If your project has the burden of storing user passwords, my new Authentication Kit project will make it easy.
https://github.com/thommcgrath/AuthenticationKit
Authentication Kit provides an easy to use Security Through Obesity and TOTP two factor authentication implementation. It can be integrated into existing classes/databases if you’ve already implemented Security Through Obesity manually.
TOTP two factor authentication allows users to pair a code generator such as Google Authenticator or 1Password with your login database. This works especially well with a QR code generator, such as the BarcodeGeneratorMBS class. TOTP is the same implementation companies like Microsoft and Dropbox use for their two factor authentication.
Authentication Kit is released under the MIT license.
Thanks for posting this.
I’ve implemented passwords before using your website post as a reference. Its a good example and very interesting read.

Since I made that post, finding a good way to generalize it into something reusable was something that has been in the back of my mind. I finally got inspired enough to make it happen. I have some more features I’d like to add, but baby steps. And with GitHub, I don’t have to wait for my work on my website to complete.
[quote=195564:@Stephen Thomas]Thanks for posting this.
I’ve implemented passwords before using your website post as a reference. Its a good example and very interesting read.
:)[/quote]
Same here and it works wonders!
Thanks for sharing Thom. Will tale a look at it! Didn’t know about mkdocs either…looking at that too 
When running the test app on Windows 7 and Windows 10 with Xojo 2015 r2.4 we are getting an error “Unable to validate user password” at the method Tester.ValidatePassword. This error does not occur on Mac. Not having any luck figuring out the issue. Has anyone used this on Windows successfully?
I’ll take a look this evening. It sounds a LOT like a bug I fixed a while ago though, so until I get back to you, just make sure you’re using the latest code from GitHub.
Just downloaded from GitHub today.
Well, bad news. It turns out that Xojo.Crypto.PBKDF2 is completely busted on Windows and always returns a different hash for the same inputs. I’ve got a demo project and will be filing a Feedback case in the morning.
I’m trying to stick to the new framework for this, but I may check in a version later in the day which uses the old framework as a workaround on Windows.
Edit: Sample project on Dropbox for now: https://www.dropbox.com/s/o8cj8lkvdja3rp7/PBKDF2.xojo_binary_project?dl=0
I should have mentioned that I did put out an update to work around the issue. https://github.com/thommcgrath/AuthenticationKit/releases
Hi, I’m completely new to web development, and have some experience in desktop development.
but I’m trying to use Authenticationkit for a local intranet app, for users to require to login, but what I can’t figure out is how do I link my controls (USERID and PASSWORD field with the SUMMIT Button) to this Authenticationkit?
if I could see an example app would help out a lot.
Thanks
Look in App.Run in the example project, the comments explain each step.
The short answer is you need to obtain an object implementing the AuthenticationKit.User interface from your validator implementation. That validator is entirely up to you, though the project contains a SQLiteUserStorage class.
So it’s basically
Dim User As AuthenticationKit.User = Validator.LookupUser(Username)
If User <> Nil Then
Dim Generator As AuthenticationKit.TwoFactorProfile
If Validator.ValidatePassword(User, Password, Iterations, Algorithm, Generator) Then
If Generator <> Nil Then
// Prompt for 2 factor authentication code
If Generator.Verify(TwoFactorCode) Then
// Successful login
Else
// Correct password, but failed 2FA
End If
Else
// 2FA not enabled for this user
// Successful login
End If
Else
// Incorrect password
End If
Else
// Incorrect username
End If
There’s a lot going on and a lot to be hooked up. Unfortunately, the nature of the topic means this can’t be a simple “drop in and go” kind of project.
1 Like
Thanks for the example, I will study through the comments.