Note: This applies to WorkflowGen version 6.1 and later only.
The WorkflowGen 6.1 upgrade keeps the password management mode set to Version 5, as in previous versions of WorkflowGen.
However, if you change the password management mode to One-way Hashing (SHA256), passwords are no longer encrypted in the database. Instead, the database stores hashed passwords, and so it is impossible to decrypt or retrieve user passwords.
When a user first connects to WorkflowGen after the password management mode has been changed to One-way Hashing, WorkflowGen will automatically convert the user’s password to One-way Hashing (SHA256) mode.
If you change the password management mode back to Version 5, you must then reinitialize the passwords for all user accounts for which the mode was changed to One-way Hashing (SHA256).
If you have a custom HTTP module or Login.aspx authentication web form that verifies WorkflowGen passwords, implement the following code in your solution to authenticate users:
string passwordFromRequest = Request["password"];
// Get the user password sent from HTTP request string passwordFromDB = ...
// USERS.PASSWORD string saltFromDB = ...
// USERS.SALT
if (ConfigurationManager.AppSettings["ApplicationSecurityPasswordManagementMode"] == "OWH")
{
return Advantys.My.Security.CryptographyHelper.EncryptSHA256( saltFromDB + passwordFromRequest ) == passwordFromDB;
}
else {
return Advantys.My.Security.CryptographyHelper.MD5Decrypt( passwordFromDB ) == passwordFromRequest;
}
Note: A reference to the Advantys.My.Security.dll library is necessary in your solution.