public void AES_Decrp_Test() { var str = "bbbbb"; var strCry = CryptographyUtil.AESDecryptServer(str); Console.WriteLine(strCry); }
/// <summary> /// Creates and inserts a new user with the given username and password into the database. /// </summary> private User InsertNewUser(string username, string plaintextPassword, string phoneNumber = null) { // TODO apply validation to username and password User u = new User() { Username = username, PhoneNumber = phoneNumber }; CryptographyUtil.SetUserPassword(u, plaintextPassword); // insert this user, and get the id using (var s = sqlManager.EstablishDataConnection) { var cmd = s.CreateCommand(); cmd.CommandText = "INSERT INTO [User] (Username, PasswordHash, HMACKey, PhoneNumber) OUTPUT INSERTED.UserID VALUES (@Username, @PasswordHash, @HMACKey, @PhoneNumber);"; cmd.Parameters.AddWithValue("@Username", u.Username); cmd.Parameters.AddWithValue("@PasswordHash", u.PasswordHash); cmd.Parameters.AddWithValue("@HMACKey", u.HMACKey); cmd.Parameters.AddWithValue("@PhoneNumber", (object)u.PhoneNumber ?? DBNull.Value); using (var reader = cmd.ExecuteReader()) { while (reader.Read()) { u.UserId = (ulong)reader.GetInt64(0); } reader.Close(); } } // return the new User object return(u); }
/// <summary> /// 生成UserToken /// 作者:苑峰 时间:2009-8-13 /// 修改: 时间: /// </summary> /// <param name="CustID"></param> /// <param name="RealName"></param> /// <param name="NickName"></param> /// <param name="OuterID"></param> /// <param name="key"></param> /// <param name="ErrMsg"></param> /// <returns></returns> public string GenerateUserToken(string CustID, string RealName, string UserName, string NickName, string OuterID, string CustType, string LoginAuthenName, string LoginAuthenType, string key, out string ErrMsg) { string UserTokenVaule = ""; ErrMsg = ""; try { string TokenStr = System.Configuration.ConfigurationManager.AppSettings["TokenStr"]; string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); //Digest = Base64(3Des(SHA1(CustID + RealName+ UserName+NickName+ Timestamp+OuterID+CustType+TokenStr))) StringBuilder sbDigest = new StringBuilder(); sbDigest.Append(CustID); sbDigest.Append(RealName); sbDigest.Append(UserName); sbDigest.Append(NickName); sbDigest.Append(TimeStamp); sbDigest.Append(OuterID); sbDigest.Append(CustType); sbDigest.Append(LoginAuthenName); sbDigest.Append(LoginAuthenType); sbDigest.Append(TokenStr); string Digest = CryptographyUtil.GenerateAuthenticator(sbDigest.ToString(), key); //Base64(3DES(CustID +"$"+ RealName+ "$"+ UserName +"$"+NickName +“$”+Timestamp+"$"+OuterID +"$"+CustType+"$"+TokenStr+ "$"+ Digest)) StringBuilder sbUsertokenValue = new StringBuilder(); sbUsertokenValue.Append(CustID); sbUsertokenValue.Append("$"); sbUsertokenValue.Append(RealName); sbUsertokenValue.Append("$"); sbUsertokenValue.Append(UserName); sbUsertokenValue.Append("$"); sbUsertokenValue.Append(NickName); sbUsertokenValue.Append("$"); sbUsertokenValue.Append(TimeStamp); sbUsertokenValue.Append("$"); sbUsertokenValue.Append(OuterID); sbUsertokenValue.Append("$"); sbUsertokenValue.Append(CustType); sbUsertokenValue.Append("$"); sbUsertokenValue.Append(LoginAuthenName); sbUsertokenValue.Append("$"); sbUsertokenValue.Append(LoginAuthenType); sbUsertokenValue.Append("$"); sbUsertokenValue.Append(TokenStr); sbUsertokenValue.Append("$"); sbUsertokenValue.Append(Digest); UserTokenVaule = CryptographyUtil.Encrypt(sbUsertokenValue.ToString(), key); } catch (System.Exception ex) { UserTokenVaule = ""; ErrMsg = ex.Message; } return(UserTokenVaule); }
private UserToken MakeUserToken(ControllerBase controllerContext, User user) { // get a user token for this suer var ut = CryptographyUtil.MakeUserToken(user); // insert a new user token InsertToken(ut); // TODO: re-use tokens that are already valid instead of just inserting new ones // TODO: Consider tracking user agent with user tokens controllerContext.Response.StatusCode = 200; // delete the cookie controllerContext.Response.Cookies.Delete("auth_token"); // set up cookies controllerContext.Response.Cookies.Append("auth_token", ut.Token, new Microsoft.AspNetCore.Http.CookieOptions() { HttpOnly = true }); var claims = new List <Claim>() { new Claim(ClaimTypes.Name, user.Username), new Claim(ClaimTypes.NameIdentifier, $"{user.UserId}") }; var userid = new ClaimsIdentity(claims, "auth_token"); var pr = new ClaimsPrincipal(userid); controllerContext.HttpContext.SignInAsync(pr).Wait(); return(ut); }
