/// <summary>
        /// Strong authentication process.
        /// The cient must provide: sha1(sha1(real_password + salt) + token).
        /// In this way, the information stored in the database (sha1(real_password + salt))
        /// is never sent on the wire.
        /// </summary>
        /// <param name="username">username</param>
        /// <param name="password">sha1(sha1(real_password + salt) + token)</param>
        /// <param name="token">token</param>
        /// <returns>The User object is the authentication succededs, null if it does not.</returns>
        public User getUser(string username, string password, string token)
        {
            MySqlCommand cmd = new MySqlCommand();
            cmd.Connection = this.connection;

            cmd.CommandText = "SELECT sha1(concat(password, @token)) as hashed, rootDirectory FROM users WHERE username like @username";
            cmd.Prepare();
            cmd.Parameters.AddWithValue("@username", username);
            cmd.Parameters.AddWithValue("@token", token);

            MySqlDataReader reader = cmd.ExecuteReader();
            if (!reader.Read())
            {
                reader.Close();
                return null;
            }

            User ret = null;
            if(password.Equals((string) reader["hashed"])) {
                ret = new User();
                ret.rootDirectory = new DirectoryInfo((string)reader["rootDirectory"]);
                ret.username = username;
            }

            reader.Close();
            return ret;
        }
Beispiel #2
0
        public string authStep2(string token, string username, string password)
        {
            User u;

            try
            {
                u = User.authUser(username, password, token);
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message + " " + e.GetType());
                throw new FaultException<ServiceErrorMessage>(new ServiceErrorMessage(ServiceErrorMessage.AUTHENTICATIONFAILED));
            }

            user = u;
            token = GetUniqueKey(20);
            initializeUser();

            return token;
        }