public ActionResult ChangePassword(ChangePasswordModel model)
{
Log.Debug("Started validating user credential for password change.");
if (ModelState.IsValid)
{
var crypto = new PBKDF2();
var user = userService.GetUsers().FirstOrDefault(u => u.UserName == User.Identity.Name);
if (user.Password == crypto.Compute(model.OldPassword, user.PasswordSalt))
{
user.Password = crypto.Compute(model.NewPassword);
user.ConfirmPassword = crypto.Compute(model.ConfirmPassword);
try
{
userService.UpdateUser(user);
}
catch (Exception e)
{
Log.Error(e.ToString());
}
return(RedirectToAction("ChangePasswordSuccess"));
}
}
Log.Info("The password was not succesfully changed.");
ModelState.AddModelError("", "The current password is incorrect or the new password is invalid.");
return(View(model));
}
public override void Validate(string userName, string password)
{
using (var context = new AF_Context())
{
const string pepper = "50.L1`(f761OJdG6fc835M(5(+Ju2!P6,4330_N*/%xz<j7(N15KC'8l997'0c0CEg";
ICryptoService cryptoService = new PBKDF2();
try
{
User u = context.Users.FirstOrDefault(c => c.Login == userName);
if (u == null)
{
throw new SecurityTokenException("Wrong Username or Password");
}
bool verified = cryptoService.Compare(cryptoService.Compute(cryptoService.Compute(password, u.Salt), pepper), u.Password);
if (!verified)
{
throw new SecurityTokenException("Wrong Username or Password");
}
}
catch (Exception ex)
{
throw;
}
}
}
static void Main(string[] args)
{
string pass = "";
int id = 0;
ICryptoService cryptoService = new PBKDF2();
const string pepper = "50.L1`(f761OJdG6fc835M(5(+Ju2!P6,4330_N*/%xz<j7(N15KC'8l997'0c0CEg";
Console.WriteLine("Select user by id:");
if (int.TryParse(Console.ReadLine(), out id))
{
using (var context = new AF_Context())
{
try
{
User user = context.Users.First(u => u.UserId == id);
if (user != null)
{
while (string.IsNullOrEmpty(pass))
{
Console.WriteLine("Input Password:");
pass = Console.ReadLine();
}
user.Salt = cryptoService.GenerateSalt();
user.Password = cryptoService.Compute(cryptoService.Compute(pass, user.Salt), pepper);
}
context.SaveChanges();
}
catch (Exception e)
{
throw;
}
}
}
}
/// <summary>
/// Generate password hash and salt
/// </summary>
/// <param name="password">plaintext password</param>
/// <returns></returns>
public static string[] Hash(string password, string saltStr = null)
{
string hash;
string salt;
var CryptoSvc = new PBKDF2();
// generate new hash
if (saltStr == null)
{
hash = CryptoSvc.Compute(password);
salt = CryptoSvc.Salt;
return(new string[]
{
hash,
salt
});
}
else
{
hash = CryptoSvc.Compute(password, saltStr);
return(new string[]
{
hash,
""
});
}
}
protected void btnIniciar_Click(object sender, EventArgs e)
{
string user = txtUser.Text.Trim();
string pas = txtPass.Text.Trim();
if (user != "" && pas != "")
{
var persona = instaciaBD.tbl_persona.Where(x => x.usuarioPersona == user).FirstOrDefault();
if (persona != null)
{
ICryptoService encripto = new PBKDF2();//INSTANCIO EL ALGORITMO
string pasEncriptada = encripto.Compute(pas, persona.salt);
if (encripto.Compare(persona.contrasenaPersona, pasEncriptada))
{
FormsAuthentication.SetAuthCookie(persona.nombrePersona + " " + persona.apellidoPersona, true);
Response.Redirect("Inicio.aspx");
}
else
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "aletarLoginFail", "window.onload = function(){ alert ('Contraseña incorrecta');};", true);
}
}
else
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "aletarLoginFail", "window.onload = function(){ alert ('no existe ');};", true);
}
}
else
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "aletarLoginFail", "window.onload = function(){ alert ('debe ingresar datos');};", true);
}
}
public ActionResult create(tbl_usuario usuario)
{
//LLAMO AL METODO Y HASHEO LA CONTRASEÑA