protected void Page_Load(object sender, EventArgs e) { string comefrom_url = HttpContext.Current.Request.ServerVariables["HTTP_REFERER"]; Response.Write("-----------"); bool se = HttpContext.Current.Request.IsSecureConnection; bool au = HttpContext.Current.Request.IsAuthenticated; Response.Write("se=" + se); Response.Write("au=" + au); Response.Write("-----------"); //Response.AddHeader("P3P", "CP=CAO PSA OUR"); String SrcSsDeviceNo = "3500000000408201"; String UDBKey = "3C67B5657DF383DFE5FDBC449FFC850B8EB79459AA369011"; String TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); String ReturnUrl = "http://go.118114.cn"; String digest = String.Empty, PassportLoginRequestValue = String.Empty; digest = CryptographyUtil.ToBase64String(CryptographyUtil.Hash(SrcSsDeviceNo + TimeStamp + ReturnUrl)); PassportLoginRequestValue = HttpUtility.UrlEncode(SrcSsDeviceNo + "$" + CryptographyUtil.Encrypt(TimeStamp + "$" + ReturnUrl + "$" + digest, UDBKey)); Response.Write(digest + "<br/>"); Response.Write(PassportLoginRequestValue + "<br/>"); this.hdUDBUrl.Value = "http://Service.Passport.189.cn/Logon/UDBCommon/S/PassportLogin.aspx?PassportLoginRequest=" + PassportLoginRequestValue; Response.Write("-----------"); }
/// <summary> /// 客户信息平台的接收邮箱认证解密地址 /// 作者:周涛 时间:2009-9-09 /// </summary> public static List <string> DecryptEmailURL(string URL, HttpContext context) { List <string> list = new List <string>(); try { string[] arrTemp = URL.Split('='); URL = CryptographyUtil.Decrypt(Encoding.UTF8.GetString(CryptographyUtil.FromBase64String(HttpUtility.UrlDecode(arrTemp[1])))); string[] arrParam = URL.Split('$'); SPInfoManager spInfo = new SPInfoManager(); Object SPData = spInfo.GetSPData(context, "SPData"); string key = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData); string Digest = CryptographyUtil.GenerateAuthenticator(arrParam[0] + "$" + arrParam[1] + "$" + arrParam[2], key); if (Digest.Equals(arrParam[3])) { for (int i = 0; i < arrParam.Length - 1; i++) { list.Add(arrParam[i]); } } else { list = null; } } catch (System.Exception ex) { list = null; } return(list); }
public void TestLogin() { var user = new User() { UserId = 0, Username = "******" }; // set the user's password and hmac key CryptographyUtil.SetUserPassword(user, "Password123"); var pw1 = new byte[user.PasswordHash.Length]; Array.Copy(user.PasswordHash, pw1, user.PasswordHash.Length); Assert.True(CryptographyUtil.VerifyUserPassword(user, "Password123")); Assert.False(CryptographyUtil.VerifyUserPassword(user, "Password123!")); // if the HMAC key is set again, all passwords will be invalidated CryptographyUtil.SetUserHMACKey(user); Assert.False(CryptographyUtil.VerifyUserPassword(user, "Password123")); CryptographyUtil.SetUserPassword(user, "Password123"); Assert.True(CryptographyUtil.VerifyUserPassword(user, "Password123")); // assert that the password hash is different because the hmac keys have changed too Assert.False(CryptographyUtil.CryptographicCompare(pw1, user.PasswordHash)); }
public void SaveCurrentLoginCookies() { if (!IsLogged) { return; } if (Response == null) { return; } var loginUser = CurrentUser; var loginInfoCookie = Response.Cookies[cookieLoginInfoKey]; loginInfoCookie = (loginInfoCookie ?? new HttpCookie(cookieLoginInfoKey)); var passwordHash = CryptographyUtil.ComputeMD5(loginUser.Password); loginInfoCookie[cookieLoginNameKey] = loginUser.LoginName; loginInfoCookie[cookiePasswordKey] = passwordHash; Response.Cookies.Set(loginInfoCookie); }
public CryptographyUtilTests() { var salt = CryptographyUtil.GenerateRandomString(16); var iv = CryptographyUtil.GenerateIv(); _cryptography = new CryptographyUtil(salt, iv); }
public void SelEmail() { string username = HttpUtility.HtmlDecode(Request.QueryString["name"].ToString()); string email = HttpUtility.HtmlDecode(Request.QueryString["email"].ToString()); if (!ValidateValidateCode()) { Response.Write("验证码错误,请重新输入"); return; } else { int i = SetMail.FindPwdByEmail(username, email, out Msg); if (i == 0) { string[] str = FindPwd.SelPwdByEmailandName(username, email, out Msg); string Pwd = CryptographyUtil.Decrypt(str[1].ToString()); string CustId = str[0].ToString(); int y = SetMail.InsertEmailSendMassage(CustId, "2", "您的密码是:" + Pwd, "", 1, email, DateTime.Now, "找回密码", "中国电信号码百事通:找回密码", 0, out Msg); Response.Write(y); } else { Response.Write(Msg); } } }
/// <summary> /// 根据不同的业务系统提供的url对url参数进行解析 /// 最终list<string>一次是:CustID、Email、Time和Digest /// </summary> public static List <String> DecryptEmailURL(String SPID, String CustID, String Email, String Url, HttpContext context) { List <String> list = new List <String>(); try { String urlParameter = Url.Split('=')[1]; String decryptParameter = CryptographyUtil.Decrypt(Encoding.UTF8.GetString(CryptographyUtil.FromBase64String(HttpUtility.UrlDecode(urlParameter)))); String[] parArray = decryptParameter.Split('$'); //获取对应SPID的key SPInfoManager spInfo = new SPInfoManager(); Object SPData = spInfo.GetSPData(context, "SPData"); String key = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData); string Digest = CryptographyUtil.GenerateAuthenticator(parArray[0] + "$" + parArray[1] + "$" + parArray[2], key); if (Digest.Equals(parArray[3])) { for (int i = 0; i < parArray.Length - 1; i++) { list.Add(parArray[i]); } } else { list = null; } } catch (Exception ex) { list = null; } return(list); }
