Hello!
I'm wanted to try my hand w/ Radzen and my current photo-hosting platform. They have a well documented API and going through their documentation leads me to this page for Authentication...
I checked the linked article but couldn't find any code example that shows how to authenticate. How does one use the API? There is this snippet: PasswordHash := SHA-256(PasswordSalt, UTF-8(password)) but it looks as pseudo code (or is using some programming language I am not familiar with).
@mumfie - thanks for the reply! I'm actually using a modified version of that code!
It's in C# and I'm having a hard time figuring out how to duplicate the API login using Radzen...
Hello @korchev, thanks for the reply!
I'm actually using a modified version of their sample code. It's in C#. Within the solution they've add a web reference to the API (screen shot attached)
Here is the code that is used to Authenticate...
/// <summary>
/// Computes salted data hash
/// </summary>
/// <param name="data">Data to hash</param>
/// <param name="salt">Salt</param>
/// <returns>Computed SHA-256 hash of salt+data pair</returns>
private static byte[] HashData(byte[] salt, byte[] data)
{
byte[] buffer = new byte[data.Length + salt.Length];
salt.CopyTo(buffer, 0);
data.CopyTo(buffer, salt.Length);
return new SHA256Managed().ComputeHash(buffer);
}
/// <summary>
/// Logs into Zenfolio API
/// </summary>
/// <param name="loginName">User's login name</param>
/// <param name="password">User's password</param>
/// <returns>True if login was successful, false otherwise.</returns>
public bool Login(string loginName, string password)
{
// Get API challenge
Zenfolio.Examples.Browser.ZfApiRef.AuthChallenge ch = this.GetChallenge(loginName);
// Extract and hash password bytes
byte[] passwordHash = HashData(ch.PasswordSalt, Encoding.UTF8.GetBytes(password));
// Compute secret proof
byte[] proof = HashData(ch.Challenge, passwordHash);
// Authenticate
try
{
_token = this.Authenticate(ch.Challenge, proof);
return _token != null;
}
catch
{
// Swallow all exceptions and return false
}
return false;
}
Their documentation also shows that I could use "Plain Text Authentication"...perhaps this is a better approach?