Ejemplo n.º 1
0
        public void PasswordHash_Encode()
        {
            var hashes = new[]
            {
                PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt1")),
                PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt2")),
                PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt1")),
                PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt2")),

                PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt1")),
                PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt2")),
                PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt1")),
                PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt2")),
            };

            Assert.AreNotEqual(hashes[0], hashes[1]); // same password, different salt
            Assert.AreNotEqual(hashes[0], hashes[2]); // different password, same salt
            Assert.AreNotEqual(hashes[0], hashes[3]); // different password, different salt
            for (int i = 0; i < 4; i++)
            {
                Assert.AreNotEqual(hashes[i], hashes[i + 4]); // not equal even if created by same params.
            }
            Assert.IsTrue(PasswordHashProvider.CheckPassword("Password1", hashes[0], new TestPasswordSaltProvider("Salt1")));
            Assert.IsTrue(PasswordHashProvider.CheckPassword("Password1", hashes[1], new TestPasswordSaltProvider("Salt2")));
            Assert.IsTrue(PasswordHashProvider.CheckPassword("Password2", hashes[2], new TestPasswordSaltProvider("Salt1")));
            Assert.IsTrue(PasswordHashProvider.CheckPassword("Password2", hashes[3], new TestPasswordSaltProvider("Salt2")));
        }
Ejemplo n.º 2
0
        void link_Click(object sender, EventArgs e)
        {
            var link = sender as LinkButton;

            if (link == null)
            {
                return;
            }

            var fullUserName = link.CommandArgument;

            if (string.IsNullOrEmpty(fullUserName))
            {
                return;
            }

            var slashIndex = fullUserName.IndexOf('\\');
            var domain     = fullUserName.Substring(0, slashIndex);
            var username   = fullUserName.Substring(slashIndex + 1);

            IUser user;

            // Elevation: we need to have the user content in hand
            // regardless of the current users permissions (she is
            // a Visitor right now, before logging in).
            using (new SystemAccount())
            {
                user = User.Load(domain, username);
            }

            if (user == null)
            {
                return;
            }

            var password = _demoPasswords[user.Name.ToLower()];

            if (!PasswordHashProvider.CheckPassword(password, user.PasswordHash, (IPasswordSaltProvider)user))
            {
                return;
            }


            FormsAuthentication.SetAuthCookie(user.Username, false);
            var originalUrl = PortalContext.GetLoginOriginalUrl();

            if (String.IsNullOrEmpty(originalUrl))
            {
                originalUrl = Request.RawUrl;
            }

            Response.Redirect(originalUrl);
        }
Ejemplo n.º 3
0
        public bool CheckPasswordMatch(string passwordInClearText)
        {
            var match = false;

            try
            {
                // Check with the configured provider.
                match = PasswordHashProvider.CheckPassword(passwordInClearText, this.PasswordHash, this);
            }
            catch (SaltParseException)
            {
                // Keep 'match = false' and do not do other thing.
            }

            // If the migration is not enabled, shorting: return with the result.
            if (!Configuration.Security.EnablePasswordHashMigration)
            {
                return(match);
            }

            // If password was matched the migration is not needed.
            if (match)
            {
                return(true);
            }

            // Not match and migration is enabled.

            // Check with the outdated provider
            if (!PasswordHashProvider.CheckPasswordForMigration(passwordInClearText, this.PasswordHash, this))
            {
                // If does not match, game over.
                return(false);
            }

            // Migration: generating a new hash with the configured provider and salt.
            this.PasswordHash = PasswordHashProvider.EncodePassword(passwordInClearText, this);

            using (new SystemAccount())
                Save(SavingMode.KeepVersion);

            return(true);
        }