Override HashPassword method?

When I move all my users over to LitiumI would like to also move the passwords. For this, to work I need to implement custom HashPassword logic. Can I simply override the HashPassword method somehow in the accelerator? Or do I need to write completly custom login logic?

Litium version: 6.2

It is possible to override or better create a ServiceDecorator so both your logic and the standard logic in the platform is working. The service you looking for is Litium.Security.PasswordService.

In the platform we have an old password format, when that was converted into newer format we was simply prefixing all of these passwords with an ! so we know that we should use old password algoritm and if the paasword hash was matching the old password format and matching the entered password we returned the SuccessRehashNeeded status, then the platform will handle hash the password and update the stored password hash to the newer format.

1 Like

Thank you, is there any way to get a peek at that code? This is the exact logick am looking to build.
This is the first time that I’m coding against a DLL api, so I don’t really understand the process of extending and i’ll probably need to do some Googeling but simply put: Can I just make a normal class extending Litium.Security.PasswordService and override the method found in the meta data? Just like I normaly whoyld?

We have some documentation that will describe the basic concept how it is done in Litium, https://docs.litium.com/documentation/architecture/dependency-injection/service-decorator

If we should create a decorator for the PasswordService it will look as this example

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using JetBrains.Annotations;
using Litium.Runtime.DependencyInjection;
using Litium.Security;

namespace Litium.Accelerator.Mvc.App_Start
{
    [ServiceDecorator(typeof(PasswordService))]
    public class MyPasswordServiceDecorator : PasswordService
    {
        private readonly PasswordService _next;

        public MyPasswordServiceDecorator(PasswordService next)
        {
            _next = next;
        }

        public override string HashPassword([NotNull] string password)
        {
            return _next.HashPassword(password);
        }

        public override bool ValidateComplexity([NotNull] string password)
        {
            return _next.ValidateComplexity(password);
        }

        public override bool VerifyHashedPassword([NotNull] string hashedPassword, [NotNull] string providedPassword)
        {
            if (hashedPassword.StartsWith("!"))
            {
                var oldHash = hashedPassword.Substring(1);
                if (oldHash == CreateOldHash(providedPassword))
                {
                    return true;
                }

                return false;
            }

            return _next.VerifyHashedPassword(hashedPassword, providedPassword);
        }

        private string CreateOldHash(string providedPassword)
        {
            return string.Join("", providedPassword.Reverse());
        }
    }
}
1 Like

Fantastic thank a lot! And to import the users I basically create a list of UserCarriers and use the EncryptedPassword property? Setting it to uc.EncryptedPassword = “!”+oldpassword; and use IUserDataProvider.CreateUsers Method?

In Litium 6 we was rebuilding the customer module where all users now is stored so you need to use the Litium.Customers.Person object together with the Litium.Customers.PersonService (of Litium.Data.DataService.CreateBatch()` and use the batch API https://docs.litium.com/documentation/architecture/data-service).

The hashed password is nothing that will exists in the API so you can add/update it manually. Think you need to set that in the database directly after you imported all persons, database table Security.PasswordLoginInfo.

I don’t think you should use the letter ! as prefix so it not will go in conflict with the old password validations that already exists in the product, use instead a * or any other letter that is a special character.