public IActionResult Put(int id, [FromBody] VerificationKey key)
{
key.Id = id;
_context.Entry(key).State = EntityState.Modified;
_context.SaveChanges();
return(NoContent());
}
public bool Post([FromBody] VerificationKey verificationName)
{
using (var db = new ApplicationDbContext())
{
try
{
if (verificationName == null)
{
return(default);
public SRPVerifier(HashAlgorithm hashAlgorithm, SRPParameter parameter,
VerificationKey verification, byte[] A)
: base(hashAlgorithm, parameter)
{
_hashAlgorithm = hashAlgorithm;
_parameter = parameter;
_s = verification.Salt.StringToByteArray().ToBigInteger();
_v = verification.Verifier.StringToByteArray().ToBigInteger();
_username = verification.Username;
_A = A.ToBigInteger();
if ((_A % _parameter.PrimeNumber) == BigInteger.Zero)
{
throw new Exception("Safety check failed");
}
_b = BigInteger.Parse("6120781328594294848119626246127827602386035851539447828004723105537643674485");
_k = Compute_k().ToBigInteger();
_B = (_k * _v + BigInteger.ModPow(
_parameter.Generator, _b, _parameter.PrimeNumber)
) % _parameter.PrimeNumber;
// _B = Compute_B(_v, _k, _b);
_u = Compute_u(_A.ToBytes(), _B.ToBytes()).ToBigInteger();
_S = Compute_S(_A, _v, _u, _b);
_K = Compute_K(_S.ToBytes());
_M = Compute_M(_username, _s.ToBytes(), _A.ToBytes(), _B.ToBytes(), _K);
_HMAK = Compute_HAMK(_A.ToBytes(), _M, _K);
_verificationKey = verification;
#if DEBUG
Console.WriteLine("=================== Verifier ====================");
Console.WriteLine("_s = {0}", _s);
Console.WriteLine("_v = {0}", _v);
Console.WriteLine("_username = {0}", _username);
Console.WriteLine("_A = {0}", _A);
Console.WriteLine("_b = {0}", _b);
Console.WriteLine("_k = {0}", _k);
Console.WriteLine("_B = {0}", _B);
Console.WriteLine("_u = {0}", _u);
Console.WriteLine("_S = {0}", _S);
Console.WriteLine("_K = {0}", _K.ToBigInteger());
Console.WriteLine("_M = {0}", _M.ToBigInteger());
Console.WriteLine("=============================================");
#endif
}
[HttpPost("Create")] // Old
public IActionResult Create([FromBody] VerificationKey key)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var result = _context.VerificationKeys.Add(key);
_context.SaveChanges();
//return Created("[controller]/Get", result.Entity);
return(CreatedAtAction(nameof(Get), new { result.Entity.Id }, result.Entity));
}
public SRPVerifier(HashAlgorithm hashAlgorithm, SRPParameter parameter,
VerificationKey verification, byte[] A, byte[] b = null)
: base(hashAlgorithm, parameter)
{
_hashAlgorithm = hashAlgorithm;
_parameter = parameter;
_s = verification.Salt.StringToBytes().ToBigInteger();
_v = verification.Verifier.StringToBytes().ToBigInteger();
_username = verification.Username;
_A = A.ToBigInteger();
if ((_A % _parameter.PrimeNumber) == BigInteger.Zero)
{
throw new Exception("Safety check failed");
}
_b = b != null?b.ToBigInteger() : GetRandomNumber().ToBytes().ToBigInteger();
_k = Compute_k().ToBigInteger();
_B = (_k * _v + BigInteger.ModPow(
_parameter.Generator, _b, _parameter.PrimeNumber)
) % _parameter.PrimeNumber;
_u = Compute_u(_A.ToBytes(), _B.ToBytes()).ToBigInteger();
_S = Compute_S(_A, _v, _u, _b);
_K = Compute_K(_S.ToBytes());
_M = Compute_M(_username, _s.ToBytes(), _A.ToBytes(), _B.ToBytes(), _K);
_HMAK = Compute_HAMK(_A.ToBytes(), _M, _K);
_verificationKey = verification;
#if DEBUG
Console.WriteLine("=================== Verifier ====================");
Console.WriteLine("_s = {0}", _s);
Console.WriteLine("_v = {0}", _v);
Console.WriteLine("_username = {0}", _username);
Console.WriteLine("_A = {0}", _A);
Console.WriteLine("_b = {0}", _b);
Console.WriteLine("_k = {0}", _k);
Console.WriteLine("_B = {0}", _B);
Console.WriteLine("_u = {0}", _u);
Console.WriteLine("_S = {0}", _S);
Console.WriteLine("_K = {0}", _K.ToBigInteger());
Console.WriteLine("_M = {0}", _M.ToBigInteger());
Console.WriteLine("=============================================");
#endif
}
public VerificationKey CreateVerificationKey(string username, string password)
{
_s = GetRandomNumber().ToBytes();
var v = new VerificationKey
{
Salt = _s.ByteArrayToString(),
Username = username
};
var x = Compute_x(_s, username, password);
v.Verifier = BigInteger.ModPow(_parameter.Generator, x.ToBigInteger(), _parameter.PrimeNumber).ToBytes().ByteArrayToString();
_verificationKey = v;
return(_verificationKey);
}
public VerificationKey CreateVerificationKey(string username, string password)
{
_s = "A0AE7ED4898CBE1927CD5B3877516CFAF59F35EB43940B3640D44F2C86C38CD2".StringToBytes();//GetRandomNumber().ToBytes();
var v = new VerificationKey
{
