Security/Login to existing Database

dplx11 · September 5, 2021, 1:47pm

Hey,

I am trying to authenticate an exisiting user-table in a MySQL DB: I have to compute a Hash based on UserID, Password and a “ServerID” from another table. So far so good, I generate the correct string, but the authentication always fails. I checked the DB twice, the Hash is exactly the same. But in the DB the Hash is stored as an “BLOB”. Is there an issue with Blob-fields for the security provider?

These are my steps. The commented-out line is just a “Debug” Message for me to check the computed Hash.

Greets Dennis

Dave · September 5, 2021, 2:42pm

Welcome to the Community Dennis!
You need to add your Security Provider as the first step, no need to verify the hash and send back the response as the Provider does this all for you.

A simple ‘login’ routine so you have an idea (we use the Validate step to ensure the actual account exists, the username for example, but is not a necessary step, just one we like to employ, nor is the repeat for setting sessions necessary either):

dplx11 · September 5, 2021, 3:11pm

Hey Dave,

thanks for your advice - I already had the Security Provider configured:

grafik

In the User-Table the Password is not stored as clear-text. It’s a SHA256 of “Password+UserID+ServerID”.

So in the Steps I gather the UserID and the ServerID and put them together. The Security Login gets that Value as “PassHash1.sha256().lowercase()” in the Password-Field. (I already checked the output of PassHash1.sha256().lowercase(), it’s the same like in the DB.

The “Password” Field in the DB is of type “BLOB” (poorly designed…) and I think there might be a problem fot the Check in “Security Login”, because even after I added the Security Provider I get a 401 every time.

Thanks for your help, Dennis

dplx11 · September 5, 2021, 8:52pm

I tried it with an usual “Varchar” Column - it works like a charm (copied the BLOB string into that field), but that means it will not work with the BLOB Column anyway?