Reputation: 18577
Passwords (Bcrypt.Net) + WCF
Let's say we have a client that connects to a server over WCF:
Server <---WCF---> Client
The user needs to log in via username + password. What is the best practice to verify the password of the client?
Do I just hash the password at the client and send the hashed password over the wire, like this:
// client:
return BCrypt.Net.BCrypt.HashPassword(password, BCrypt.Net.BCrypt.GenerateSalt(xx));
Is there another way, because sending a password over the wire and hash it at the server doesn't look the smartest thing. Is it ok to send a hash over the wire?
Upvotes: 1
Views: 189
Answers (1)
Reputation: 5819
... at least it's a common way. Anyway you should try to ensure that https is used to even be more secure...
Another possibility would be to use integrated security mechanisms provided by WCF itself .
EDIT: I would like to share the Credit with @Corak as he mentioned pulic key encription as a secure and smart way to handle this scenario.
Upvotes: 1
Related Questions
- WCF security authentication
- WCF: Simple security by passing a password to every method
- WCF Security Using Windows Authentication
- Login using WCF service application on a asp.net web application
- Encrypt WCF message password
- WCF and Windows authentication
- wcf authentication and encryption
- WCF authentication
- WCF/ASP.NET Authentication
- WCF Service, Windows Authentication