Intersoft Community - Crosslight - How to Use Crosslight Authentication Service to Use Custom Password Hasher?

How to Use Crosslight Authentication Service to Use Custom Password Hasher?

technical@intersoftpt.com — Fri, 13 Feb 2015 10:52:51 GMT

Glad to hear everything works out great for you!

If you've submitted any Crosslight apps to Store, please let us know and we'd love to see it in action. :)

How to Use Crosslight Authentication Service to Use Custom Password Hasher?

jtungol@silentpartnersoft.com — Thu, 12 Feb 2015 06:07:31 GMT

This guide works, awesome! Thanks!

How to Use Crosslight Authentication Service to Use Custom Password Hasher?

jtungol@silentpartnersoft.com — Tue, 10 Feb 2015 19:28:55 GMT

We'll take a look and see how things work. Thanks!

How to Use Crosslight Authentication Service to Use Custom Password Hasher?

technical@intersoftpt.com — Sat, 07 Feb 2015 11:28:42 GMT

On top of Yudi's response, of course, you'll also need to create a custom class that derives from WebApiAccountService where you need to override the RegisterDefaultAuthenticator and GetDefaultAuthenticator methods, to link the default authenticator to the one you created in the step above. See the following example.



public class MyWebApiAccountService : WebApiAccountService
{

    protected override void RegisterDefaultAuthenticator()    {
        this.AuthenticationService.Register<CustomWebApiAuthenticator>(this.AccountServiceId);
    }
     
    protected override WebApiAuthenticator GetDefaultAuthenticator()
    {
        return this.AuthenticationService.GetAuthenticator<CustomWebApiAuthenticator>();
    }


}

Finally, remember to replace the new authenticator in the AppService.

           
ServiceProvider.AddService<IAccountService, MyWebApiAccountService>();

And that's the beauty of IoC design pattern which is heavily used in Crosslight. It allows you to extend or replace most functionalities in Crosslight, just like that.

Hope this helps.

How to Use Crosslight Authentication Service to Use Custom Password Hasher?

yudi — Fri, 06 Feb 2015 10:07:16 GMT

I refer to ExecuteLogin method (LoginViewModel.cs) in Crosslight Business project template. It has CreateEncryptedAccount(username, password) to create the encrypted account, to hash the password from the client side.

You can implement your own custom password hasher by creating a class which derives BasicWebApiAuthenticator, then override CreateEncryptedAccount

public override IAccount CreateEncryptedAccount(string username, string password)
    {
        //return this.GetDefaultAuthenticator().CreateEncryptedAccount(username, password);
        IHashCryptographicService cryptoService = ServiceProvider.GetService<IHashCryptographicService>();
            
        // assign signature with encrypted password 
        string signature = ...;
            
        var account = new Account(username, this.AccountServiceId, new Dictionary<string, object> { { Account.PasswordHash, signature } });

        if (this.AccountServiceId != this.ServiceId)
            account.Properties[Account.AuthenticatorServiceIdentifier] = this.ServiceId;

        return account;
    }

Hope this helps.

How to Use Crosslight Authentication Service to Use Custom Password Hasher?

jtungol@silentpartnersoft.com — Thu, 05 Feb 2015 12:53:07 GMT

Hi,

How can we use a custom password hasher to hash the password from the client side using the Authentication Service? We do not want to re-hash all of our existing user accounts just to align with the default password hasher being used by Crosslight Framework or Microsoft ASP.Net Identity for that matter, since this is going to be a tedious task. Now, while our mobile app use Crosslight's Enterprise Framework, we assigned the custom password hasher (implemented from IPasswordHasher) to the Web API while creating an instance of the UserManager on the IdentityController. However, we believe this is incomplete, as we believe there are still work to be done on the client side to make it work with Crosslight's Authentication Service.