How to authenticate with Entity Framework

Question

I have an Entity Framework model that contains the tables

apsnet_Users
aspnet_Memberships 

I want to check for the validation of username, and password in WCF library how to achieve that

Shall I add membership to the app.config, how to achieve something like that?

Best regards

Answer 1

I failed to use entity framework, and the other algorithms of authontications, so I used Membership with SQL directly , Microsaoft encrypt bu way so hard to retrieve

Answer 2

A basic (but secure) username/password database should have columns something like this:

UserName     - Text
PasswordSalt - Binary
PasswordHash - Binary

The user name can be stored as plain text.

The salt is a random string of bytes, preferably at least as long as the hash.

The password hash is the binary hash of the password + salt.

Here is the basic procedure when giving a user a new password. I will use SHA-256 hashing as an example.

1. Convert the desired password into a byte array.
2. Use a CSPRNG to generate another byte array, 32 bytes long. This is the salt.
3. Add the salt to the end of the password byte array.
4. Hash the password with SHA-256.
5. Store the salt in the database.
6. Store the password hash in the database.

Then when a user enters their password when logging in, this is the procedure.

1. Look up the user in the database.
2. Convert the entered password into a byte array.
3. Add the salt from the database to the end of the password byte array.
4. Hash the password with SHA-256.
5. If the hash matches the hash in the database, the password was correct.

This method of password authentication is the preferred method for high-security applications. It is not slow, nor very hard to implement. The best thing is, you can give the entire password table to anyone you please, and the most they will be able to do is pick a user and start guessing passwords.