public TokenViewModel GenerateToken(int userID, string username, string password, string ip, string userAgent, long ticks)
{
string hash = string.Join(":", new string[] { username, ip, userAgent, ticks.ToString() });
string hashLeft = "";
string hashRight = "";
using (HMAC hmac = HMACSHA256.Create(_alg))
{
hmac.Key = Encoding.UTF8.GetBytes(GetHashedPassword(password));
hmac.ComputeHash(Encoding.UTF8.GetBytes(hash));
hashLeft = Convert.ToBase64String(hmac.Hash);
hashRight = string.Join(":", new string[] { username, ticks.ToString() });
}
string tokenString = Convert.ToBase64String(Encoding.UTF8.GetBytes(string.Join(":", hashLeft, hashRight)));
var issuedOn = DateTime.Now;
var token = new Token
{
UserId = userID,
TokenString = tokenString,
IssuedOn = issuedOn,
ExpiresIn = 86400
};
_tokenRepository.Add(token);
_unitOfWork.SaveChanges();
return(Mapper.Map <Token, TokenViewModel>(token));
}
/// <summary>
/// Generates a token based on username, passwords and timestamp.
/// </summary>
/// <param name="username">The username.</param>
/// <param name="password">The password.</param>
/// <param name="timestamp">The timestamp.</param>
/// <param name="userId">The user identifier.</param>
/// <returns></returns>
public static string GenerateToken(string username, string password, DateTime timestamp, int userId)
{
//Getting strings from parameter
string hash = username + timestamp.ToString() + password;
string firstHash = "";
string secondHash = "";
//Creating a
using (HMAC hmac = HMACSHA256.Create(_alg))
{
hmac.Key = Encoding.UTF8.GetBytes(password);
hmac.ComputeHash(Encoding.UTF8.GetBytes(hash));
firstHash = Convert.ToBase64String(hmac.Hash);
secondHash = username + ":" + timestamp.ToString();
}
//Adding hash values together
var token = Convert.ToBase64String(Encoding.UTF8.GetBytes(firstHash + ":" + secondHash));
//If this code was complete, it would be possible to decode it using the same rules.
return(token);
}
public void Hash(byte[] temp)
{
using var DSACng = new DSACng(10); // Noncompliant {{Make sure this weak hash algorithm is not used in a sensitive context here.}}
// ^^^^^^^^^^^^^^
using var DSACryptoServiceProvider = new DSACryptoServiceProvider(); // Noncompliant
using var DSACreate = DSA.Create(); // Noncompliant
using var DSACreateWithParam = DSA.Create("DSA"); // Noncompliant
using var DSACreateFromName = (AsymmetricAlgorithm)CryptoConfig.CreateFromName("DSA"); // Noncompliant
using var DSAAsymmetricAlgorithm = AsymmetricAlgorithm.Create("DSA"); // Noncompliant
using var DSAAsymmetricAlgorithmWithNamespace = AsymmetricAlgorithm.Create("System.Security.Cryptography.DSA"); // Noncompliant
using var HMACCreate = HMAC.Create(); // Noncompliant
using var HMACCreateWithParam = HMAC.Create("HMACMD5"); // Noncompliant
using var HMACMD5 = new HMACMD5(); // Noncompliant
using var HMACMD5Create = HMACMD5.Create(); // Noncompliant
using var HMACMD5CreateWithParam = HMACMD5.Create("HMACMD5"); // Noncompliant
using var HMACMD5KeyedHashAlgorithm = KeyedHashAlgorithm.Create("HMACMD5"); // Noncompliant
using var HMACMD5KeyedHashAlgorithmWithNamespace = KeyedHashAlgorithm.Create("System.Security.Cryptography.HMACMD5"); // Noncompliant
using var HMACMD5CryptoConfig = (HashAlgorithm)CryptoConfig.CreateFromName("HMACMD5"); // Noncompliant
using var HMACSHA1 = new HMACSHA1(); // Noncompliant
using var HMACSHA1Create = HMACMD5.Create(); // Noncompliant
using var HMACSHA1CreateWithParam = HMACMD5.Create("HMACSHA1"); // Noncompliant
using var HMACSHA1KeyedHashAlgorithm = KeyedHashAlgorithm.Create("HMACSHA1"); // Noncompliant
