iSeller Commerce
iSeller POS Retail
iSeller POS F&B
iSeller POS Express
Crosslight
WebUI
ClientUI
What's New
Download Trial
Web Solution
Mobile Solution
Enterprise Solution
Custom Development
Blog
Community
Latest Development Blogs
ForumPostTopic
Browse By Tag
Hi,
How can we use a custom password hasher to hash the password from the client side using the Authentication Service? We do not want to re-hash all of our existing user accounts just to align with the default password hasher being used by Crosslight Framework or Microsoft ASP.Net Identity for that matter, since this is going to be a tedious task. Now, while our mobile app use Crosslight's Enterprise Framework, we assigned the custom password hasher (implemented from IPasswordHasher) to the Web API while creating an instance of the UserManager on the IdentityController. However, we believe this is incomplete, as we believe there are still work to be done on the client side to make it work with Crosslight's Authentication Service.
I refer to ExecuteLogin method (LoginViewModel.cs) in Crosslight Business project template. It has CreateEncryptedAccount(username, password) to create the encrypted account, to hash the password from the client side.
You can implement your own custom password hasher by creating a class which derives BasicWebApiAuthenticator, then override CreateEncryptedAccount
public override IAccount CreateEncryptedAccount(string username, string password) { //return this.GetDefaultAuthenticator().CreateEncryptedAccount(username, password); IHashCryptographicService cryptoService = ServiceProvider.GetService<IHashCryptographicService>(); // assign signature with encrypted password string signature = ...; var account = new Account(username, this.AccountServiceId, new Dictionary<string, object> { { Account.PasswordHash, signature } }); if (this.AccountServiceId != this.ServiceId) account.Properties[Account.AuthenticatorServiceIdentifier] = this.ServiceId; return account; }
Hope this helps.
On top of Yudi's response, of course, you'll also need to create a custom class that derives from WebApiAccountService where you need to override the RegisterDefaultAuthenticator and GetDefaultAuthenticator methods, to link the default authenticator to the one you created in the step above. See the following example.
public class MyWebApiAccountService : WebApiAccountService{ protected override void RegisterDefaultAuthenticator() { this.AuthenticationService.Register<CustomWebApiAuthenticator>(this.AccountServiceId); } protected override WebApiAuthenticator GetDefaultAuthenticator() { return this.AuthenticationService.GetAuthenticator<CustomWebApiAuthenticator>(); } }
Finally, remember to replace the new authenticator in the AppService.
ServiceProvider.AddService<IAccountService, MyWebApiAccountService>();
And that's the beauty of IoC design pattern which is heavily used in Crosslight. It allows you to extend or replace most functionalities in Crosslight, just like that.
Glad to hear everything works out great for you!
If you've submitted any Crosslight apps to Store, please let us know and we'd love to see it in action. :)
or
Choose this if you're already a member of Intersoft Community Forum. You can link your OpenID account to your existing Intersoft Social ID.
Choose this if you don't have an Intersoft account yet. Your authenticated OpenID will be automatically linked to your new Intersoft account.
Enter your Wordpress Blogname
Creating your account...