Home/ Questions/Q 700505
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T03:30:20+00:00

I have a RESTful API containing a URI of /UserService/Register. /UserService/Register takes an XML

  • 0

I have a RESTful API containing a URI of /UserService/Register. /UserService/Register takes an XML request such as:

<UserRegistrationRequest>
  <Password>password</Password>
  <Profile>
    <User>
      <UserName>username</UserName>
    </User>
  </Profile>
</UserRegistrationRequest>

I have the following questions given the above scenario:

  1. Is there a way (using C# and .Net 3.5+) of enforcing/validating that clients calling Register are passing a hashed password rather than plaintext? Is leaving the choice of hashing algorithm to be used to the client a good idea?

  2. We could provide a second URI of /UserService/ComputePasswordHash which the client would call before calling /UserService/Register. This has the benefit of ensuring that each password is hashed using the same algorithm. Is there a mechanism within REST to ensure that a client has called one URI before calling another?

Hope I’ve explained myself ok.

Many thanks in advance for any help.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Passing a hashed password in a REST service isn’t more secure than clear password. If the password gets sniffed it doesn’t matter if it’s hashed or not, it can be used.

    Best thing to do is hash the password on server and accept secure connections only (SSL/https)

    • 0