public void AES_Encry_Test() { var str = "aaaaa"; var strCry = CryptographyUtil.AESEncryServer(str); Console.WriteLine(strCry); }
public void ValidateRequest() { LoggingUtility log = LoggerFactory.GetLogger(); string userIdParam, userId, hash, newHash, timeStamp; userIdParam = HttpContext.Current.Request.QueryString[requestUserIdParam]; log.Debug("HBUserManager.ValidateRequest.userIdParam=" + userIdParam); if (!(string.IsNullOrEmpty(userIdParam)) && (userIdParam.Length > 32)) { timeStamp = DateTime.UtcNow.ToString(dateFormat); log.Debug("HBUserManager.ValidateRequest.timeStamp=" + timeStamp); hash = userIdParam.Substring(0, 32); log.Debug("HBUserManager.ValidateRequest.SentHash=" + hash); userId = userIdParam.Substring(32, userIdParam.Length - hash.Length); log.Debug("HBUserManager.ValidateRequest.userId=" + userId); //create new hash to compare it with the HB hash newHash = new CryptographyUtil().CalculateMD5(userId + ":" + hashSecret + ":" + timeStamp); //newHash = new HourlyDigest().CalculateMD5(""); log.Debug("HBUserManager.ValidateRequest.newHash=" + newHash); if (newHash == hash) { log.Debug("HBUserManager.ValidateRequest.newHashEqualsOldHash=true"); Authenticate(userId); } else { log.Debug("HBUserManager.ValidateRequest.newHashEqualsOldHash=false"); } } HttpContext.Current.Response.Redirect("../Offer"); }
/// <summary> /// 解析积分商城登录(login2.aspx)的请求参数 /// 比以前login.aspx多了AuthenName和Password /// </summary> public static int ParseJFLoginRequest(string SourceStr, HttpContext context, out string SPID, out string UAProvinceID, out string AuthenType, out string AuthenName, out string Password, out string ReturnURL, out string ErrMsg) { int Result = ErrorDefinition.IError_Result_UnknowError_Code; ErrMsg = ""; SPID = ""; UAProvinceID = ""; AuthenType = ""; AuthenName = ""; Password = ""; ReturnURL = ""; string TimeStamp = ""; string Digest = ""; try { string[] alSourceStr = SourceStr.Split('$'); SPID = alSourceStr[0].ToString(); SPInfoManager spInfo = new SPInfoManager(); Object SPData = spInfo.GetSPData(context, "SPData"); string ScoreSystemSecret = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData); // string ScoreSystemSecret = System.Configuration.ConfigurationManager.AppSettings["ScoreSystemSecret"] string EncryptSourceStr = alSourceStr[1].ToString(); string RequestStr = CryptographyUtil.Decrypt(EncryptSourceStr.ToString(), ScoreSystemSecret); string[] alRequest = RequestStr.Split('$'); //加密方式:Base64(Encrypt(UAProvinceID + “$” + SourceType+ “$”ReturnURL + “$”+ TimeStamp + “$”+ Digest)) //Digest = Base64(Hash(UAProvinceID + “$”+ SourceType + “$” + ReturnURL + “$”+ TimeStamp)) UAProvinceID = alRequest[0].ToString(); AuthenType = alRequest[1].ToString(); AuthenName = alRequest[2].ToString(); Password = alRequest[3].ToString(); ReturnURL = alRequest[4].ToString(); TimeStamp = alRequest[5].ToString(); Digest = alRequest[6].ToString(); //校验摘要 Digest 信息 string NewDigest = UAProvinceID + "$" + AuthenType + "$" + AuthenName + "$" + Password + "$" + ReturnURL + "$" + TimeStamp; NewDigest = CryptographyUtil.GenerateAuthenticator(NewDigest, ScoreSystemSecret); if (Digest != NewDigest) { Result = ErrorDefinition.IError_Result_InValidAuthenticator_Code; ErrMsg = "无效的Digest"; return(Result); } Result = 0; } catch (Exception e) { Result = ErrorDefinition.IError_Result_System_UnknowError_Code; ErrMsg = e.Message; } return(Result); }
private void DoDownload(bool auto) { if (Bytes == null || Bytes.Length == 0) { return; } var context = HttpContext.Current; var server = context.Server; var response = context.Response; if (response.HeadersWritten()) { return; } var correctFileName = (String.IsNullOrWhiteSpace(FileName) ? "Unknown" : FileName); var urlFileName = HttpUtility.UrlPathEncode(correctFileName); if (auto) { var disposition = new ContentDisposition { FileName = urlFileName, Inline = false, }; response.Clear(); response.Buffer = true; response.ContentType = "application/octet-stream"; response.AddHeader("Content-Disposition", disposition.ToString()); response.BinaryWrite(Bytes); response.End(); } else { var currentFileHash = CryptographyUtil.ComputeMD5(Bytes); var fullFileName = String.Format("{0}_{1}", currentFileHash, correctFileName); var tempFolderVirtualPath = "~/Temp"; var tempFileVirtualName = String.Format("{0}/{1}", tempFolderVirtualPath, fullFileName); var tempFolderPath = server.MapPath(tempFolderVirtualPath); if (!Directory.Exists(tempFolderPath)) { Directory.CreateDirectory(tempFolderPath); } var tempFilePath = server.MapPath(tempFileVirtualName); if (!File.Exists(tempFilePath)) { File.WriteAllBytes(tempFilePath, Bytes); } response.Clear(); response.Redirect(tempFileVirtualName); } }
public String getMD5Str(String source) { String Md5_digest = String.Empty; byte[] md5bytes = CryptographyUtil.MD5Encrypt(source); Md5_digest = CryptographyUtil.byteToHexStr(md5bytes); return(Md5_digest); }
protected void SetAuthenPhoneBtn_Click(object sender, EventArgs e) { LoginPassword = Request["LoginPassword"]; Phone = Request["Phone"]; AuthenCode = Request["AuthenCode"]; CheckCode = Request["CheckCode"]; // 校验LoginPassword try { if (!CommonUtility.ValidateValidateCode(HttpUtility.HtmlDecode(CheckCode), this.Context)) { errorHint.InnerHtml = "<script type='text/javascript'>showError('验证码校验未通过!')</script>"; return; } else { string webpwd = CryptographyUtil.Encrypt(LoginPassword); int i = FindPwd.SelState(CustID, webpwd, out ErrMsg); if (i != 0) { errorHint.InnerHtml = "<script type='text/javascript'> $('#LoginPassword').attr('value','" + LoginPassword + "');$('#Phone').attr('value','" + Phone + "');$('#AuthenCode').attr('value','" + AuthenCode + "');$('#CheckCode').attr('value','" + CheckCode + "');showError('登录密码输入错误,请重新输入!')</script>"; return; } else { Result = PhoneBO.SelSendSMSMassage(CustID, Phone, AuthenCode, out ErrMsg); // 校验手机验证码 if (Result == 0) { Result = PhoneBO.PhoneSetV2(SPID, CustID, Phone, "2", "2", out ErrMsg); if (Result == 0) { //跳转 errorHint.InnerHtml = "<script type='text/javascript'>showError('认证手机设置成功!')</script>"; //Response.Redirect("m.114yg.cn",true); return; } else { errorHint.InnerHtml = "<script type='text/javascript'>showError('" + ErrMsg + "!')</script>"; return; } } else { errorHint.InnerHtml = "<script type='text/javascript'>showError('" + ErrMsg + "!')</script>"; return; } } } } catch (Exception exp) { errorHint.InnerHtml = "<script type='text/javascript'>showError('" + exp.ToString() + "!')</script>"; return; } }
protected void CheckToken() { StringBuilder strLog = new StringBuilder(); String LocalCookie = System.Configuration.ConfigurationManager.AppSettings["CookieName"]; String UnifyPlatformCookie = ConfigurationManager.AppSettings["UnifyPlatformCookieName"]; isLogin = "******"; welcomeName = "0"; encryptCustIDValue = "0"; if (PageUtility.IsCookieExist(UnifyPlatformCookie, this.Context)) // unifyplatform token { if (PageUtility.IsCookieExist(LocalCookie, this.Context)) // local token { ParseToken(Request.Cookies.Get(LocalCookie).Value); } else //建立localtoken { string UnifyPlatformToken = Request.Cookies.Get(UnifyPlatformCookie).Value; PageUtility.SetCookie(UnifyPlatformToken, LocalCookie, this.Page); ParseToken(Request.Cookies.Get(LocalCookie).Value); } } else // 全局token不存在 unifyAccountCheck 检查登录状态 { if (IsUnifyPlatformChannel() && Bidirectional()) { //检查登录状态 if (!CommonUtility.IsParameterExist("UnifyAccountCheckResult", this.Page)) { string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); string appId = UDBConstDefinition.DefaultInstance.UnifyPlatformAppId; string appSecret = UDBConstDefinition.DefaultInstance.UnifyPlatformAppSecret; string version = UDBConstDefinition.DefaultInstance.UnifyPlatformVersion; string clientType = UDBConstDefinition.DefaultInstance.UnifyPlatformClientType; string accountType = UDBConstDefinition.DefaultInstance.UnifyPlatformAccountType; string format = "redirect"; String returnURL = HttpUtility.UrlEncode(UDBConstDefinition.DefaultInstance.UnifyAccountCheckCallBackUrl + "?SPID=35000000"); string parameters = "&timeStamp=" + TimeStamp + "&accoutType=" + accountType + "&returnURL=" + returnURL; strLog.AppendFormat("参数:{0}\r\n", parameters); string paras = CryptographyUtil.XXTeaEncrypt(parameters, appSecret); strLog.AppendFormat("参数:{0},paras:{1}\r\n", parameters, paras); string sign = CryptographyUtil.HMAC_SHA1(appId + clientType + format + version + paras, appSecret); strLog.AppendFormat("sign:{0}\r\n", sign); String UnifyAccountCheckUrl = UDBConstDefinition.DefaultInstance.UnifyAccountCheckUrl; UnifyAccountCheckUrl = UnifyAccountCheckUrl + "?appId=" + appId + "&version=" + version + "&clientType=" + clientType + "¶s=" + paras + "&sign=" + sign + "&format=redirect"; strLog.AppendFormat(" Redirect to UnifyAccountCheckUrl:{0}\r\n", UnifyAccountCheckUrl); log(strLog.ToString()); Response.Redirect(UnifyAccountCheckUrl, false); } if (PageUtility.IsCookieExist(LocalCookie, this.Context)) // 局部token 存在 { PageUtility.ExpireCookie(LocalCookie, this.Page); } } } }
protected void CreateUnifyPlatformLoginRequest() { string unifyPlatformLogonUrl = UDBConstDefinition.DefaultInstance.UnifyPlatformLogonUrl; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_LogonUrl"]; // 综合平台回调客户信息平台地址 //unifyPlatformLogonUrl = unifyPlatformLogonUrl + "&ReturnUrl=" + HttpUtility.UrlEncode(ReturnURL); string appId = UDBConstDefinition.DefaultInstance.UnifyPlatformAppId; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_appId"]; string appSecret = UDBConstDefinition.DefaultInstance.UnifyPlatformAppSecret; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_appSecretKey"]; string version = UDBConstDefinition.DefaultInstance.UnifyPlatformVersion; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_version"]; string clientType = UDBConstDefinition.DefaultInstance.UnifyPlatformClientType; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_clientType"]; string accountType = UDBConstDefinition.DefaultInstance.UnifyPlatformAccountType; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_accountType"]; string pageKey = UDBConstDefinition.DefaultInstance.UnifyPlatformPageKey; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_pageKey"]; string businessPage = UDBConstDefinition.DefaultInstance.UnifyPlatformBusinessPage; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_businessPage"]; string thirdAccount = UDBConstDefinition.DefaultInstance.UnifyPlatformThirdAccount; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_thirdAccount"]; string mustBind = UDBConstDefinition.DefaultInstance.UnifyPlatformMustBind; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_mustBind"]; string quicklogin = UDBConstDefinition.DefaultInstance.UnifyPlatformQuicklogin; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_quicklogin"]; string returnURL = UDBConstDefinition.DefaultInstance.UnifyPlatformCallBackUrl; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatformCallBackUrl"]; string regReturnUrl = UDBConstDefinition.DefaultInstance.UnifyPlatformWebRegisterCallBackUrl; //returnURL = returnURL + "?SPID=" + SPID + "&ReturnUrl="+ HttpUtility.UrlEncode(ReturnURL); returnURL = HttpUtility.UrlEncode(returnURL + "?SPID=" + SPID + "&ReturnUrl=" + HttpUtility.UrlEncode(ReturnURL)); regReturnUrl = HttpUtility.UrlEncode(regReturnUrl + "?SPID=" + SPID + "&ReturnUrl=" + HttpUtility.UrlEncode(ReturnURL)); string format = "redirect"; string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); if (String.IsNullOrEmpty(accountType)) { accountType = "01"; //accountType 01(手机,邮箱,别名) ,02 所有账号包括互联网账号? } if (String.IsNullOrEmpty(pageKey)) { pageKey = "default"; } if (String.IsNullOrEmpty(thirdAccount)) { thirdAccount = "yes"; } if (String.IsNullOrEmpty(mustBind)) { mustBind = "yes"; } if (String.IsNullOrEmpty(quicklogin)) { quicklogin = "******"; } string parameters = "timeStamp=" + TimeStamp + "&returnURL=" + returnURL + "&accoutType=" + accountType + "&zhUserName=&pageKey=" + pageKey + "&businessPage=" + businessPage + "&thirdAccount=" + thirdAccount + "&mustBind=" + mustBind + "&quicklogin="******"®ReturnUrl=" + regReturnUrl; string paras = CryptographyUtil.XXTeaEncrypt(parameters, appSecret); string sign = CryptographyUtil.HMAC_SHA1(appId + clientType + format + version + paras, appSecret); login189Url = unifyPlatformLogonUrl + "?appId=" + appId + "&version=" + version + "&clientType=" + clientType + "¶s=" + paras + "&sign=" + sign + "&format=redirect"; if ("35433333".Equals(SPID)) { //login189Url = unifyPlatformLogonUrl + "?appId=" + appId + "&version=" + version + "&clientType=" + clientType + "¶s=" + paras + "&sign=" + sign + "&format=redirect&btnC=blue"; login189Url = login189Url + "&btnC=blue"; } log("login189Url=" + login189Url); }
protected void register_Click(object sender, EventArgs e) { string mobile = this.mobile.Text; string checkCode = this.checkCode.Text; string password = this.password.Text; string password2 = this.password2.Text; //判断手机验证码 if (checkCode != null && !"".Equals(checkCode)) { Result = PhoneBO.SelSendSMSMassage("", mobile, checkCode, out ErrMsg); if (Result != 0) { errorHint.InnerHtml = "手机验证码错误,请重新输入"; return; } } Result = UserRegistry.quickUserRegistryWeb(SPID, password, mobile, "2", out CustID, out ErrMsg); if (Result != 0) { CommonBizRules.ErrorHappenedRedircet(Result, ErrMsg, "用户注册", this.Context); return; } SPInfoManager spInfo = new SPInfoManager(); Object SPData = spInfo.GetSPData(this.Context, "SPData"); string key = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData); string Digest = CryptographyUtil.GenerateAuthenticator(TimeStamp + "$" + CustID + "$" + Result + "$" + ErrMsg, key); string temp = SPID + "$" + CryptographyUtil.Encrypt(TimeStamp + "$" + CustID + "$" + Result + "$" + ErrMsg + "$" + Digest, key); string RegistryResponseValue = HttpUtility.UrlEncode(temp); log(String.Format("key:{0},Digest:{1},temp:{2},RegistryResponseValue:{3}", key, Digest, temp, RegistryResponseValue)); //给用户写cookie UserToken UT = new UserToken(); string key2 = spInfo.GetPropertyBySPID("35000000", "SecretKey", SPData); string RealName = mobile; string UserName = mobile; string NickName = mobile; // CustID, RealName, UserName, NickName, OuterID, CustType, string LoginAuthenName, string LoginAuthenType,string key, out string ErrMsg string UserTokenValue = UT.GenerateUserToken(CustID, RealName, UserName, NickName, "", "42", UserName, "1", key2, out ErrMsg); string CookieName = System.Configuration.ConfigurationManager.AppSettings["CookieName"]; PageUtility.SetCookie(UserTokenValue, CookieName, this.Page); //通知积分平台 CIP2BizRules.InsertCustInfoNotify(CustID, "2", SPID, "", "0", out ErrMsg); //记登录日志 CommonBizRules.WriteDataCustAuthenLog(SPID, CustID, "35", "0", "", "2", Result, ErrMsg); Response.Redirect(ReturnUrl + "?RegistryResponse=" + RegistryResponseValue, true); }