string co = GetSHA1(usuario.contrasena);
ICryptoService cryptoService = new PBKDF2();
//Generar algoritmo de encryptacion
string salt = cryptoService.GenerateSalt();
string contrasenaencryptada = cryptoService.Compute(usuario.contrasena);
conexion.Open();
SqlCommand query = new SqlCommand("insertarusuario", conexion);
query.CommandType = CommandType.StoredProcedure;
query.Parameters.Add("@pid_usuario", SqlDbType.VarChar).Value = usuario.id_usuario;
query.Parameters.Add("@pcontrasena", SqlDbType.VarChar).Value = co;
query.Parameters.Add("@pnombre_usuario", SqlDbType.VarChar).Value = usuario.nombre_usuario;
query.Parameters.Add("@ppaterno_usuario", SqlDbType.VarChar).Value = usuario.paterno_usuario;
query.Parameters.Add("@pmaterno_usuario", SqlDbType.VarChar).Value = usuario.materno_usuario;
query.Parameters.Add("@ptipo_usuario", SqlDbType.VarChar).Value = usuario.tipo_usuario;
query.Parameters.Add("@pcorreo", SqlDbType.VarChar).Value = usuario.correo;
query.ExecuteNonQuery();
conexion.Close();
return(RedirectToAction("Index"));
}
private bool isValid(string email, string password, ref string errore, ref PERSONA utente)
{
bool flag;
PBKDF2 crypto = new PBKDF2();
using (DatabaseContext db = new DatabaseContext())
{
utente = db.PERSONA_EMAIL.Where(u => u.EMAIL == email && u.PERSONA.STATO == (int)Stato.ATTIVO).Select(u => u.PERSONA).SingleOrDefault();
//utente = db.PERSONA.FirstOrDefault<PERSONA>((PERSONA u) => u.EMAIL == email && u.STATO == 1);
if (utente == null)
{
errore = Language.EmailNotExist;
}
else if (!utente.PASSWORD.Equals(crypto.Compute(password, utente.TOKEN_PASSWORD)))
{
errore = Language.ErrorPassword;
}
else
{
flag = true;
return(flag);
}
}
flag = false;
return(flag);
}
private static bool ValidatePassword(string password, string salt, string hashedPassword)
{
ICryptoService cryptoService = new PBKDF2();
string hashedPassword2 = cryptoService.Compute(password, salt);
return(cryptoService.Compare(hashedPassword, hashedPassword2));
}
public ActionResult Index(string eMail, string pass)
{
if (Request["Email"] == null || Request["Password"] == null)
{
return(View());
}
string email = Request["Email"].ToString();
string password = Request["Password"].ToString();
//check if user exists and password matches
var user = db.Employees.FirstOrDefault(e => e.EmployeeEmail == email);
if (user != null)
{
ICryptoService cryptoService = new PBKDF2();
string hashed = cryptoService.Compute(password, user.Salt);
if (hashed == user.Pass)
{
Session["userLoggedIn"] = user.EmployeeEmail;
return(RedirectToAction("Index", "Students"));
}
}
return(View());
}
private void btnAuth_Click(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(PasswordUser))
{
MessageBox.Show("Пароль пустий.");
return;
}
var user = GetUserByEmail(EmailLogin);
if (user != null)
{
ICryptoService cryptoService = new PBKDF2();
// validate user
string password = PasswordUser;
string salt = user.PasswordHash;
string hashedPassword2 = cryptoService.Compute(password, salt);
bool isPasswordValid = cryptoService.Compare(user.Password, hashedPassword2);
if (isPasswordValid)
{
DialogResult = DialogResult.OK;
}
else
{
MessageBox.Show("Неправильний пароль або емейл, спробуйте ще раз.");
}
}
else
{
MessageBox.Show("Неправильний пароль або емейл, спробуйте ще раз.");
}
}
public ActionResult Create([Bind(Include = "EmployeeID,EmployeeName,EmployeeSurname,EmployeeEmail,Pass")] Employee employee)
{
if (ModelState.IsValid)
{
//hash password
ICryptoService cryptoService = new PBKDF2();
//save this salt to the database
string salt = cryptoService.GenerateSalt();
//save this hash to the database
if (string.IsNullOrEmpty(employee.Pass))
{
employee.Pass = "******";
}
string hashedPassword = cryptoService.Compute(employee.Pass);
employee.Salt = salt;
employee.Pass = hashedPassword;
