0

I am new to this WebApi stuff so please bear with me..:)

I have a project that allows an android device to connect and view data from an existing sql database.

I created the webapi using visual studio 2015 and it was quite simple (Entity framework automatically created 90% of models and controllers).

Everything is working now except that I really want to secure this webapi. My project was created with the individual user accounts option.

To start with I tried to register an account from the api which created the account in a local db.

I changed the connection string of the DefaultConnection and pointed it to my existing database.

Then I tried to register a test account again and the asp.net identity tables were created in my database.. so far good

Now my problem is that in my project there will be no register new account from the webapi, all the username and passwords are already stored in the database in a separated table and adding a new account is done from the sql server.

Even if I wanted to copy the existing usernames i can't since the password in the Asp.net identity tables are hashed :/

So I am left with 2 options: 1- find a way to remove the password hashing and copy my usernames and passwords to the asp.net identity (which is something i really don't want to do since hashing is always good )

2- is to find a way to convert my already saved passwords into hashed passwords (this will force the company to manually hash a password each time they have to create a new account).

I am have searched ALOT but every thing I find is either old or for angularjs or web applications which my project is totally different from.

Any step by step or just point me to the right direction will be appreciated.:)

ThedhFanBoy1
  • 11
  • 2
  • 1
    You might want to check out the `IdentityDbContext` – Stefan Feb 10 '16 at 12:43
  • 1
    _"find a way to convert my already saved passwords into hashed passwords"_ - this indicates that you are not storing hashed passwords yourself, I hope that's not the case! – Trevor Pilley Feb 10 '16 at 12:48
  • @Stefan thanks for your help, I checked it alreay all I can fo from it is to change the DefaultConnection into another connection string which I already did from the web.config – ThedhFanBoy1 Feb 10 '16 at 12:50
  • @TrevorPilley It's not me actually it's the company I am doing this project for, no the don't hash the passwords since they only access them locally not over the internet , now that they want a way to connect from an android device this caused the problem – ThedhFanBoy1 Feb 10 '16 at 12:53
  • If the company let the user pick their own password then this is an unethical way of storing private user data. – Stefan Feb 10 '16 at 12:55
  • Having said that, the `IdentityDbContext` let you extend the default generated user table. In this way you can create a 1:1 relation with an external user table. – Stefan Feb 10 '16 at 12:56
  • @ThedhFanBoy1: pfff... happy to hear that :-) – Stefan Feb 10 '16 at 12:57
  • actually they don't let them choose it, they are a graphic design company which don't know anything about this stuff;. – ThedhFanBoy1 Feb 10 '16 at 12:58
  • @Stefan anyway that i can find a place to start for modifying the IdentityDbContext ? any further help will be appreciated :) – ThedhFanBoy1 Feb 10 '16 at 13:00
  • Here's a quite full setup: the key is to create a own `ApplicationUser` table, which you can extend in the typical EF way. http://stackoverflow.com/questions/22051140/asp-net-identity-identitydbcontexttuser-causing-problems-for-fields-added-to – Stefan Feb 10 '16 at 13:04
  • If you have that you can rewire the login routine to validate against the other username and password. – Stefan Feb 10 '16 at 13:05
  • @Stefan I will check it right away thanks a lot :) – ThedhFanBoy1 Feb 10 '16 at 13:06

0 Answers0