Application Support

Password Hasher

Our password hasher is a managed CRM solution. It is made of an example entity to hold passwords and a plugin that fires on updates and creation events.

If you create a row you type any password in as follows :

Password Hahser Entering Data
Password Hasher Entering Data

Once you save the data you will see (no need to re-load the page)

Password Hashed
Password Hashed

You can change the password just overwrite the text in the password with a new password and it will be re-hashed.

Using in your App

So, we have a hashed password, now what can we do with it?

The following static methods can be used in your Application.

Hash a password

  var hashedPassword = Hashor.HashPassword("He110world!"));

Validate a password

  Hashor.ValidatePassword("Password1", hashedPassword );

The CRM bits

You can just use update the password to the non hashed version and the plugin will take care of hashing for you.

If you don’t want the plugin the hash the password you can set the tn_donthash field. This tells the plugin not to hash the password.


We have used this with little code to allow authentication for a standard MVC website using OWIN.

We had to tell OWIN to use our Hasher

public class CustomSystemPasswordHasher : PasswordHasher
  public override string HashPassword(string password)
     return Hashor.HashPassword(password);

public override PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
  return Hashor.ValidatePassword(providedPassword, hashedPassword) ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed;


public class ApplicationUserManager : UserManager
  public ApplicationUserManager(IUserStore store)
: base(store)
    this.PasswordHasher = new CustomSystemPasswordHasher();

Once you have the above in place, its just standard ASP.NET / MVC code.

public Task FindByIdAsync(string userId)
   // Lookup from CRM, return all the details for the user and populate the ApplicationUser

// This OWIN calls this, we are just giving it the hash as returned from the above call.
public Task GetPasswordHashAsync(ApplicationUser user)
  return Task.FromResult(user.PasswordHash);

Some notes on performance

OWIN can call lookup user more than once, we found that a simple thread based cache worked well.

More help?

If you need anymore help just get in touch

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s