if (db.Employees.FirstOrDefault(e => e.EmployeeEmail == employee.EmployeeEmail) == null)
{
db.Employees.Add(employee);
db.SaveChanges();
return(RedirectToAction("Index"));
}
}
return(View(employee));
}
public User RegisterUser(RegisterUserViewModel user)
{
using (TransactionScope scope = new TransactionScope())
{
var el = _context.Users.SingleOrDefault(m => m.Email == user.Email);
if (el != null)
{
return(null);
}
ICryptoService cryptoService = new PBKDF2();
string passwordSalt = cryptoService.GenerateSalt();
string hashedPassword = cryptoService.Compute(user.Password);
Role userRole = _context.Roles.SingleOrDefault(m => m.Name == "User");
User newUser = new User
{
FullName = user.FullName,
Email = user.Email,
Password = hashedPassword,
PasswordSalt = passwordSalt,
Roles = new List <Role>(),
EmailConfirmed = false,
EmailConfirmToken = Guid.NewGuid().ToString()
};
if (userRole != null)
{
newUser.Roles.Add(userRole);
}
_context.Users.Add(newUser);
_context.SaveChanges();
scope.Complete();
return(newUser);
}
}
public async Task <ActionResult> CreateAsync(UserViewModel userVM)
{
User user = new User
{
Id = userVM.Id,
IdentityNumber = userVM.IdentityNumber,
Name = userVM.Name,
LastName = userVM.LastName,
Email = userVM.Email,
IsActive = userVM.IsActive,
Phone = userVM.Phone,
RoleId = userVM.RoleId,
};
ICryptoService cryptoService = new PBKDF2();
//New User
string password = userVM.Password;
//save this salt to the database
string passwordHashedSalt = cryptoService.GenerateSalt();
//save this hash to the database
string passwordHashed = cryptoService.Compute(password);
user.PasswordHashedSalt = passwordHashedSalt;
user.PasswordHashed = passwordHashed;
if (ModelState.IsValid)
{
_context.Add(user);
await _context.SaveChangesAsync();
return(RedirectToAction("Index"));
}
return(View(userVM));
}
// оновлюємо пароль користувача
private void btChangePass_Click(object sender, EventArgs e)
{
if (txtNewPass.Text == "")
{
MessageBox.Show("Пароль не може бути порожнім, внесіть значення");
}
else
{
ICryptoService cryptoService = new PBKDF2();
string salt = cryptoService.GenerateSalt();
string hashedPassword = cryptoService.Compute(txtNewPass.Text);
try
{
string strCon = @"Data Source=dell7020\sqlexpress;Initial Catalog=GridUserForm;Integrated Security=True";
using (SqlConnection con = new SqlConnection(strCon))
{
{
con.Open();
SqlCommand command = new SqlCommand();
command.Connection = con;
string query = $"UPDATE [dbo].[tblUsers] SET Password = '******', PasswordSalt = '{salt}' WHERE tblUsers.Id = {id}";
command.CommandText = query;
command.ExecuteNonQuery();
MessageBox.Show("Пароль змінено");
}
}
}
catch (Exception ex)
{
MessageBox.Show($"Помилка оновлення паролю {ex.Message}", ex.Message);
}
}
}
protected bool IsValidNuGetApiKey(INancyModule module, IFeed feed)
{
if (!string.IsNullOrWhiteSpace(feed.ApiKeyHashed))
{
if (module.Request.Headers[NuGetHeaderApiKeyName].FirstOrDefault() == null)
{
return(false);
}
ICryptoService cryptoService = new PBKDF2();
var feedApiKeyHashed = feed.ApiKeyHashed;
var feedApiKeySalt = feed.ApiKeySalt;
var requestApiKey = module.Request.Headers[NuGetHeaderApiKeyName].FirstOrDefault();
if (string.IsNullOrWhiteSpace(requestApiKey))
{
return(false);
}
string requestApiKeyHashed = cryptoService.Compute(requestApiKey, feedApiKeySalt);
bool isValidApiKey = cryptoService.Compare(requestApiKeyHashed, feedApiKeyHashed);
if (!isValidApiKey)
{
return(false);
}
}
return(true);
}
protected void btnRecuperar_Click(object sender, EventArgs e)
{
string usuario = txtUsuario.Text.Trim();
var persona = db.Persona.Where(x => x.usuario == usuario).FirstOrDefault();
if (persona != null)
{
ICryptoService cryptoService = new PBKDF2();
