Tagged: Security

2

ASP.Net MVC authentication against Windows Azure Active Directory (WAAD) with Access Control Services (ACS)

In this tutorial we are going to see how we can authenticate users who want to use our services with Windows Azure Active Directory (WAAD) through Access Control Services (ACS). This tutorial is going to narrate a step by step process, I personally suggest to implement all steps in order wise.

Windows Azure Active Directory (Windows Azure AD) is a modern, REST-based service that provides identity management and access control capabilities for your cloud applications. In simple words it is a service that is made available through Windows Azure so that you can manage your organization’s cloud directory where Microsoft is going to take care of AD’s scalability.

11

ASP.Net MVC–Simple Application Security using Password Hashing before storing it to Database

The intended application got some secured products in the Sql DB (here the table is Products). Users can login to the DB and can only retrieve products thorough MVC Application. So User first needs to Register to the application, then he can login to the application to retrieves the secured information of the products.

The main attention of the complete process flow is “Registration”, especially Password field. Storing Password as a string into DB is considered as not a good practice, so first we generate a Password Salt using Cryptography, then we use the original Password String along with Password Salt to hash it into a more secured format using a Hashing algorithm. and finally it is stored in the Users table of Sql DB.

While Authenticating User, we get the Password String from User login, then check the DB for Username, get the User Entity from the DB, fetch the Password Salt associated with the User, Combine the Password string and Password Salt to generate the Password Hash, then finally cross check the generated Hash with that of the DB version. If both matches, Authenticate the user or else notify him as Invalid Login.