using var HMACSHA1KeyedHashAlgorithmWithNamespace = KeyedHashAlgorithm.Create("System.Security.Cryptography.HMACSHA1"); // Noncompliant
using var HMACSHA1CryptoConfig = (HashAlgorithm)CryptoConfig.CreateFromName("HMACSHA1"); // Noncompliant
using var HMACSHA256Create = HMACSHA256.Create("HMACSHA256");
using var HMACSHA256KeyedHashAlgorithm = KeyedHashAlgorithm.Create("HMACSHA256");
using var HMACSHA256KeyedHashAlgorithmWithNamespace = KeyedHashAlgorithm.Create("System.Security.Cryptography.HMACSHA256");
using var HMACSHA256CryptoConfig = (HashAlgorithm)CryptoConfig.CreateFromName("HMACSHA256");
using var MD5CryptoServiceProvider = new MD5CryptoServiceProvider(); // Noncompliant
using var MD5CryptoConfig = (HashAlgorithm)CryptoConfig.CreateFromName("MD5"); // Noncompliant
using var MD5HashAlgorithm = HashAlgorithm.Create("MD5"); // Noncompliant
using var MD5HashAlgorithmWithNamespace = HashAlgorithm.Create("System.Security.Cryptography.MD5"); // Noncompliant
using var MD5Create = MD5.Create(); // Noncompliant
using var MD5CreateWithParam = MD5.Create("MD5"); // Noncompliant
using var SHA1Managed = new SHA1Managed(); // Noncompliant
using var SHA1Create = SHA1.Create(); // Noncompliant
using var SHA1CreateWithParam = SHA1.Create("SHA1"); // Noncompliant
using var SHA1HashAlgorithm = HashAlgorithm.Create("SHA1"); // Noncompliant
using var SHA1HashAlgorithmWithNamespace = HashAlgorithm.Create("System.Security.Cryptography.SHA1"); // Noncompliant
using var SHA1CryptoServiceProvider = new SHA1CryptoServiceProvider(); // Noncompliant
using var sha256Managed = new SHA256Managed();
using var sha256HashAlgorithm = HashAlgorithm.Create("SHA256Managed");
using var sha256HashAlgorithmWithNamespace = HashAlgorithm.Create("System.Security.Cryptography.SHA256Managed");
var sha256CryptoConfig = CryptoConfig.CreateFromName("SHA256Managed");
HashAlgorithm hashAlgo = HashAlgorithm.Create();
var algoName = "MD5";
var md5Var = (HashAlgorithm)CryptoConfig.CreateFromName(algoName); // Noncompliant
algoName = "SHA256Managed";
var SHA256ManagedVar = (HashAlgorithm)CryptoConfig.CreateFromName(algoName);
}
public string GenerateToken(string secret)
{
if (WasInbound)
{
return(OriginalToken);
}
StringBuilder sb = new StringBuilder();
OriginalParts = new string[3];
OriginalParts[0] = $"{{typ:\"{Type}\", alg=\"{Algorithm}\"}}";
sb.Append(Convert.ToBase64String(Encoding.UTF8.GetBytes(OriginalParts[0])));
string hash;
switch (Algorithm)
{
case "HS256":
hash = Convert.ToBase64String(HMACSHA256.Create().ComputeHash(Encoding.UTF8.GetBytes(sb.ToString())));
break;
case "none":
hash = string.Empty;
break;
default:
throw new InvalidOperationException("You are generating a token string without setting the Algorithm properly");
}
sb.Append(".").Append(hash);
return(sb.ToString());
}
public void HmaCalls()
{
using (var hmac = new HMACSHA1()) // Noncompliant
{
}
using (var hmac = HMAC.Create()) // Noncompliant
{
}
using (var hmacmd5 = HMACMD5.Create("HMACMD5")) // Noncompliant
{
}
using (var hmacmd5 = KeyedHashAlgorithm.Create("HMACMD5")) // Noncompliant
{
}
using (var hmacmd5 = (KeyedHashAlgorithm)CryptoConfig.CreateFromName("HMACMD5")) // Noncompliant
{
}
using (var hmacsha256 = HMACSHA256.Create("HMACSHA256"))
{
}
using (var hmacsha256 = KeyedHashAlgorithm.Create("HMACSHA256"))
{
}
using (var hmacsha256 = (KeyedHashAlgorithm)CryptoConfig.CreateFromName("HMACSHA256"))
{
}
}
public static bool IsTokenValid(string token, string ip, string userAgent)
{
bool result = false;
try
{
// Base64 decode the string, obtaining the token:username:timeStamp.