public bool Login(String loginName, String password, bool encryptedPassword) { if (ProjectID == null) { return(false); } if (IsLogged && defComparer.Equals(CurrentUser.LoginName, loginName)) { if (encryptedPassword) { var passwordHash = CryptographyUtil.ComputeMD5(CurrentUser.Password); if (defComparer.Equals(passwordHash, password)) { return(true); } } else if (CurrentUser.Password == password) { return(true); } } ResetInstanceData(); var token = UserManagementProxy.Login(loginName, password, encryptedPassword); var success = token != null; if (success) { var loginUser = UserManagementProxy.GetCurrentUser(token.Value); if (loginUser == null) { return(false); } var userGroups = UserManagementProxy.GetUserGroups(token.Value, loginUser.ID, ProjectID.Value); if (!loginUser.IsSuperAdmin && !IgnoreGroupMembership && (userGroups == null || userGroups.Count == 0)) { return(false); } currentToken = token; currentUser = loginUser; currentUserGroups = userGroups; SaveCurrentTokenCookies(); } LogEvent("LoginByName", loginName, password, token, success); return(success); }
/// <summary> /// 根据SPID对业务平台加密的数据进行验证 /// </summary> public static Int32 ValidateSPIDData(String SPID, String encryptStr, out String ErrMsg) { Int32 result = ErrorDefinition.BT_IError_Result_UnknowError_Code; ErrMsg = ErrorDefinition.BT_IError_Result_UnknowError_Msg; try { //根据SPID获取key SPInfoManager spinfo = new SPInfoManager(); Object SPData = spinfo.GetSPData(HttpContext.Current, "SPData"); String key = spinfo.GetPropertyBySPID(SPID, "SecretKey", SPData); //根据key无法解密则数据或key不正确 String decryptStr = CryptographyUtil.Decrypt(encryptStr, key); if (String.IsNullOrEmpty(decryptStr)) { ErrMsg = "数据解密出错"; return(result); } //数组最少为2维:原始数据+Digest String[] tempArray = decryptStr.Split('$'); Int32 len = tempArray.Length; if (len <= 2) { ErrMsg = "数据格式有误"; return(result); } String Digest = tempArray[len - 1]; StringBuilder tempStr = new StringBuilder(); Int32 i = 0; foreach (String temp in tempArray) { if (i == len - 1) { break; } tempStr.Append(temp + "$"); i++; } String newDigest = CryptographyUtil.Encrypt(tempStr.ToString().TrimEnd('$'), key); if (newDigest.Equals(Digest)) { result = 0; } } catch (Exception ex) { ErrMsg += ex.Message; } return(result); }
public static BlogConfig New() { return(new BlogConfig { Id = BlogConfig.Key, CustomCss = "hibernatingrhinos", FuturePostsEncryptionKey = CryptographyUtil.GenerateKey(), FuturePostsEncryptionSalt = CryptographyUtil.GenerateRandomString(16), FuturePostsEncryptionIv = CryptographyUtil.GenerateIv() }); }
/// <summary> /// Checks if the given username and password are valid. /// </summary> /// <returns> /// A User object for this user if the password matches, null otherwise. /// </returns> private User CheckUsernamePassword(string username, string password) { // get the User for the given username var user = GetUser(username); if (user != null && CryptographyUtil.VerifyUserPassword(user, password)) { return(user); } return(null); }
/// <summary> /// 拼凑UDB用户信息查询xml /// </summary> public static String BuildAccountInfoQueryXml(String SrcSsDeviceNo, String AuthSsDeviceNo, String UDBTicket) { String returnXml = String.Empty; String timeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); String key = String.Empty; String digest = CryptographyUtil.Decrypt(SrcSsDeviceNo + AuthSsDeviceNo + UDBTicket + timeStamp, key); //声明xml文档 XmlDocument xmlDoc = new XmlDocument(); XmlElement xmlElem; XmlText elemText; //添加声明 XmlDeclaration xmlDeclare = xmlDoc.CreateXmlDeclaration("1.0", "utf-8", null); xmlDoc.AppendChild(xmlDeclare); XmlElement rootNode = xmlDoc.CreateElement("AccountInfoCheckRequest"); xmlElem = xmlDoc.CreateElement("Authenticator"); elemText = xmlDoc.CreateTextNode(digest); xmlElem.AppendChild(elemText); rootNode.AppendChild(xmlElem); xmlElem = xmlDoc.CreateElement("SrcSsDeviceNo"); elemText = xmlDoc.CreateTextNode(SrcSsDeviceNo); xmlElem.AppendChild(elemText); rootNode.AppendChild(xmlElem); xmlElem = xmlDoc.CreateElement("AuthSsDeviceNo"); elemText = xmlDoc.CreateTextNode(AuthSsDeviceNo); xmlElem.AppendChild(elemText); rootNode.AppendChild(xmlElem); xmlElem = xmlDoc.CreateElement("AuthSsDeviceNo"); elemText = xmlDoc.CreateTextNode(AuthSsDeviceNo); xmlElem.AppendChild(elemText); rootNode.AppendChild(xmlElem); xmlElem = xmlDoc.CreateElement("UDBTicket"); elemText = xmlDoc.CreateTextNode(UDBTicket); xmlElem.AppendChild(elemText); rootNode.AppendChild(xmlElem); xmlElem = xmlDoc.CreateElement("TimeStamp"); elemText = xmlDoc.CreateTextNode(timeStamp); xmlElem.AppendChild(elemText); rootNode.AppendChild(xmlElem); xmlDoc.AppendChild(rootNode); returnXml = xmlDoc.OuterXml; return(returnXml); }
