/// <summary>
/// reset password
/// </summary>
/// <param name="userID"></param>
/// <returns></returns>
public string ResetPassword(int userID)
{
var session = SessionFactory.CreateSession();
session.BeginTrans();
try
{
var saltText = string.Empty;
EnumHashProvider hashProvider;
var r = new Random();
var newPassword = r.Next(100000, 999999).ToString();
var encryptedPwd = HashingAlgorithmUtility.GetEncryptedHashText(newPassword, out saltText, out hashProvider);
var userEntity = QuickRepository.GetById <UserAccountEntity>(userID);
userEntity.Password = encryptedPwd;
userEntity.PasswordFormat = (short)hashProvider;
userEntity.PasswordSalt = saltText;
QuickRepository.Update <UserAccountEntity>(session.Connection, userEntity, session.Transaction);
session.Commit();
return(newPassword);
}
catch (System.Exception ex)
{
session.Rollback();
throw new ApplicationException("用户密码修改发生错误!");
}
finally
{
session.Dispose();
}
}
/// <summary>
/// check user password
/// </summary>
/// <param name="userName">user name</param>
/// <param name="password">password</param>
/// <returns></returns>
public bool CheckPassword(UserAccountEntity user, string password)
{
var isChecked = HashingAlgorithmUtility.CompareHash(user.PasswordFormat,
password, user.PasswordSalt, user.Password);
return(isChecked);
}
/// <summary>
/// change user password
/// </summary>
/// <param name="oldPassword">old password</param>
/// <param name="newPassword">new password</param>
public void ChangePassword(string loginName, string oldPassword, string newPassword)
{
UserAccountEntity userEntity = null;
try
{
userEntity = QuickRepository.GetDefaultByName <UserAccountEntity>("LoginName", loginName);
var isChecked = CheckPassword(userEntity, oldPassword); //it's better to limit wrong password 3 or 6 times to prevent someone crack the account
if (!isChecked)
{
throw new ApplicationException("用户名和密码不匹配,请重试.");
}
}
catch (System.ApplicationException ex)
{
throw new ApplicationException("修改密码发生错误!");
}
try
{
var saltText = string.Empty;
EnumHashProvider hashProvider;
var encryptedPwd = HashingAlgorithmUtility.GetEncryptedHashText(newPassword, out saltText, out hashProvider);
userEntity.Password = encryptedPwd;
userEntity.PasswordFormat = (short)hashProvider;
userEntity.PasswordSalt = saltText;
QuickRepository.Update <UserAccountEntity>(userEntity);
}
catch (System.ApplicationException ex)
{
throw;
}
}
/// <summary>
/// instance a new user
/// </summary>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <param name="email"></param>
/// <returns></returns>
private UserAccountEntity InstanceUser(string userName, string password, string email)
{
var saltText = string.Empty;
EnumHashProvider hashProvider;
var encryptedPwd = HashingAlgorithmUtility.GetEncryptedHashText(password, out saltText, out hashProvider);
var pwdSHA256 = HashingAlgorithmUtility.ComputeHash(EnumHashProvider.SHA256Managed, password);
var userEntity = new UserAccountEntity();
userEntity.UserName = userName;
userEntity.Password = encryptedPwd;
userEntity.EMail = email;
userEntity.PasswordFormat = (short)hashProvider;
userEntity.PasswordSalt = saltText;
return(userEntity);
}
/// <summary>
/// verify user authorization ticket information
/// </summary>
/// <param name="encryptTicket"></param>
/// <returns></returns>
private bool ValidateUserTicket(string encryptTicket)
{
var loginTicket = FormsAuthentication.Decrypt(encryptTicket);
var userDataContent = loginTicket.UserData;
var webLogonUserData = JsonConvert.DeserializeObject <WebLogonUserData>(userDataContent);
UserID = webLogonUserData.UserID;
string loginName = webLogonUserData.LoginName;
string password = webLogonUserData.Password;
//check user password
var service = new AccountService();
var user = service.GetByLoginName(loginName);
var isChecked = HashingAlgorithmUtility.CompareHash(user.PasswordFormat, password, user.PasswordSalt, user.Password);
return(isChecked);
}
/// <summary>
/// 对请求的Api消息,用登录用户的安全key(密码)进行签名
/// </summary>
/// <param name="secret"></param>
/// <returns></returns>
public void SignatureMessage(Credentials user)
{
var hashString = string.Empty;
var message = HttpClient.BaseAddress.AbsoluteUri;
var sha256 = HashingAlgorithmUtility.CreateHashAlgorithm(EnumHashProvider.SHA256Managed);
var key = sha256.ComputeHash(Encoding.UTF8.GetBytes(user.Password));
var str = Convert.ToBase64String(key);
using (var hmac = new HMACSHA256(key))
{
var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(message));
hashString = Convert.ToBase64String(hash);
}
var authenticationValue = Convert.ToBase64String(
System.Text.Encoding.UTF8.GetBytes(
string.Format("{0}:{1}", user.UserName, hashString)));
HttpClient.DefaultRequestHeaders.Add(WebApiRequestHeaderNameHashed, authenticationValue);
}
