users when log in seccond time. because need start session in server , send cookie android app farther interactions. i'm using php server side language. i thinking getting getaccesstoken() in android facebook sdk, pass server on business relationship creation , storing in android app. but can't manage how login users on sec time utilize app. any suggestions ? in advance ! to uniquely identify user within app, should create request /me , user's id. guaranteed unique , remain con
Read more

django - Access session in user model .save() -

django - Access session in user model .save() - is possible access current session in user model .save()? pseudo code of want achieve: # users.models.py def save(self, *args, **kwargs): created = true if self.pk: created = false super(abstractuser, self).save(*args, **kwargs) # post-save if created: look_for_invite_in_session_and_register_if_found(self, session) seems wrong in architecture. shouldn't access request in models layer. work request must done in view. can this: user, created = abstractuser.objects.get_or_create(name=name) if created: look_for_invite_in_session_and_register_if_found(user, request.session) django session
Read more

php - .htaccess Multiple Rewrite Rules / Prioritizing -

php - .htaccess Multiple Rewrite Rules / Prioritizing - here current htaccess file: rewriteengine on rewritecond %{http_host} !^www\.website\.com [nc] rewritecond %{http_host} ([^.]+)\.website\.com [nc] rewriterule ^(.*)$ http://www.website.com/gotourl.php?urlid=?%1 [l] rewriterule ^(\w+)$ ./gotourl.php?urlid=$1 [nc,l] rewriterule ^(\w+)/$ ./gotourl.php?urlid=$1 [nc,l] the website in question url shortener i'm working on testing/developing , personal use. above code may not ideal i'm not familiar .htaccess , made via googling , testing. want url shortening aspect: http://website.com/1234 -> http://website.com/gotourl.php?urlid=1234 http://website.com/1234/ -> http://website.com/gotourl.php?urlid=1234 the problem cannot figure out how ignore directories. want specific directories go specific pages: http://website.com/img (or) http://website.com/img/ -> http://website.com/img.php http://website.com/img/1234 (or) http://website.com/
Read more