#1 2017-01-16 17:07:53

yoanq
Member
Registered: 2013-01-03
Posts: 24

Authentication into legacy system

Hi ab,

We are trying to introduce Mormot in our legacy system. To do this we must address the issue of authentication. We have our own tables that are similar to those generated by TSQLAuthUser but excluding some fields. We don't have fields GROUPRIGHTS and DATA. There is a way to define the desired structure without having to modify the class bases of Mormot?

Offline

#2 2017-01-16 17:20:59

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: Authentication into legacy system

First read https://synopse.info/files/html/Synopse … #TITLE_538

Then https://tamingthemormot.wordpress.com/2 … word-hash/

Then define your own authentication class, or even set the OnAuthenticationUserRetrieve event handler to return a "fake" TSQLUser, created on the fly from your legacy system information.
See https://synopse.info/files/html/api-1.1 … C_68DB10E9

Offline

#3 2017-01-16 18:21:22

yoanq
Member
Registered: 2013-01-03
Posts: 24

Re: Authentication into legacy system

I would need to implement 3 things
  A descendant class of TSQLRestServerAuthenticationDefault implementing CheckPassword. Used for authentication in the server.
  A descendant of TSQLAuthUser and implement ComputeHashedPassword.
  Implement OnAuthenticationUserRetrieve to return the data of my users.

It's that correct?

Offline

#4 2017-01-16 18:59:40

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: Authentication into legacy system

If you implement CheckPassword, ComputeHashedPassword may not be mandatory.

Offline

#5 2017-01-16 19:22:32

yoanq
Member
Registered: 2013-01-03
Posts: 24

Re: Authentication into legacy system

If it does match the Database structure would only be necessary to implement ComputeHashedPassword?

Offline

#6 2017-01-16 20:26:01

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: Authentication into legacy system

It depends how the password is hashed.

Offline

#7 2017-01-16 20:34:34

yoanq
Member
Registered: 2013-01-03
Posts: 24

Re: Authentication into legacy system

Using MD5, not SHA256

Offline

Board footer

Powered by FluxBB