 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / August 2004Hashed passwords
OK, so I'm sending hashed passwords back and forth and it's cool. I want to store the hashed password in my database, for obvious security reasons (well, obvious now that I've read about them!) What's the best way to go about putting the hashed password in for an account? I assume I should make a password generator that accepts a username/password (& whatever other details I need - company, active/inactive, etc), hashes the password, and inserts it into the database. What hash method do I use so it matches up with the WSE hashed password in the SOAP message? Thanks! -Ben Hi Ben, I have blog on something like this here. Real World UsernameToken Authentication Scenarios with WSE2.0 RTM http://dotnetjunkies.com/WebLog/softwaremaker/archive/2004/06/10/16012.aspx hth.  SignatureThank you very much Warmest Regards, Softwaremaker Architect | Evangelist | Consultant +++++++++++++++++++++++++++++++++ > OK, so I'm sending hashed passwords back and forth and it's cool. I > want to store the hashed password in my database, for obvious security [quoted text clipped - 11 lines] > Thanks! > -Ben > Hi Ben, > [quoted text clipped - 3 lines] > > hth. Thanks again Softwaremaker. I'll have to give this a more thorough reading tomorrow. Looks like a very practical writeup. -Ben Encrypting the username token using the public key of the server ensures that the password is encrypted in the request to the server. What happens when the response from the server is sent to the client ? I have looked athe the trace the output tace at the client has no password in clear text. But the input trace on the client has a clear text password. Can somebody help with this. ( I am using a policy file to encrypt the password <wssp:Confidentiality><wssp:MessageParts> tags.) Regards Jag > > Hi Ben, > > > > I have blog on something like this here. > > Real World UsernameToken Authentication Scenarios with WSE2.0 RTM http://dotnetjunkies.com/WebLog/softwaremaker/archive/2004/06/10/16012.aspx > > hth. > > > Thanks again Softwaremaker. I'll have to give this a more thorough > reading tomorrow. Looks like a very practical writeup. > > -Ben Hi Jag, I have responded to your email and query here. http://dotnetjunkies.com/WebLog/softwaremaker/archive/2004/08/06/21271.aspx hth. SignatureThank you very much Warmest Regards, Softwaremaker Architect | Evangelist | Consultant +++++++++++++++++++++++++++++++++ > Encrypting the username token using the public key of the server ensures > that the password is encrypted in the request to the server. What happens [quoted text clipped - 11 lines] > > > I have blog on something like this here. > > > Real World UsernameToken Authentication Scenarios with WSE2.0 RTM http://dotnetjunkies.com/WebLog/softwaremaker/archive/2004/06/10/16012.aspx > > > hth. > > > > > Thanks again Softwaremaker. I'll have to give this a more thorough > > reading tomorrow. Looks like a very practical writeup. > > > > -Ben Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.