Hashed passwords and entity structure

Question

Hashed passwords and entity structure

I have a Users table and the HashedPassword column is of binary type (16). It was used to store the MD5 hash. To create the hash, I created a couple of stored procedures: CreateUser, EditUser, and LoginUser. They have a parameter that takes the password in plaintext, converts it to an MD5 hash, and stores / views the hash in a table.

The problem is, how do I fit this into the entity structure? I tried to create an additional password field in the User object and then I connect that field to the stored procedures, but I get an error stating that this new Password field is not connected to a column in the Users table.

I'm just getting started with Entity Framework, so I'm probably missing something obvious. Maybe I should keep the hash generation code in .net instead of the database.

+2

.net passwords entity-framework hash

ZippyV 04 oct. 09 at 15:44

source to share

2 answers

Have you looked at the Membership framework? It handles all the troubles of users, passwords, logins, roles and more.

Also, since I was assigned in previous posts , MD5 is not secure. AES or BCrypt are more secure hash methods today.

+1

Bob kaufman 04 oct. '09 at 15:53

source to share

Misha N. · Accepted Answer · 2009-10-04T17:08:25+0000

I think the easiest way is what you suggested: save the hash generation code in .net.

Not sure if it is possible to configure EDM to work the way you want, but decoupling the security logic, data access layer and storage layer sounds like logic to me.

Hashed passwords and entity structure

More articles: