Posts

Showing posts from October, 2013

User authentication on Android against hashed passwords created with Asp.Net Identity

Microsoft shipped a new membership system called ASP.NET Identity with Visual Studio 2013 and .Net 4.5.1. It allows us to add login features to the applications built for the web, phone, or store. By default the ASP.NET Identity system will store all the user information in a database. ASP.NET Identity uses Entity Framework Code First to implement all of its persistence mechanism. What if we going to build an Android app with offline capabilities, where the users would sync the stored credentials created by Asp.Net Identity on the server in order to login? We would have to verify the provided user password against locally stored hashed password to authenticate the user. Below is the code that can be used for this task: /** * Verifies provided plain text password against hash * @param hashedPass * @param password * @return true or false */ private boolean verifyPassword(String hashedPass, String password){ if (hashedPass == null){ return false; } byte[] n