string key = Encoding.UTF8.GetString(Convert.FromBase64String(token));
// Split the parts.
string[] parts = key.Split(new char[] { ':' });
if (parts.Length == 3)
{
// Get the hash message, username, and timestamp.
string hash = parts[0];
string username = parts[1];
long ticks = long.Parse(parts[2]);
DateTime timeStamp = new DateTime(ticks);
// Ensure the timestamp is valid.
bool expired = Math.Abs((DateTime.UtcNow - timeStamp).TotalMinutes) > _expirationMinutes;
if (!expired)
{
String passwordEnc = string.Empty;
string hashLeft = string.Empty;
using (HMAC hmac = HMACSHA256.Create(_alg))
{
hmac.ComputeHash(Encoding.UTF8.GetBytes(hash));
hashLeft = Convert.ToBase64String(hmac.Hash);
}
using (var ctx = new GASEntities())
{
if (username.All(char.IsDigit))
{
passwordEnc = (from u in ctx.Users
where u.UserMobile == username
select u.Password.ToString()).First();
}
else
{
passwordEnc = (from u in ctx.Users
where u.UserEmail == username
select u.Password.ToString()).First();
}
}
if (!string.IsNullOrEmpty(passwordEnc))
{
string computedToken = GenerateTokenUsingHashPassword(username, passwordEnc, ip, userAgent, ticks);
// Compare the computed token with the one supplied and ensure they match.
result = (token == computedToken);
}
}
}
}
catch
{
}
return(result);
}
public static string GetHash256(string password, string salt)
{
byte[] passwordByte = ASCIIEncoding.ASCII.GetBytes(password + salt + "SM");
// HashAlgorithm algorithm = new HMACSHA256();
HashAlgorithm algorithm = HMACSHA256.Create();
Byte[] hashPassword = algorithm.ComputeHash(passwordByte);
return Convert.ToBase64String(hashPassword);
}
private string MakeAuthorizationSign(PayLoad?body)
{
var crypto = HMACSHA256.Create("HmacSHA256");
crypto.Key = Encoding.UTF8.GetBytes(AppSecret);
var hash = crypto.ComputeHash(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(body)));
return(Convert.ToBase64String(hash));
}
private void ComputeHash(string path)
{
using (var fileStream = File.OpenRead(path))
{
using (var hasher = HMACSHA256.Create())
{
_result = hasher.ComputeHash(fileStream);
}
}
}
public static byte[] ComputeHash(byte[] input, byte[] key, string algorithm)
{
if (input == null || input.Length == 0)
{
throw new ArgumentException();
}
if (key == null || key.Length == 0)
{
throw new ArgumentException();
}
System.Security.Cryptography.KeyedHashAlgorithm hash;
switch (algorithm.ToUpperInvariant())
{
case "MD5":
case "HMACMD5":
hash = HMACMD5.Create();
break;
case "MD160":
case "RIPEMD160":
case "HMACRIPEMD160":
hash = HMACRIPEMD160.Create();
break;
case "SHA":
case "SHA1":
case "HMACSHA":
case "HMACSHA1":
hash = HMACSHA1.Create();
break;
case "SHA256":
case "HMACSHA256":
hash = HMACSHA256.Create();
break;
case "SHA384":
case "HMACSHA384":
hash = HMACSHA384.Create();
break;
case "SHA512":
case "HMACSHA512":
hash = HMACSHA512.Create();
break;
default:
throw new NotSupportedException();
}
hash.Key = key;
byte[] result = hash.ComputeHash(input);
hash.Clear();
return(result);
}
public static string HashMotDePass(string MotDePass)
{
string key = string.Join(":", new string[] { MotDePass, _CleeLongue });
using (HMAC hmac = HMACSHA256.Create(_Algo))
{
hmac.Key = Encoding.UTF8.GetBytes(MotDePass);
