Help w/ Challenge-Response Authentication


#1

Hello!
I'm wanted to try my hand w/ Radzen and my current photo-hosting platform. They have a well documented API and going through their documentation leads me to this page for Authentication...

https://www.zenfolio.com/zf/help/api/guide/auth/auth-challenge

However, I'm struggling to understand how to implement this w/in Radzen.

Any help would be greatly appreciated!


#2

Hi @ihayes916,

I checked the linked article but couldn't find any code example that shows how to authenticate. How does one use the API? There is this snippet: PasswordHash := SHA-256(PasswordSalt, UTF-8(password)) but it looks as pseudo code (or is using some programming language I am not familiar with).


#3

I have not tried it but there is sample code in ZenfolioClient.cs Login method available at
https://www.zenfolio.com/zf/help/api/examples/browser

Not sure if that helps?


#4

@mumfie - thanks for the reply! I'm actually using a modified version of that code! :slight_smile:
It's in C# and I'm having a hard time figuring out how to duplicate the API login using Radzen...


#5

Hello @korchev, thanks for the reply!
I'm actually using a modified version of their sample code. It's in C#. Within the solution they've add a web reference to the API (screen shot attached)

ZF%20API%20Refrence

Here is the code that is used to Authenticate...

    /// <summary>
    /// Computes salted data hash
    /// </summary>
    /// <param name="data">Data to hash</param>
    /// <param name="salt">Salt</param>
    /// <returns>Computed SHA-256 hash of salt+data pair</returns>
    private static byte[] HashData(byte[] salt, byte[] data)
    {
        byte[] buffer = new byte[data.Length + salt.Length];
        salt.CopyTo(buffer, 0);
        data.CopyTo(buffer, salt.Length);
        return new SHA256Managed().ComputeHash(buffer);
    }

    /// <summary>
    /// Logs into Zenfolio API
    /// </summary>
    /// <param name="loginName">User's login name</param>
    /// <param name="password">User's password</param>
    /// <returns>True if login was successful, false otherwise.</returns>
    public bool Login(string loginName, string password)
    {
        // Get API challenge
        Zenfolio.Examples.Browser.ZfApiRef.AuthChallenge ch = this.GetChallenge(loginName);

        // Extract and hash password bytes
        byte[] passwordHash = HashData(ch.PasswordSalt, Encoding.UTF8.GetBytes(password));

        // Compute secret proof
        byte[] proof = HashData(ch.Challenge, passwordHash);

        // Authenticate
        try
        {
            _token = this.Authenticate(ch.Challenge, proof);
            return _token != null;
        }
        catch
        {
            // Swallow all exceptions and return false
        }

        return false;
    }

Their documentation also shows that I could use "Plain Text Authentication"...perhaps this is a better approach?

https://www.zenfolio.com/zf/help/api/guide/auth/auth-plain
http://api.zenfolio.com/api/1.7/zfapi.asmx?op=AuthenticatePlain

Again...thanks for the help!