I've working on learning Asp.net, but I'm having troubles with the password hasher.
I want to use the non-modified version of the thing, but I'm severely lacking on instructions. Googling has failed me.
So it's a very very general question.
Would some one be so kind to provide a small tutorial on password hashing during User registration and login.
I would really appreciate it.
Related
Within a Symfony2 application I'm building I've managed to get user account creation, login, updating profile working using bootstrap for the frontend and 'out of the box' Symfony2 for the rest. I need to add the ability for users to reset their passwords and/or have email sent with a generated password. I'll preface these questions with the fact I am new to developing in Symfony2. My questions are 1) Do I try and use FOSUserBundle in parallel with code I have already written or 2) Are there ways to implement this without FOSUserBundle. These are questions are really coming from a place of not knowing any better.
Thank you in advance.
I'm not a symfony guy but I only know that Symfony embraces the "don't reinvent the wheel" philosophy. Symfony itself is a collection of bundles. If this is your first time with a web framework I can tell that you've passed a lot of time and effort implementing something that other developers offered to you. Believe me if you want to build something powerful and standardized FOSuserbundle will undoubtedly satisfy your need.
Always sad to see a genuinely asked question downvoted.
#Brent was a Symfony novice myself and in many ways probably still am. I wouldn't say Symfony embraces "don't reinvent the wheel" but rather "speed up app development". I am sure you can take days searching Stackoverflow and find possible (probably a little bit outdated) solutions to your problem or do as #AzizFCB suggested and use a ready Symfony bundle, in fact, the most widely used and adopted Symfony bundle. Unless your app's core activity is solving people's login and forgot password problems. I would strongly advise to use FOSUserBundle, solve that problem in a few hours importantly including updates (especially security) that you don't need to manage (but if you can please contribute to) and focus your efforts on coding your apps core activity(s).
I'm new too Symfony 2 and need so help. I'm following this tutorial: http://symfony.com/doc/current/cookbook/security/entity_provider.html
It helps with creating a login system and I've managed to get that working mostly. However i the tutorial it only explain verifying using and email address or username. It has no mention of checking if the password is actually ok or how tell Doctrine which encryption algorithm to use or have to involve the salt.
If there is another article I should read that someone could point me too or if someone could explain to me how to do these thing I'd much appreciate it :)
a decent implementation of the user-mgmt is the https://github.com/FriendsOfSymfony/FOSUserBundle and its documentation
Used in many projects, been learning a lot when digging inside the bundle myself
I'm building my own authentication module(to sell, hopefully) and I'm wondering what my competition is. What alternative authentication libraries exist other than Windows/Forms Authentication? I'm looking especially for frameworks that were not produced by Microsoft.
To be specific, I'm talking about authentication methods with .Net libraries that store user credentials(username/password hash) in your own database.
Well, there's openid, oauth, facebook, and whatever else you want to do.
Honestly, it sounds like you're creating a solution in search of a problem. There are already so many different, and free, authentication systems out there. Why would anyone want to pay for yours? What makes your unique? What makes your desirable over anyone elses?
EDIT:
Most people who just need a username/password stored in a database, they find the standard Membership and Role Providers to be more than adequate. They're fairly simple, and work well. That doesn't usually leave much impetus to design something new.
What does your library do that Membership/Role Provider doesn't?
Sorry, I'm not even sure how to ask this exactly... but I wrote a website with logins. For that, I made my own users and passwords tables and hashed the passwords myself. Now, I would much rather move to Microsoft's built in membership provider with asp.net in sql server. Does anybody know a good way to migrate over?
The only real idea I've had so far is to make both systems run simultaneously, then when a user logs in, validate them in my old system, then ask them to re-enter their password and save their new stuff in the microsoft's system... then clear the record out of my old system. Eventually, I would hope that would move everybody into the new system. But that seems annoying and messy. Is there some better way?
Sorry if that doesn't make any sense.
You just use the custom membership providers.
Here is a good SO link
How to implement ASP.NET membership provider in my domain model
I hesitate to make a decision about the authentication and authorization in a new web application.
The Membership, Roles and Profile built in Asp.net 2.0 seems impressive, but there are too many things behind them, which is uneasy to find out.
I've decide use my own DB structure so I have to rewrite my own provider, but there is still some thing I can't figure out, such as session and cookie.What, when and how does it encrypt and after retrieving user info from DB, seems cookie is uesed but how about session? I make use of MSDN, .Net Reflactor and Goole but get no answer. I mean I know the configuration and result but not sure how.
I don't think I can do a good job in the later improvement and maintenance if I don't know how the things process behind the Login controls and membership components.
So help me please, what should I do? I want to know how things run behind the screen. Any suggestion is looking forward!
You can download the source code for the providers here. Learn as much as you want from it and see how Microsoft implemented it. You might even want to recycle some pieces on the FormsAuthenticationTicket.
Microsoft's also using salted hashing to store the passwords for increased security. That might also be of interest to you when you make your own providers.
You should use .NET Reflector to find out how the .NET code works. You can also actually single-step into the sources in later versions of Visual Studio.