hmac.ComputeHash(Encoding.UTF8.GetBytes(key));
return(Convert.ToBase64String(hmac.Hash));
}
}
public static string GetHashedPassword(string password)
{
string key = string.Join(":", new string[] { password, SaltKey });
using (HMAC hmac = HMACSHA256.Create(VIKey))
{
hmac.Key = Encoding.UTF8.GetBytes(SaltKey);
hmac.ComputeHash(Encoding.UTF8.GetBytes(key));
return(Convert.ToBase64String(hmac.Hash));
}
}
public string GenerateSignature(string unsignedToken, byte[] signingKey)
{
using (var algorithm = HMACSHA256.Create())
{
algorithm.Key = signingKey;
var data = Encoding.UTF8.GetBytes(unsignedToken);
var mac = algorithm.ComputeHash(data);
return(Convert.ToBase64String(mac));
}
}
public static string GetHashedPassword(string password)
{
string key = string.Join(":", new string[] { password, "rz8LuOtFBXphj9WQfvFh" });
using (HMAC hmac = HMACSHA256.Create("HmacSHA256"))
{
// Hash the key.
hmac.Key = Encoding.UTF8.GetBytes("rz8LuOtFBXphj9WQfvFh");
hmac.ComputeHash(Encoding.UTF8.GetBytes(key));
return(Convert.ToBase64String(hmac.Hash));
}
}
private static string GetHashedPassword(string password)
{
string key = string.Join(":", new string[] { password, _salt });
using (HMAC hmac = HMACSHA256.Create(_algo))
{
// Hash the key.
hmac.Key = Encoding.UTF8.GetBytes(_salt);
hmac.ComputeHash(Encoding.UTF8.GetBytes(key));
return(Convert.ToBase64String(hmac.Hash));
}
}
private static byte[] GetHash([CanBeNull] string input, EHashType hash)
{
var inputBytes = Encoding.ASCII.GetBytes(input);
switch (hash)
{
case EHashType.HMAC:
return(HMAC.Create().ComputeHash(inputBytes));
#pragma warning disable RECS0030 // Suggests using the class declaring a static function when calling it
case EHashType.HMACMD5: // DevSkim: ignore DS126858
return(HMACMD5.Create().ComputeHash(inputBytes)); // DevSkim: ignore DS126858
case EHashType.HMACSHA1: // DevSkim: ignore DS126858
return(HMACSHA1.Create().ComputeHash(inputBytes)); // DevSkim: ignore DS126858
case EHashType.HMACSHA256:
return(HMACSHA256.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA384:
return(HMACSHA384.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA512:
return(HMACSHA512.Create().ComputeHash(inputBytes));
#pragma warning restore RECS0030 // Suggests using the class declaring a static function when calling it
case EHashType.MD5: // DevSkim: ignore DS126858
#pragma warning disable SG0006 // Weak hashing function
return(MD5.Create().ComputeHash(inputBytes)); // DevSkim: ignore DS126858
#pragma warning restore SG0006 // Weak hashing function
case EHashType.SHA1: // DevSkim: ignore DS126858
#pragma warning disable SG0006 // Weak hashing function
return(SHA1.Create().ComputeHash(inputBytes)); // DevSkim: ignore DS126858
#pragma warning restore SG0006 // Weak hashing function
case EHashType.SHA256:
return(SHA256.Create().ComputeHash(inputBytes));
case EHashType.SHA384:
return(SHA384.Create().ComputeHash(inputBytes));
case EHashType.SHA512:
return(SHA512.Create().ComputeHash(inputBytes));
default:
return(inputBytes);
}
}
private byte[] GetHashedPassword(string password)
{
string key = string.Join(":", new { password, salt });
using (HMAC hmac = HMACSHA256.Create(alg))
{
// Hash the key.
