I need to authenticate a user from OUTSIDE of Aware, against his Aware password

Jaymer

I'm having a VERY hard time using Aware as a back-end to Appgyver.
I have several major issues, so I was going to just abandon Aware as my REST provider and just use NodeJS.

NOW, the problem I have is with authentication.
I will definitely have users that are native Aware users... so their password is encoded by Aware's algorithm.

Some of those users will ALSO login with my native phone app - and my NodeJS authorization endpoint will receive a username and password.
That queries the MSSQL backend to authenticate.
So how do I see if the submitted password matches the encrypted password in MSSQL?

When I was passing in a PW to an Aware service, I was using the PWD_ENCRYPT() function to compare that result with the stored PW, but I don't have access to this from outside Aware.

joben

Interesting, and completely undocumented as far as I know.

This will not answer your question but might give some ideas whats going on.

The default Administrator account password is a plain MD5 hash:
password = 5f4dcc3b5aa765d61d8327deb882cf99

However, the new users don't get plain MD5 hashes. The key length is the same so I guess this is still MD5. So either the input modified before hashing, or the MD5 algorithm for the new accounts runs slightly different, like multiple passes. Or a combination of both. I think the first option is the correct one.

The user accounts lack an individual salt. So if you have multiple users with the same password, the hash will be the same.
Here is my theory of what is going on, would be great if any dev could confirm this:

password -> passwordSecretKey123 -> default MD5 Hash algorithm -> output hash
monkey -> monkeySecretKey123 -> default MD5 Hash algorithm -> output hash
toaster -> toasterSecretKey123 -> default MD5 Hash algorithm -> output hash

So in theory, if you could only acquire the "SecretKey123" part, it would probably be pretty easy to come up with an authentication solution.

mohd.documents

Interesting topic, I have the same problem.

RLJB

Did anyone solve this?

Have exactly the same need and issue

Tks.