string contrasennaNueva = RandomPassword.Generate(10, PasswordGroup.Lowercase, PasswordGroup.Uppercase, PasswordGroup.Numeric, PasswordGroup.Special);
string salt = cryptoService.GenerateSalt();
string contrasennaCryptada = cryptoService.Compute(contrasennaNueva);
try
{
persona.salt = salt;
persona.contrasenna = contrasennaCryptada;
db.SubmitChanges();
enviarEmail(persona.email, contrasennaNueva);
}
catch (Exception) {
throw;
}
}
else
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaUsuario", "window.onload = function(){alert('El usuario no existe.');};", true);
}
}
// https://github.com/shawnmclean/SimpleCrypto.net
public static bool IsPasswordValid(string password, string storedPasswordHash, string salt)
{
ICryptoService cryptoService = new PBKDF2();
string hashedPassword2 = cryptoService.Compute(password, salt);
return(cryptoService.Compare(storedPasswordHash, hashedPassword2));
}
public List <Tbl_Usuario> IniciarSesion(string usuario, string contrasenia)
{
//Encriptar Contraseña
ICryptoService cryptoService = new PBKDF2();
string ContraseniaEncriptada = cryptoService.Compute(contrasenia, SaltEncriptar);
return(objetoCD.UsuarioLogin(usuario, ContraseniaEncriptada));
}
public static string GetPasswordHash(string password)
{
ICryptoService cryptoService = new PBKDF2();
int SALT_SIZE = 16;
int HASH_ITERATIONS = 20;
return(cryptoService.Compute(password, SALT_SIZE, HASH_ITERATIONS));
}
protected void Iniciar_Click(object sender, EventArgs e)
{
Session["help"] = 2;
label1.Visible = false;
List <Usuarios> allUser = new List <Usuarios>();
allUser = SIRESEP.BS.ManUsuario._Instancia.Mostrar();
int largo = Convert.ToInt32(allUser.Count.ToString());
Session["help"] = 1;
Session.Add("usuario", "valor");
for (int i = 0; i < largo; i++)
{
String user = allUser[i]._cedula.ToString();
String pass = allUser[i]._contrasena.ToString();
String salt = allUser[i]._salt.ToString();
String idRol = allUser[i]._idRol.ToString();
String exUser = cedula.Value.Trim();
String exPass = inputPassword.Value.Trim();
//Encriptar la contraseña y comparar para verificar que la registrada sea la misma usando el mismo algoritmo que tiene en la base
ICryptoService cryptoService = new PBKDF2();
string contraEncrip = cryptoService.Compute(exPass, salt);
if (exUser.Equals(user) && contraEncrip.Equals(pass))
{
if (idRol.Equals("1"))
{
//se hacen 'secciones' para indicar el tipo de usuario, ademas sirve para evitar acceder a las paginas si no es el usuario correcto
// tambien sirve para cambiar el master page en las paginas compartidas como carrera, grado de estudio e idioma
Session.Add("admin", "valor");
Response.Redirect("FrInicioAdmin.aspx");
}
if (idRol.Equals("2"))
{
string ced = exUser.Trim();
Session["ced"] = ced;
Session.Add("usuario", "valor");
Response.Redirect("FrInicioUser.aspx");
usuario._cedula = cedula.Value;
}
else
{
label1.Visible = true;
}
if (idRol.Equals("3"))
{
}
}
}
}
private string HashPassword(string password)
{
var cryptoService = new PBKDF2();
// TODO: store in some securure place
var salt = "100000.i7BB2tLt5UeYA9qDTRySyFjIJGgEZTDAFfesZeEr2mJqxA==";
return(cryptoService.Compute(password, salt));
}
public override bool ChangePassword(string username, string oldPassword, string newPassword)
{
// Hash the password using our currently configured salt size and hash iterations
PBKDF2 crypto = new PBKDF2();
crypto.HashIterations = HashIterations;
crypto.SaltSize = SaltSize;
string oldHash = crypto.Compute(oldPassword);
string salt = crypto.Salt;
string newHash = crypto.Compute(oldPassword);
using (SqlConnection con = new SqlConnection(this.connectionString))
{
con.Open();
con.Close();
}
return(true);
}
!(new Regex(@" ").IsMatch(value)); //Don't have white spaces
public string GetHash(string salt)
{
if (_secureString.IsNotNull() && !string.IsNullOrEmpty(salt))
{
