Application Support

Password Hasher

Our password hasher is a managed CRM solution. It is made of an example entity to hold passwords and a plugin that fires on updates and creation events.

If you create a row you type any password in as follows :

Password Hahser Entering Data
Password Hasher Entering Data

Once you save the data you will see (no need to re-load the page)

Password Hashed
Password Hashed

You can change the password just overwrite the text in the password with a new password and it will be re-hashed.

Using in your App

So, we have a hashed password, now what can we do with it?

The following static methods can be used in your Application.

Hash a password

  var hashedPassword = Hashor.HashPassword("He110world!"));

Validate a password

  Hashor.ValidatePassword("Password1", hashedPassword );

The CRM bits

You can just use update the password to the non hashed version and the plugin will take care of hashing for you.

If you don’t want the plugin the hash the password you can set the tn_donthash field. This tells the plugin not to hash the password.

ASP.NET / MVC / OWIN

We have used this with little code to allow authentication for a standard MVC website using OWIN.

We had to tell OWIN to use our Hasher

public class CustomSystemPasswordHasher : PasswordHasher
{
  public override string HashPassword(string password)
  {
     return Hashor.HashPassword(password);
  }
}


public override PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
{
  return Hashor.ValidatePassword(providedPassword, hashedPassword) ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed;
}
}

and

public class ApplicationUserManager : UserManager
{
  public ApplicationUserManager(IUserStore store)
: base(store)
  {
    this.PasswordHasher = new CustomSystemPasswordHasher();
  }
}

Once you have the above in place, its just standard ASP.NET / MVC code.

public Task FindByIdAsync(string userId)
{
   // Lookup from CRM, return all the details for the user and populate the ApplicationUser
}

// This OWIN calls this, we are just giving it the hash as returned from the above call.
public Task GetPasswordHashAsync(ApplicationUser user)
{
  return Task.FromResult(user.PasswordHash);
}

Some notes on performance

OWIN can call lookup user more than once, we found that a simple thread based cache worked well.

More help?

If you need anymore help just get in touch

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s