Asp.Net login in c# application

StackOverflow https://stackoverflow.com/questions/19908757

  •  30-07-2022
  •  | 
  •  

Question

I have an Asp.Net web application which uses Asp.Net Membership to login. Now I am building a desktop-application and I want the users to login in the desktop application securely using their website account.

I started with a WCF service on the web, the username, password hashed with SHA256, but now I don't know how to check if the password is correct. Asp.Net Membership also use a salt to the store the passwords. How can I do this?

Was it helpful?

Solution

I would create a WCF service inside the ASP.NET webapp, which accepts cleartext username and password, and of course use transport-level encryption. In this service, I would call the MembershipProvider's ValidateUser() method.

Or you could implement a more secure authentication mechanism, but in that case, you should use your own MembershipProvider, because the default provider only accepts a cleartext password, and whatever it does with that is a secret, kind of.

The trick is that if you put your WCF service inside your webapp, then it will behave just like your browser clients. If you're using HTTPS for browser clients, then use the same HTTPS channel for WCF, and you're fine.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top