Value = PBKDF2.Compute(Marshal.PtrToStringUni(Marshal.SecureStringToBSTR(_secureString)), salt);
}
return(Value);
}
private static PasswordCrypto EncryptPassword(string password)
{
ICryptoService cryptoService = new PBKDF2();
var crypto = new PasswordCrypto();
crypto.Salt = cryptoService.GenerateSalt();
crypto.Password = cryptoService.Compute(password);
return(crypto);
}
public static Tuple <string, string> HashPassword(string password)
{
ICryptoService cryptoService = new PBKDF2();
string salt = cryptoService.GenerateSalt();
string hashedPassword = cryptoService.Compute(password, salt);
return(new Tuple <string, string>(hashedPassword, salt));
}
public void InsertarUsuario(string cedula, string nombre, string direccion, string telefono, string correo, string usuario, string contrasenia, string rol, string foto)
{
//Encriptar Contraseña
ICryptoService cryptoService = new PBKDF2();
string Salt_Contrasenia = cryptoService.GenerateSalt();
string Contrasenia_Encriptada = cryptoService.Compute(contrasenia);
objetoCD.Insertar(cedula, nombre, direccion, telefono, correo, usuario, Contrasenia_Encriptada, Salt_Contrasenia, Convert.ToInt32(rol), foto);
}
public void CambiarContrasenia(string NuevaContrasenia, string IdUsuario)
{
//Encriptar Contraseña
ICryptoService cryptoService = new PBKDF2();
string Salt_Contrasenia = cryptoService.GenerateSalt();
string Contrasenia_Encriptada = cryptoService.Compute(NuevaContrasenia);
objetoCD.CambiarContrasenia(Contrasenia_Encriptada, Salt_Contrasenia, Convert.ToInt32(IdUsuario));
}
// GET: Moviles
public ActionResult Acceso(string correo, string password)
{
string constr = conexion;
string constr1 = conexion1;
vista = "../Login/Login";
System.Web.HttpContext.Current.Session["acceso"] = "Usuario no encontrado";
using (MySqlConnection con = new MySqlConnection(constr))
{
string query = "select * from web_usuarios_login WHERE Cod_Usuario = '" + correo + "'";
using (MySqlCommand cmd = new MySqlCommand(query))
{
cmd.Connection = con;
con.Open();
using (MySqlDataReader sdr = cmd.ExecuteReader())
{
while (sdr.Read())
{
ICryptoService cryptoService = new PBKDF2();
string PasswordEncriptada = cryptoService.Compute(password, sdr["Salt"].ToString());
if (sdr.HasRows)
{
System.Web.HttpContext.Current.Session["sessionClosed"] = null;
if (cryptoService.Compare(sdr["Password"].ToString(), PasswordEncriptada))
{
System.Web.HttpContext.Current.Session["sessionString"] = sdr["Nombre"].ToString() + " " + sdr["Apellido"].ToString();
System.Web.HttpContext.Current.Session["perfil"] = sdr["Cod_Perfil"].ToString();
System.Web.HttpContext.Current.Session["correo"] = sdr["Cod_Usuario"].ToString();
vista = "../Principal/Principal";
}
}
}
}
con.Close();
}
}
using (MySqlConnection con1 = new MySqlConnection(constr1))
{
string querypararm = "select * from web_vparam_sys";
using (MySqlCommand cmd1 = new MySqlCommand(querypararm))
{
cmd1.Connection = con1;
con1.Open();
using (MySqlDataReader sdr1 = cmd1.ExecuteReader())
{
while (sdr1.Read())
{
System.Web.HttpContext.Current.Session["conductoresConf"] = sdr1["Varios_Conductores"].ToString();
}
}
con1.Close();
}
}
return(RedirectToAction(vista));
}
public static IEnumerable PBKDF2HashList(string text, string salt)
{
ICryptoService cryptoService = new PBKDF2();
ArrayList hashedText = new ArrayList();
string hash;
if (salt == null)
{
hash = cryptoService.Compute(text, 16, 5000);
salt = cryptoService.Salt;
}
else
{
hash = cryptoService.Compute(text, salt);
}
hashedText.Add(new HashedBytes(hash, salt));
return(hashedText);
}
protected void buttonPBKDF2_Click(object sender, EventArgs e)
{
if (passwordNotEnteredError())
{
return;
}
var pbkdf2Encryptor = new PBKDF2();
string encryptedPass = pbkdf2Encryptor.Compute(TextBox1.Text);
Response.Write($"Your PBKDF2 encryption is {encryptedPass}");
}