/// <summary> /// Handles login. /// </summary> private void btnLogin_Click(object sender, RoutedEventArgs e) { try { if (loginCount >= 3) { lblLoginMessage.Content = "Logins exceeded, exit!"; Application.Current.Shutdown(); } loginCount++; if (tbPassword.Password.Length > 0) { ProgramData.ReadPwHash(); byte[] storedHash = ProgramData.GetPwHash(); byte[] salt = ProgramData.GetPwSalt(); var password = new SecureString(); foreach (char ch in tbPassword.Password.ToCharArray()) { password.AppendChar(ch); } // Securestring to string marshaling (example from: http://www.csharpdeveloping.net/Snippet/how_to_convert_securestring_to_string) var rfc2898 = new Rfc2898DeriveBytes(Marshal.PtrToStringBSTR(Marshal.SecureStringToBSTR(password)), salt, 10000); byte[] pwHash = rfc2898.GetBytes(16); byte[] hashBytes = new byte[32]; Array.Copy(salt, 0, hashBytes, 0, 16); Array.Copy(pwHash, 0, hashBytes, 16, 16); if (ProgramData.ComparePwd(hashBytes)) { lblLoginMessage.Content = "Access OK"; this.Close(); } else { lblLoginMessage.Content = "Please enter a valid password!"; } } else { lblLoginMessage.Content = "Please enter a valid password!"; } } catch (Exception ex) { MessageBox.Show("Error: " + ex.Message + "\n\n" + ex.StackTrace); } }
/// <summary> /// Event handler for password change. /// </summary> private void btnChangePassword_Click(object sender, RoutedEventArgs e) { try { var currentPw = new SecureString(); var newPwOne = new SecureString(); var newPwTwo = new SecureString(); foreach (char ch in pwBoxOldPassword.Password.ToCharArray()) { currentPw.AppendChar(ch); } byte[] pwHash = ProgramData.CreatePasswordHash(currentPw); if (ProgramData.ComparePwd(pwHash)) { foreach (char ch in pwBoxNewPassword.Password.ToCharArray()) { newPwOne.AppendChar(ch); } foreach (char ch in pwBoxReTypeNewPassword.Password.ToCharArray()) { newPwTwo.AppendChar(ch); } if (pwBoxNewPassword.Password.Equals(pwBoxReTypeNewPassword.Password)) { if (ProgramData.ReHashFiles(newPwOne)) { MessageBox.Show("Password changed", "Information"); this.Close(); } } else { lblMessage.Content = "Passwords do not match!"; } } else { this.Close(); } } catch (Exception ex) { MessageBox.Show("Exception:\n" + ex.Message, "Error"); } }