/// <summary> /// 根据业务系统提供的URL加密并发送邮件 /// </summary> public static String EncryptEmailURl_Client(String SPID, String CustID, String Email, String AuthenCode, HttpContext context) { String timeTamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); SPInfoManager spInfo = new SPInfoManager(); Object SPData = spInfo.GetSPData(context, "SPData"); String key = spInfo.GetPropertyBySPID(SPID, "SecretKey", SPData); String Digest = CryptographyUtil.GenerateAuthenticator(SPID + "$" + CustID + "$" + Email + "$" + AuthenCode + "$" + timeTamp, key); String AuthenStrValue = CryptographyUtil.ToBase64String(Encoding.UTF8.GetBytes(CryptographyUtil.Encrypt(SPID + "$" + CustID + "$" + Email + "$" + AuthenCode + "$" + timeTamp + "$" + Digest))); return(AuthenStrValue); }
/// <summary> /// 生成PassportLoginRequest参数 /// </summary> protected void CreateUdbPassportLoginRequest() { UDBReturnURL = System.Configuration.ConfigurationManager.AppSettings["UDBReturnURL"]; UDBReturnURL = UDBReturnURL + "&ReturnUrl=" + HttpUtility.UrlEncode(ReturnURL); UdbSrcSsDeviceNo = System.Configuration.ConfigurationManager.AppSettings["UdbSrcSsDeviceNo"]; UdbKey = System.Configuration.ConfigurationManager.AppSettings["UdbKey"]; string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); String Digest = CryptographyUtil.ToBase64String(CryptographyUtil.Hash(UdbSrcSsDeviceNo + TimeStamp + UDBReturnURL)); passportLoginRequestValue = System.Web.HttpUtility.UrlEncode(UdbSrcSsDeviceNo + "$" + CryptographyUtil.Encrypt(TimeStamp + "$" + UDBReturnURL + "$" + Digest, UdbKey)); }
protected void CreateUdbPassportLoginRequest(String UserID, String PUserID) { String UdbSrcSsDeviceNo = System.Configuration.ConfigurationManager.AppSettings["UdbSrcSsDeviceNo"]; String UdbKey = System.Configuration.ConfigurationManager.AppSettings["UdbKey"]; string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); // Digest = SrcSsDeviceNo + UserID + PUserID+TimeStamp+ReturnURL //PassportLogoutRequestValue = URLEncoding(SrcSsDeviceNo + “$” +Base64(Encrypt(UserID+“$” + PUserID+“$”+TimeStamp+ “$”+ ReturnURL+ “$”+ Digest))) String Digest = CryptographyUtil.ToBase64String(CryptographyUtil.Hash(UdbSrcSsDeviceNo + UserID + PUserID + TimeStamp + ReturnUrl)); passportLogoutRequestValue = System.Web.HttpUtility.UrlEncode(UdbSrcSsDeviceNo + "$" + CryptographyUtil.Encrypt(UserID + "$" + PUserID + "$" + TimeStamp + "$" + ReturnUrl + "$" + Digest, UdbKey)); }
protected void Page_Load(object sender, EventArgs e) { //PUserID = Request["PUserID"]; //UserID = Request["UserID"]; //CreateUdbPassportLoginRequest(UserID, PUserID); //string UdbLogoutWapUrl = System.Configuration.ConfigurationManager.AppSettings["UdbLogoutWapUrl"]; //Response.Redirect(UdbLogoutWapUrl + "?PassportLogoutRequest=" + passportLogoutRequestValue); StringBuilder strLog = new StringBuilder(); try { string CookieName = System.Configuration.ConfigurationManager.AppSettings["CookieName"]; PageUtility.ExpireCookie(CookieName, this.Page); } catch (Exception ep) { strLog.AppendFormat("异常:{0}\r\n", ep.ToString()); } try { string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); string appId = UDBConstDefinition.DefaultInstance.UnifyPlatformAppId; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_appId"]; string appSecret = UDBConstDefinition.DefaultInstance.UnifyPlatformAppSecret; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_appSecretKey"]; string version = UDBConstDefinition.DefaultInstance.UnifyPlatformVersion; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_version"]; string clientType = UDBConstDefinition.DefaultInstance.UnifyPlatformClientType; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_clientType"]; string format = "redirect"; //string userId = Convert.ToString(accountInfo.userId); string parameters = "userId=&timeStamp=" + TimeStamp + "&udbUserId=&productUid=&returnURL=" + HttpUtility.UrlEncode(Request["ReturnUrl"] == null ? ConstHelper.DefaultInstance.BesttoneHomePage : Request["ReturnUrl"].ToString()); //string parameters = "userId=&timeStamp=" + TimeStamp + "&udbUserId=&productUid=&returnURL="+HttpUtility.UrlEncode("m.114yg.cn") ; strLog.AppendFormat("parameters:{0}\r\n", parameters); string paras = CryptographyUtil.XXTeaEncrypt(parameters, appSecret); strLog.AppendFormat("paras:{0}\r\n", paras); string sign = CryptographyUtil.HMAC_SHA1(appId + clientType + format + version + paras, appSecret); strLog.AppendFormat("sign:{0}\r\n", sign); String