BPMForm Password Authentication

Epicor ERP 10
,
1

Am I missing the boat or did something drastically change in BPM Forms and the Password authentication functionality.
In E9 when you added the Password check functionality to a BPM Form, if the user typed in the wrong password you would get an actual Exception which would / could halt processing of the rest of the BPM.

In E10.1.XX when you setup the BPM DataForm to Prompt for a password as shown

image.png584×523 47.1 KB

The form will indeed prompt you and check the password


However after clicking OK… the rest of the BPM continues to execute with no way for you to check if the password was indeed valid…

Does anyone have any input here? Am I missing something? Shouldn’t the password validation cause an actual exception or at least return a validation status back to the BPM so that an action can be taken?

2

Hi Jose,
did you find out anything about this? the behaviour is the same (not responding as expected).

regards,

Jos

3

Yeah its “Broke” you have to code around it :frowning:

using Epicor.Security.Cryptography.SHA;
 
if(Hasher.VerifyHash(base.callContextBpmData.Password, this.GetPasswordBySystemUserId(Db, callContextClient.CurrentUserId), "SHA256"))
{
//Valid
}
else
{
//Invalid
}
4

I just tested this on 10.2.300.16 and whatever bug there was seems to be fixed. The BPM stopped for me without additional workarounds required.

1 Like
5

I am having a similar problem when upgrading to Epicor Kinetic
My BPM starts off with this statement
var userSvc = Ice.Assemblies.ServiceRenderer.GetService<Ice.Contracts.UserFileSvcContract>(Db);
bool correctPass = userSvc.ValidatePassword(Session.UserID, callContextBpmData.Password);

My code is erroring out in the second line. The error is -
warning ECF1001: The use of the ‘bool Ice.Contracts.UserFileSvcContract.ValidatePassword(string userID, string password)’ method is restricted.