hmac.Key = Encoding.UTF8.GetBytes(salt);
hmac.ComputeHash(Encoding.UTF8.GetBytes(key));
return(hmac.Hash);
}
}
public static string GenerateToken(string username, string password, string phoneNumber)
{
string text = string.Join("#$#", new string[] { username, phoneNumber, DateTime.Now.AddMinutes(1.1234).ToLongDateString() });
string token = "";
using (HMAC hmac = HMACSHA256.Create(ALGORITHM))
{
hmac.Key = Encoding.UTF8.GetBytes(GetHashedPassword(password));
hmac.ComputeHash(Encoding.UTF8.GetBytes(text));
token = Convert.ToBase64String(hmac.Hash);
}
return(Convert.ToBase64String(Encoding.UTF8.GetBytes(token)));
}
private async Task <byte[]> ComputeHashAsync(string path)
{
using (var fileStream = File.OpenRead(path))
{
using (var hasher = HMACSHA256.Create())
{
return(await Task.Run(() =>
{
return hasher.ComputeHash(fileStream);
}));
}
}
}
private static byte[] GetHash(string Source, HashType hash)
{
byte[] inputBytes = Encoding.ASCII.GetBytes(Source);
switch (hash)
{
case HashType.HMAC:
return(HMAC.Create().ComputeHash(inputBytes));
case HashType.HMACMD5:
return(HMACMD5.Create().ComputeHash(inputBytes));
case HashType.HMACSHA1:
return(HMACSHA1.Create().ComputeHash(inputBytes));
case HashType.HMACSHA256:
return(HMACSHA256.Create().ComputeHash(inputBytes));
case HashType.HMACSHA384:
return(HMACSHA384.Create().ComputeHash(inputBytes));
case HashType.HMACSHA512:
return(HMACSHA512.Create().ComputeHash(inputBytes));
/*
* case HashType.MACTripleDES:
* return MACTripleDES.Create().ComputeHash(inputBytes);
*/
case HashType.MD5:
return(MD5.Create().ComputeHash(inputBytes));
/*
* case HashType.RIPEMD160:
* return RIPEMD160.Create().ComputeHash(inputBytes);
*/
case HashType.SHA1:
return(SHA1.Create().ComputeHash(inputBytes));
case HashType.SHA256:
return(SHA256.Create().ComputeHash(inputBytes));
case HashType.SHA384:
return(SHA384.Create().ComputeHash(inputBytes));
case HashType.SHA512:
return(SHA512.Create().ComputeHash(inputBytes));
default:
return(inputBytes);
}
}
/// <summary>
/// Returns a collection of hash algorithms that can be used
/// </summary>
/// <returns></returns>
public Dictionary <string, HashAlgorithm> GetHashAlgorithms()
{
Dictionary <string, HashAlgorithm> hashAlgorithms = new Dictionary <string, HashAlgorithm>();
hashAlgorithms.Add("Sha-256", CreateSha256());
hashAlgorithms.Add("Sha-512", CreateSha512());
hashAlgorithms.Add("MD5", CreateMD5());
hashAlgorithms.Add("Keyed Hash Algorithm", CreateKeyHashAlgorithm());
hashAlgorithms.Add("Ripe MD 160", CreateRipeMdAlgorithm());
hashAlgorithms.Add("Whirlpool", CreateWhirlpool());
hashAlgorithms.Add("HMAC", HMACSHA256.Create());
hashAlgorithms.Add("MACTripleDES", CreateMACTripleDES());
return(hashAlgorithms);
}
/// <summary>
/// Returns a hashed password + salt, to be used in generating a token.
