Beispiel #1
0
        /// <summary>
        /// Returns IHashedUser object with password and salt hashed.
        /// The IHashedUser object must include Username, Password, and SaltByteArray.
        /// </summary>
        /// <param name="userToHash">User to hash</param>
        /// <returns></returns>
        public IHashedUser GetHashedUser(IHashedUser userToHash)
        {
            // Check if user input is valid.
            if (userToHash.Password == null || userToHash.Password == string.Empty)
            {
                throw new ArgumentNullException("Password");
            }

            if (userToHash.Salt == null || userToHash.Salt == string.Empty)
            {
                throw new ArgumentNullException("Salt");
            }

            // Convert password string to byte array
            byte[] passwordByteArray = Encoding.UTF8.GetBytes(userToHash.Password);
            byte[] saltByteArray     = Convert.FromBase64String(userToHash.Salt);

            // Create hashed password with salt.
            byte[] passwordWithSalt = this.HashPasswordWithSalt(passwordByteArray, saltByteArray);

            // Set salt string - using Base64String
            userToHash.Password = Convert.ToBase64String(passwordWithSalt);
            userToHash.Salt     = Convert.ToBase64String(saltByteArray);

            return(userToHash);
        }
        public void VerifyPassword_ComparingWrongPassword_ShouldNotBeEqual()
        {
            // Arrange
            HashingSettings settings       = new HashingSettings(HashingMethodType.SHA256);
            HashingService  hashingService = new HashingService(settings);

            string      username        = "******";
            string      correctPassword = "******";
            string      wrongPassword   = "******";
            IHashedUser hashedUser      = null;
            bool        passwordMatched = false;

            // Act
            hashedUser = hashingService.CreateHashedUser(username, correctPassword);

            passwordMatched = hashingService.VerifyPassword(wrongPassword, hashedUser.Password, hashedUser.Salt);

            Console.WriteLine("Original Correct Password: "******"Original Wrong Password: "******"Hashed Password: "******"Hashed Salt: " + hashedUser.Salt);

            // Assert
            Assert.IsFalse(passwordMatched);
        }
Beispiel #3
0
        public void CreateUser(IUser user)
        {
            IHashedUser hashedUser = HandlerFactory.GetLoginHandler().CreateHashedUserInfo(user.Username, user.UserPassword);

            user.UserPassword = hashedUser.Password;
            user.Salt         = hashedUser.Salt;

            using (var conn = new SqlConnection(HandlerFactory.GetDBConnectionString()))
            {
                conn.Open();
                var identity = conn.Insert(user);
                conn.Close();
            }
        }
        public void CreateHashedUser_WithValidSettings_ShouldCreateIHashedUser()
        {
            // Arrange
            HashingSettings settings       = new HashingSettings(HashingMethodType.SHA256);
            HashingService  hashingService = new HashingService(settings);

            string      username   = "******";
            string      password   = "******";
            IHashedUser hashedUser = null;

            // Act
            hashedUser = hashingService.CreateHashedUser(username, password);

            // Assert
            Assert.IsNotNull(hashedUser);
        }
Beispiel #5
0
        /// <summary>
        /// Verify the integrity of the User Salt and password.
        /// Returns true if the password passes.
        /// Returns false if the hashed password and salt does not match.
        /// </summary>
        /// <param name="user1"></param>
        /// <param name="user2"></param>
        /// <returns></returns>
        public bool VerifyUserHash(IHashedUser userLogin, IHashedUser DBuser)
        {
            bool userHashIsVerified = false;

            // Make sure the Database Salt is set.
            if (DBuser.Salt == null || DBuser.Salt == string.Empty || DBuser.Salt == "")
            {
                throw new ArgumentException("User 1 salt is not set", "user1");
            }

            // Converts 64ByteString to ByteArray - IHashedUser.SaltByteArray
            DBuser.SaltByteArray = Convert.FromBase64String(DBuser.Salt);

            // Hash logged in user.
            IHashedUser hashedUserLogin = this._hashingMethod.GetHashedUser(userLogin);

            if (hashedUserLogin.Password == DBuser.Password)
            {
                userHashIsVerified = true;
            }

            return(userHashIsVerified);
        }