UnifyPlatformLogoutUrl = UDBConstDefinition.DefaultInstance.UnifyPlatformLogoutUrl; strLog.AppendFormat("UnifyPlatformLogoutUrl:{0}\r\n", UnifyPlatformLogoutUrl); UnifyPlatformLogoutUrl = UnifyPlatformLogoutUrl + "?appId=" + appId + "&version=" + version + "&clientType=" + clientType + "¶s=" + paras + "&sign=" + sign + "&format=redirect"; strLog.AppendFormat("UnifyPlatformLogoutUrl:{0}\r\n", UnifyPlatformLogoutUrl); Response.Redirect(UnifyPlatformLogoutUrl, false); } catch (Exception ecp) { strLog.AppendFormat("异常:{0}\r\n", ecp.ToString()); } finally { WriteLog(strLog.ToString()); } //Response.Write("<iframe frameborder='1' width='100' height='100' src='" + UnifyPlatformLogoutUrl + "' style='display:none'></iframe>"); }
protected bool IsUnifyPlatformCookieExist(String CookieName, HttpContext context) { bool flag = false; StringBuilder strLog = new StringBuilder(); try { if (IsUnifyPlatformChannel()) { if (!CommonUtility.IsParameterExist("UnifyAccountCheckResult", this.Page)) { string TimeStamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"); string appId = UDBConstDefinition.DefaultInstance.UnifyPlatformAppId; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_appId"]; string appSecret = UDBConstDefinition.DefaultInstance.UnifyPlatformAppSecret; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_appSecretKey"]; string version = UDBConstDefinition.DefaultInstance.UnifyPlatformVersion; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_version"]; string clientType = UDBConstDefinition.DefaultInstance.UnifyPlatformClientType; //System.Configuration.ConfigurationManager.AppSettings["unifyPlatform_clientType"]; string accountType = UDBConstDefinition.DefaultInstance.UnifyPlatformAccountType; string format = "redirect"; String returnURL = HttpUtility.UrlEncode(UDBConstDefinition.DefaultInstance.UnifyAccountCheckCallBackUrl + "?SPID=35000000"); string parameters = "&timeStamp=" + TimeStamp + "&accoutType=" + accountType + "&returnURL=" + returnURL; strLog.AppendFormat("参数:{0}\r\n", parameters); string paras = CryptographyUtil.XXTeaEncrypt(parameters, appSecret); strLog.AppendFormat("参数:{0},paras:{1}\r\n", parameters, paras); string sign = CryptographyUtil.HMAC_SHA1(appId + clientType + format + version + paras, appSecret); strLog.AppendFormat("sign:{0}\r\n", sign); String UnifyAccountCheckUrl = UDBConstDefinition.DefaultInstance.UnifyAccountCheckUrl; UnifyAccountCheckUrl = UnifyAccountCheckUrl + "?appId=" + appId + "&version=" + version + "&clientType=" + clientType + "¶s=" + paras + "&sign=" + sign + "&format=redirect"; strLog.AppendFormat(" Redirect to UnifyAccountCheckUrl:{0}\r\n", UnifyAccountCheckUrl); log(strLog.ToString()); Response.Redirect(UnifyAccountCheckUrl, false); } else { String UnifyAccountCheckResult = Request["UnifyAccountCheckResult"]; flag = "0".Equals(UnifyAccountCheckResult) ? true : false; } } else { flag = false; } } catch (Exception e) { flag = false; strLog.AppendFormat("异常:{0\r\n}", e.ToString()); } finally { log(strLog.ToString()); } return(flag); }
/// <summary> /// 密码设置接口 /// </summary> public static int SetPassword(string SPID, string CustID, string Pwd, string PwdType, string ExtendField, out string ErrMsg) { int Result = ErrorDefinition.BT_IError_Result_UnknowError_Code; ErrMsg = ErrorDefinition.BT_IError_Result_UnknowError_Msg; SqlConnection myCon = null; SqlCommand cmd = new SqlCommand(); try { myCon = new SqlConnection(DBUtility.BestToneCenterConStr); cmd.Connection = myCon; cmd.CommandType = CommandType.StoredProcedure; cmd.CommandText = "up_Customer_V3_Interface_SetPwd"; SqlParameter parSPID = new SqlParameter("@SPID", SqlDbType.VarChar, 8); parSPID.Value = SPID; cmd.Parameters.Add(parSPID); SqlParameter parCustID = new SqlParameter("@CustID", SqlDbType.VarChar, 16); parCustID.Value = CustID; cmd.Parameters.Add(parCustID); SqlParameter parPwd = new SqlParameter("@Pwd", SqlDbType.VarChar, 50); parPwd.Value = CryptographyUtil.Encrypt(Pwd); cmd.Parameters.Add(parPwd); SqlParameter parPwdType = new SqlParameter("@PwdType", SqlDbType.VarChar, 1); parPwdType.Value = PwdType; cmd.Parameters.Add(parPwdType); SqlParameter parResult = new SqlParameter("@Result", SqlDbType.Int, 4); parResult.Direction = ParameterDirection.Output; cmd.Parameters.Add(parResult); SqlParameter parErrMsg = new SqlParameter("@ErrMsg", SqlDbType.VarChar, 256); parErrMsg.Direction = ParameterDirection.Output; cmd.Parameters.Add(parErrMsg); DBUtility.Execute(cmd, DBUtility.BestToneCenterConStr); Result = int.Parse(parResult.Value.ToString().Trim()); ErrMsg = parErrMsg.Value.ToString().Trim(); } catch (Exception e) { Result = ErrorDefinition.BT_IError_Result_System_UnknowError_Code; ErrMsg = ErrorDefinition.BT_IError_Result_System_UnknowError_Msg + e.Message; } return(Result); }