/// </summary>
/// <param name="password">string - user's password</param>
/// <returns>string - hashed password</returns>
public static string GetHashedPassword(string password)
{
string key = string.Join(":", new string[] { password, _salt });
//用password和_salt产生key,其中_salt是绝对安全的,因为不进行任何传输
using (HMAC hmac = HMACSHA256.Create(_alg))//新建一个hmac由_alg产生
{
// Hash the key.
hmac.Key = Encoding.UTF8.GetBytes(_salt);
hmac.ComputeHash(Encoding.UTF8.GetBytes(key));
return(Convert.ToBase64String(hmac.Hash));
}
}
private Task <dynamic> MakePrivateCallAsync(Uri uri, object request)
{
var nonce = Guid.NewGuid().ToString("N");
string json = JsonConvert.SerializeObject(request);
string contentBase64String = Convert.ToBase64String(MD5.Create().ComputeHash(Encoding.UTF8.GetBytes(json)));
var rawData = String.Concat(_settings.ApiKey, "POST", uri.ToString(), nonce, contentBase64String);
string signature = HttpHelper.GetHash(HMACSHA256.Create(), _settings.Secret, rawData);
SetHeaders(new Dictionary <string, string> {
{ "amx", $"{_settings.ApiKey}:{signature}:{nonce}" }
});
return(CallAsync <dynamic>(HttpMethod.Post, uri, new StringContent(json, Encoding.UTF8, "application/json")));
}
private static byte[] GetHash(string input, EHashType hash)
{
var inputBytes = Encoding.ASCII.GetBytes(input);
switch (hash)
{
case EHashType.HMAC:
return(HMAC.Create().ComputeHash(inputBytes));
case EHashType.HMACMD5:
return(HMACMD5.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA1:
return(HMACSHA1.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA256:
return(HMACSHA256.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA384:
return(HMACSHA384.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA512:
return(HMACSHA512.Create().ComputeHash(inputBytes));
case EHashType.MACTripleDES:
return(MACTripleDES.Create().ComputeHash(inputBytes));
case EHashType.MD5:
return(MD5.Create().ComputeHash(inputBytes));
case EHashType.RIPEMD160:
return(RIPEMD160.Create().ComputeHash(inputBytes));
case EHashType.SHA1:
return(SHA1.Create().ComputeHash(inputBytes));
case EHashType.SHA256:
return(SHA256.Create().ComputeHash(inputBytes));
case EHashType.SHA384:
return(SHA384.Create().ComputeHash(inputBytes));
case EHashType.SHA512:
return(SHA512.Create().ComputeHash(inputBytes));
default:
return(inputBytes);
}
}
private const int _tokenExpiration = 10; // mins
public static string GenerateToken(string username, string password, string ip, long ticks)
{
string hash = string.Join(":", new string[] { username, ip, ticks.ToString() });
string hashLeft = "";
string hashRight = "";
using (HMAC hmac = HMACSHA256.Create(_algo))
{
hmac.Key = Encoding.UTF8.GetBytes(GetHashedPassword(password));
hmac.ComputeHash(Encoding.UTF8.GetBytes(hash));
hashLeft = Convert.ToBase64String(hmac.Hash);
hashRight = string.Join(":", new string[] { username, ticks.ToString() });
}
return(Convert.ToBase64String(Encoding.UTF8.GetBytes(string.Join(":", hashLeft, hashRight))));
}
public static string GenerateToken(string type, string userId, long ticks)
{
string hash = string.Join(":", new string[] { type, "rz8LuOtFBXphj9WQfvFh" });
string hashLeft = "";
string hashRight = "";
using (HMAC hmac = HMACSHA256.Create("HmacSHA256"))
{
hmac.Key = Encoding.UTF8.GetBytes(GetHashedPassword("Test"));
hmac.ComputeHash(Encoding.UTF8.GetBytes(hash));
hashLeft = string.Join(":", new String[] { hmac.Hash.ToString(), hash });
hashRight = string.Join(":", new string[] { userId, ticks.ToString() });
}
