1

I'm looking to create users for my MVC web application through a WCF webservice. In previous identity versions I created a record for both the membership and users table which worked.

Now there's only the aspnetUsers table that stores user profiles. I have tried creating a new record in this table but with no success. Record gets created but I cannot login with that account. How do I hash my password? Where do I put the salt? There seems to be no field specified in the table to define your salt.

This the query that i'm trying to use:

INSERT INTO AspNetUsers(Id, Email, EmailConfirmed, PassWordhash, SecurityStamp,PhoneNumber,PhoneNumberConfirmed, TwoFactorEnabled,LockoutEnabled,AccessFailedCount,UserName) " + "
VALUES(@Id,
       @Email,
       @EmailConfirmed,
       @PassWordhash,
       @SecurityStamp,
       @PhoneNumber,
       @PhoneNumberConfirmed,
       @TwoFactorEnabled,
       @LockoutEnabled,
       @AccessFailedCount,
       @UserName) command.Parameters.Add(NEW SqlParameter("@Email", emailAddress));

 command.Parameters.Add(NEW SqlParameter("@EmailConfirmed", FALSE));

 //TODO hash + securitystamp?
 command.Parameters.Add(NEW SqlParameter("@PassWordhash", hashedPassword));

 command.Parameters.Add(NEW SqlParameter("@SecurityStamp", FALSE));

 command.Parameters.Add(NEW SqlParameter("@PhoneNumber", "093277604"));

 command.Parameters.Add(NEW SqlParameter("@PhoneNumberConfirmed", FALSE));

 command.Parameters.Add(NEW SqlParameter("@TwoFactorEnabled", FALSE));

 command.Parameters.Add(NEW SqlParameter("@LockoutEnabled", TRUE));

 command.Parameters.Add(NEW SqlParameter("@AccessFailedCount", "0"));

Currently adding this directly through the database because I'm not aware of any other way? There used to be stored procedures to do this but now there's none.

I'm using the crypto library to hash my password but that clearly does not work.

Archetype
  • 11
  • 3
  • Update: I decided to just go with web api instead of wcf this makes it a lot easier since you can use all of the existing classes and references from the existing accountcontroller. – Archetype Oct 08 '15 at 11:24

1 Answers1

0
  1. Why are you creating them directly via DB query?
  2. Can you please include some actual values you are using for this query?
  3. This is how password hashing works in Identity ASP.NET Identity default Password Hasher, how does it work and is it secure?

EDIT:
Also this is how stamp is being generated: 

private static string NewSecurityStamp()
{
     return Guid.NewGuid().ToString();
}
Community
  • 1
  • 1
Aleksei Anufriev
  • 3,206
  • 1
  • 27
  • 31