M
Michael Wittenburg
Hello,
Got this app that authenticates a user based on a username and password
being passed to a web service as a NetworkCredential object.
It works great.
Now I want the user to be able to log in when there is no connectivity, and
I do not want to store the username and password on the device. Up to 50
users may use a single device over a 12-month period.
So what I'm aiming for is to store a hash of the username and password
instead, and use that to authenticate the user locally if remote services
are unavailable.
To do this I'm using the following (simplified):
Dim x as NetworkCredential = New NetworkCredential("donald", "duck",
"disney")
Dim y as Integer = x.GetHashCode
....and then storing y on the device. When remote services are unavailable I
compare the hash value stored on the device to the hash value obtained from
the user's name and password. This satisfies the business requirement of
authenticating a user through a web service at least once before offline
access is made available.
BUT, and here's the question: is this use of GetHashCode technically
correct? My testing shows no problems with this approach, but I can find no
best practices documentation around NetworkCredential.GetHashCode, so am
wondering if my approach is the best option?
Any insights into this would be greatly appreciated.
Regards,
Mike
Got this app that authenticates a user based on a username and password
being passed to a web service as a NetworkCredential object.
It works great.
Now I want the user to be able to log in when there is no connectivity, and
I do not want to store the username and password on the device. Up to 50
users may use a single device over a 12-month period.
So what I'm aiming for is to store a hash of the username and password
instead, and use that to authenticate the user locally if remote services
are unavailable.
To do this I'm using the following (simplified):
Dim x as NetworkCredential = New NetworkCredential("donald", "duck",
"disney")
Dim y as Integer = x.GetHashCode
....and then storing y on the device. When remote services are unavailable I
compare the hash value stored on the device to the hash value obtained from
the user's name and password. This satisfies the business requirement of
authenticating a user through a web service at least once before offline
access is made available.
BUT, and here's the question: is this use of GetHashCode technically
correct? My testing shows no problems with this approach, but I can find no
best practices documentation around NetworkCredential.GetHashCode, so am
wondering if my approach is the best option?
Any insights into this would be greatly appreciated.
Regards,
Mike