Password migration?

We have implemented a PasswordServiceDecorator to allow for password migrations and as per an example in this forum, we try to override VerifyHashedPassword to check for a password prefix and use custom logic.

But before I get to the VerifyHashedPassword breakpoint the PasswordSignIn throws an exception becasue of a invalid * sign in the password has:

var result = _authenticationService.PasswordSignIn(loginName, password, newPassword);

Undantagsinformation: System.FormatException: Indata är ingen giltig Base-64-sträng eftersom den innehåller ett tecken som inte har Base-64-format, fler än två utfyllnadstecken eller ett ogiltigt tecken som inte är ett blankstegstecken.

Do I need to create a AuthenticationServiceDecorator aswell?

Update: The VerifyHashedPassword don’t seem to be called at all, not even on successful logins, something has changed in litium 7 right? The decoratior works when creating new users, but never ends up in VerifyHashedPassword

Litium version: 7.1

It’s little different ways the code is executed and sometimes (some methods) are using the PasswordService and other are using the Litium.Application.Security.Cryptography.PasswordHasher directly. The later of them is used in both cases but I think that class not allows decorating with new logic and instead you need to inherit and make an derivied implementation (you mean in that case need to set remove the default type in web.config section litium\foundation\plugins\types to ensure correct class is loaded).

The PasswordService service only return an bool that contains the result of the hash, the PasswordHasher return an enum that have an option to set that the password need to be rehashed and the AuthenticationService is then automatic handle the rehashing and updating the database with updated password hash.

Thanks, but i don’t realt understand the web config part,

Should i add the newly created type here?

                <assemblies>
                </assemblies>
                <types>
                </types>
            </plugins> 

Or do I need to create some kind of replacement mapping for `Litium.Application.Security.Cryptography.PasswordHasher to my extention?

Edit: Ok it seams to work without doing anyting with the web.config but if you have time to explain, pleas do :slight_smile:

We have some description on https://docs.litium.com/documentation/get-started/web_config#plugins hope it will help to understand; otherwise you can create a new thread about the subject and we continue in that.

1 Like