Salt = _s.BytesToString(),
Username = username
};
var x = Compute_x(_s, username, password);
v.Verifier = BigInteger.ModPow(_parameter.Generator, x.ToBigInteger(), _parameter.PrimeNumber).ToBytes().BytesToString();
_verificationKey = v;
return(_verificationKey);
}
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
if (!string.IsNullOrEmpty(Request["verify"]) && !string.IsNullOrEmpty(Request["user"]))
{
VerificationKey key = this.CurrentWebSession.CreateCriteria <VerificationKey>()
.Add(Restrictions.Eq("Key", new Guid(Request["verify"])))
.Add(Restrictions.Eq("WebUserID", new Guid(Request["user"])))
.UniqueResult <VerificationKey>();
if (key == null)
{
Response.Redirect("/Login.aspx");
}
key.IsVerifed = true;
using (ITransaction x = this.CurrentWebSession.BeginTransaction())
{
this.CurrentWebSession.SaveOrUpdate(key);
try
{
x.Commit();
}
catch (Exception ex)
{
x.Rollback();
throw ex;
}
}
lblVerifyText.ForeColor = System.Drawing.Color.DarkGreen;
lblVerifyText.Text = "Account verified! You may now <a href=\"/Login.aspx\">login</a>.";
}
else
{
Response.Redirect("/Login.aspx");
}
}
protected void btnCreateUser_Click(object sender, EventArgs e)
{
ISession s = this.CurrentWebSession;
using (ITransaction t = s.BeginTransaction())
{
DateTime now = DateTime.Now;
WebUser user = new WebUser();
user.Username = txtUsername.Text;
user.EmailAddress = txtEmailAddress.Text;
user.UserID = Guid.NewGuid();
user.IsActive = true;
//user.CreatedBy = this.CurrentUser.UserID;
//user.CreatedOn = DateTime.UtcNow;
WebUserInfo info = new WebUserInfo();
info.WebUser = user;
info.FirstName = txtFirstName.Text;
info.ID = Guid.NewGuid();
info.LastName = txtLastName.Text;
info.LastLogin = DateTime.Now;
info.PrimaryPhone = txtPrimaryPhone.Text;
info.SecondaryPhone = txtSecondaryPhone.Text;
info.Hosts = int.Parse(ddlNumberOfHosts.SelectedValue);
info.MainSecurityConcern = ddlMainConcern.SelectedValue;
info.Provider = ddlProvider.SelectedValue;
info.PrimaryWebsite = txtPrimaryWebsite.Text;
info.IsActive = true;
string hash = Hashing.GetMd5Hash(txtPassword.Text, "sadf");
user.PasswordHash = hash;
VerificationKey vkey = new VerificationKey();
vkey.ID = Guid.NewGuid();
vkey.Key = Guid.NewGuid();
vkey.IsActive = true;
vkey.CreatedBy = Guid.Empty;
vkey.CreatedOn = now;
vkey.LastModifiedBy = Guid.Empty;
vkey.LastModifiedOn = now;
vkey.IsVerifed = false;
vkey.IsSent = true; //sending below
vkey.User = user;
s.SaveOrUpdate(vkey);
s.SaveOrUpdate(info);
s.SaveOrUpdate(user);
try
{
t.Commit();
}
catch (Exception ex)
{
t.Rollback();
throw ex;
}
SendVerificationEmail(info.FirstName + " " + info.LastName, user.EmailAddress, user.ID.ToString(), vkey.Key.ToString());
Response.Redirect("Login.aspx");
}
}
protected void btnLogin_Click(object sender, System.EventArgs e)
{
string hash = AutoAssess.Misc.Hashing.GetMd5Hash(txtPassword.Text, "sadf");
WebUser user = this.CurrentWebSession.CreateCriteria <WebUser> ()
.Add(Restrictions.Eq("Username", txtUsername.Text))
.Add(Restrictions.Eq("PasswordHash", hash))
.Add(Restrictions.Eq("IsActive", true))
.List <WebUser>()
.FirstOrDefault();
if (user == null)
{
lblLoginError.Text = "Invalid username/password combination.";
txtUsername.Text = string.Empty;
txtPassword.Text = string.Empty;
return;
}
VerificationKey key = this.CurrentWebSession.CreateCriteria <VerificationKey>()
.Add(Restrictions.Eq("WebUserID", user.ID))
.UniqueResult <VerificationKey>();
if (!key.IsVerifed)
{
lblLoginError.Text = "Please check your email for an account verification link.";
txtUsername.Text = string.Empty;
txtPassword.Text = string.Empty;
return;
}
WebUserInfo info = this.CurrentWebSession.CreateCriteria <WebUserInfo>()
.Add(Restrictions.Eq("WebUserID", user.ID))
.UniqueResult <WebUserInfo>();
info.LastLogin = DateTime.Now;
using (ITransaction x = this.CurrentWebSession.BeginTransaction())
{
this.CurrentWebSession.SaveOrUpdate(info);
try{
x.Commit();
}
catch (Exception ex)
{
x.Rollback();
throw ex;
}
}
Session["User"] = user;
FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(1, user.UserID.ToString(), DateTime.Now, DateTime.Now.AddMinutes(30), false, string.Empty /*Whatever data you want*/);
string cookiestr = FormsAuthentication.Encrypt(tkt);
HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
ck.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(ck);
Response.Redirect("/Default.aspx", true);
System.Security.Principal.GenericIdentity i = new System.Security.Principal.GenericIdentity(string.Empty, null);
this.Context.User = new System.Security.Principal.GenericPrincipal(i, null);
}