return(Convert.ToBase64String(Encoding.UTF8.GetBytes(string.Join(":", hashLeft, hashRight))));
}
public static string GenererToken(string Login, string MotDePass, long ticks)
{
string hash = string.Join(":", new string[] { Login, ticks.ToString() });
string hashGauche = "";
string hashDroit = "";
using (HMAC hmac = HMACSHA256.Create(_Algo))
{
hmac.Key = Encoding.UTF8.GetBytes(MotDePass);
hmac.ComputeHash(Encoding.UTF8.GetBytes(hash));
hashGauche = Convert.ToBase64String(hmac.Hash);
hashDroit = string.Join(":", new string[] { Login, ticks.ToString() });
}
return(Convert.ToBase64String(Encoding.UTF8.GetBytes(string.Join(":", hashGauche, hashDroit))));
}
private static byte[] GetHash(string input, EHashType hash)
{
byte[] inputBytes = Encoding.ASCII.GetBytes(input);
switch (hash)
{
case EHashType.HMAC:
return(HMAC.Create().ComputeHash(inputBytes));
case EHashType.HMACMD5:
return(HMACMD5.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA1:
return(HMACSHA1.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA256:
return(HMACSHA256.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA384:
return(HMACSHA384.Create().ComputeHash(inputBytes));
case EHashType.HMACSHA512:
return(HMACSHA512.Create().ComputeHash(inputBytes));
#pragma warning disable CS0618 // Type or member is obsolete
case EHashType.MD5:
#pragma warning restore CS0618 // Type or member is obsolete
return(MD5.Create().ComputeHash(inputBytes));
#pragma warning disable CS0618 // Type or member is obsolete
case EHashType.SHA1:
#pragma warning restore CS0618 // Type or member is obsolete
return(SHA1.Create().ComputeHash(inputBytes));
case EHashType.SHA256:
return(SHA256.Create().ComputeHash(inputBytes));
case EHashType.SHA384:
return(SHA384.Create().ComputeHash(inputBytes));
case EHashType.SHA512:
return(SHA512.Create().ComputeHash(inputBytes));
default:
return(inputBytes);
}
}
public static string GetHashedPassword(string password, int maxPasswordength = -1)
{
string key = string.Join(":|:", new string[] { password, SALT });
string hashPassword = null;
using (HMAC hmac = HMACSHA256.Create(ALGORITHM))
{
hmac.Key = Encoding.UTF8.GetBytes(ALGORITHM);
hmac.ComputeHash(Encoding.UTF8.GetBytes(key));
hashPassword = Convert.ToBase64String(hmac.Hash);
}
if (maxPasswordength > 0 && hashPassword.Length > maxPasswordength)
{
hashPassword = hashPassword.Substring(0, maxPasswordength);
}
return(hashPassword);
}
/// <summary>
/// Method used to generate token. The token is generated based on the user's email,
/// password and claim
///
/// Algorithm found on the following website:
/// http://www.primaryobjects.com/2015/05/08/token-based-authentication-for-web-service-apis-in-c-mvc-net/
///
/// </summary>
///
/// <param name="email"></param>
/// <param name="password"></param>
/// <param name="claim"></param>
///
/// <returns>
/// Token that will be assigned to the user
/// </returns>
public string GenerateToken(string email, string password, string claim)
{
// Concatenate email, (hashed) password, and claim in a string array.
string hash = string.Join(":", new string[] { email, password, claim });
string hashLeft = "";
string hashRight = "";
using (HMAC hmac = HMACSHA256.Create(_algorithm))
{
hmac.Key = Encoding.UTF8.GetBytes(password);
hmac.ComputeHash(Encoding.UTF8.GetBytes(hash));
hashLeft = Convert.ToBase64String(hmac.Hash);
hashRight = string.Join(":", new string[] { email, claim });
}
string token = Convert.ToBase64String(Encoding.UTF8.GetBytes(string.Join(":", hashLeft, hashRight)));
return(token);
}
