Validate the DeviceId is semantically correct

[Ashthos]

I am attempting to validate that a DeviceId provided via a web form is valid - but I do not have access to the machine that the deviceId would have been generated.

I am attempting to check that the device Id provided is correct in that it could have been generated on a machine - and isn't simply a jumble of characters typed into the textbox.

Aside from checking the length and looking for invalid characters (Is there a list?), is there anything I can do to check the semantic correctness of the string? Does the length vary?

Many thanks for any help and for creating this great software!

[MatthewKing]

The format of the generated device ID is controlled by the formatter that you choose. See the documentation for more details. You can customize this however you want.

The default formatter for V6 of the DeviceId library is as follows:

new HashDeviceIdFormatter(ByteArrayHashers.Sha256, ByteArrayEncoders.Base32Crockford);

So, out-of-the-box, unless you've used a custom formatter, it'll always be a length 52 string, and it'll only have the Crockford Base32 characters in it (0123456789ABCDEFGHJKMNPQRSTVWXYZ).

You can easily plug in your own formatter and add a checksum or similar if you wanted.

Hope this helps.