How to validate the data like Username , Password?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
How to validate the data like Username , Password?
How to validate the data like Username , Password?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
You would need to have users set that through a Mashup so you can use a service to verify it before applying it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Can you please give more details ? Would the service "Resources["EncryptionServices"].EncryptPropertyValue(params);" be useful to compare password ? (How to set an attribute with type PASSWORD ?​).
I have some use-cases which would need to validate manually username and password, instead of using the FormLogin page. One of the use-cases is one common login for an organization, then users will only chose his name from a users list and validate to continue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Here's how I do it.
I have a admin user with an app key ("appkeyap-pkey-appk-eyap-pkeyappkeyap"). Then, I have a service which takes a username and an unencrypted password, and returns a boolean. This service retrieves the user record via REST API, encrypts the incoming password, and compares it to the stored password.
var result = false;
var appKey = "appkeyap-pkey-appk-eyap-pkeyappkeyap";
if(username && Users[username]) try
{
var exportUrl = "http://127.0.0.1:8080/Thingworx/Users/"+username+"?appKey="+appKey+"&Accept=application/json";
var user = Resources.ContentLoaderFunctions.LoadJSON({ url : exportUrl });
var correct = user.password;
result = encryptString(password||"") === correct;
} catch (_) {/* don't care */}
This code was written a long time ago, and at the time, the password hash was only available on the exported User record (via REST API); you might need to adjust settings for the REST API to use this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Hey Chad, pretty cool.
However this has major security implications, it basically puts all user names and passwords at risk to anyone that might lift the appkey from your URL/REST POST
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Well, if we could validate credentials without logging in or having to export the whole user, then we'd do that. At least the implementation is local-to-local, so it doesn't leave the local network; and since it's loopback, it might not even leave the machine.
However, it would certainly be a bad idea to do this over the internet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Pai said "You would need to have users set that through a Mashup so you can use a service to verify it before applying it."
Does anyone know which service he talked about ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Notify Moderator
Run a Regular Expression check (RegEx) and then you can use AssignNewPassword which can only be used by Admin and Security Admin