Contents Index authenticate_user connection event begin_connection connection event

MobiLink Synchronization Reference
  Synchronization Events

authenticate_user_hashed connection event


Function 

Implements a custom user authentication mechanism.

Parameters 

In the following table, the description provides the SQL data type. If you are writing your script in Java or .NET, you should use the appropriate corresponding data type. See SQL-Java data types and SQL-.NET data types.

Event parameters are optional only if no subsequent parameters are specified. For example, you must use parameter 1 if you want to use parameter 2.

Item Parameter Description
1 auth_status INTEGER. This is an INOUT parameter.
2 ml_username VARCHAR(128).
3 hashed_user_password BINARY(20). If the user does not supply a password, this is NULL.
4 hashed_new_password BINARY(20). If the user does not change their password, this is NULL.
Default action 

Use MobiLink built-in user authentication mechanism.

Description 

This event is identical to authenticate_user except for the passwords, which are in the same hashed form as those stored in the ml_user.hashed_password column. Passing the passwords in hashed form provides increased security.

A one-way hash is used. A one-way hash takes a password and converts it to a byte sequence that is (essentially) unique to each possible password. The one-way hash lets password authentication take place without having to store the actual password in the consolidated database.

When the two authentication scripts are both defined, and both scripts return different auth_status codes, the higher value is used.

See also 

Authenticating MobiLink Users

Custom user authentication

authenticate_user connection event

authenticate_parameters connection event

SQL example 

A typical authenticate_user_hashed script is a call to a stored procedure. The order of the parameters in the call must match the order above. In an Adaptive Server Anywhere consolidated database, the script could be as follows.

call my_auth ( ?, ?, ? )

The following Adaptive Server Anywhere stored procedure uses both the user name and password to authenticate. The procedure ensures only that the supplied user name is one of the employee IDs listed in the ULEmployee table. The procedure assumes that the Employee table has a binary(20) column called hashed_pwd.

CREATE PROCEDURE my_auth( 
  inout @auth_status integer, 
  in @user_name varchar(128), 
  in @hpwd binary(20) )
begin
  if exists
  ( select * from ulemployee
    where emp_id = @user_name
      and hashed_pwd = @hpwd )
  then
    message 'OK' type info to client;
    return 1000;
    else
    message 'Not OK' type info to client;
    return 4000;
  end if
end

Java example 

The following stored procedure call registers a Java method called authUserHashed as the script for the authenticate_user_hashed event when synchronizing the script version ver1. This syntax is for Adaptive Server Anywhere consolidated databases.

call ml_add_java_connection_script(
   'ver1', 'authenticate_user_hashed',
   'ExamplePackage.ExampleClass.authUserHashed)

Following is the sample Java method authUserHashed. It calls Java functions that check and, if needed, change the user's password.

public String authUserHashed(
   ianywhere.ml.script.InOutInteger authStatus,
   String user, byte pwd[], byte newPwd[] )
  throws java.sql.SQLException
{  // in a real authenticate_user_hashed handler, we
   // would handle more auth code states
   _curUser = user;
   if( checkPwdHashed( user, pwd ) ) {
   // auth successful
     if( newPwd != null )
     {  // pwd is being changed
        if( changePwdHashed( user, pwd, newPwd ) )
        {  // auth ok and pwd change ok use custom code
           authStatus.setValue( 1001 ); }
        else
        { // auth ok but pwd change failed.
          // Use custom code
          java.lang.System.err.println( "user: " + user
            + " pwd change failed!" );
          authStatus.setValue( 1002 ); } }
   else {  authStatus.setValue( 1000 ); } }
   else {  // auth failed
        authStatus.setValue( 4000 ); }
   return( null ); }
.NET example 

The following stored procedure call registers a .NET method called AuthUserHashed as the script for the authenticate_user_hashed connection event when synchronizing the script version ver1. This syntax is for Adaptive Server Anywhere consolidated databases.

call ml_add_dnet_connection_script(
   'ver1',
   'authenticate_user_hashed',
   'TestScripts.Test.AuthUserHashed'
)

Following is the C# signature for the call AuthUserHashed.

public void AuthUserHashed(
   ref int authStatus,
   string user,
   byte[] pwd,
   byte[] newPwd )

Contents Index authenticate_user connection event begin_connection connection event