public ActionResult EditPassword(EditPasswordViewModel model, long id) { try { if (!ModelState.IsValid) { return(View(model)); } var user = _userManager.GetById(id); if (user.password != PasswordHashing.HashPassword (model.Password, user.passwordSalt)) { throw new Exception(Resource.WrongPassword); } var newSalt = PasswordHashing.GenerateSaltValue(); user.passwordSalt = newSalt; user.password = PasswordHashing.HashPassword(model.NewPassword, newSalt); _userManager.Update(user); return(RedirectToRoute("UserPage")); } catch (Exception e) { model.Error = e.Message; return(View(model)); } }
public async Task <ServiceResponse <UserDto> > PasswordChange(PasswordChangeDto pwdChange) { ServiceResponse <UserDto> serviceResponse = new ServiceResponse <UserDto>(); PasswordHashing ph = new PasswordHashing(); User entity = new User(); try { entity = _context.Users.First(u => u.Username == pwdChange.Username); if (ph.IsValid(pwdChange.CurrentPassword, entity.Salt, entity.Hash)) { entity.Salt = Encoding.Unicode.GetString(ph.GetSalt()); entity.Hash = Encoding.Unicode.GetString(ph.GetKey(pwdChange.NewPassword, Encoding.Unicode.GetBytes(entity.Salt))); _context.SaveChanges(); serviceResponse.Data = _mapper.Map <UserDto>(entity); } else { throw new Exception("Wrong current password!"); } } catch (Exception ex) { serviceResponse.Success = false; serviceResponse.Message = (ex.InnerException != null) ? ex.InnerException.Message : ex.Message; } return(serviceResponse); }
public ActionResult ChangePassword(ChangeOldPasswordViewModel suvm) { var PwdHashing = new PasswordHashing(); string emailAddress = Session["Username"].ToString(); var chkUser = (from l in db.Users where l.UserEmail == emailAddress select l).FirstOrDefault(); if (chkUser != null) { try { var decriptPwd = PwdHashing.Encrypt(suvm.UserPassword); chkUser.UserPassword = decriptPwd; chkUser.UserConfirmPassword = decriptPwd; db.SaveChanges(); ViewBag.DisplayMessage = "success"; ModelState.AddModelError("", "Your password reset was successful!"); } catch (Exception) { ViewBag.DisplayMessage = "Info"; ModelState.AddModelError("", "password reset was not successful, please try again!"); } } else { ViewBag.DisplayMessage = "Info"; ModelState.AddModelError("", "Email address does not exist!"); } return(View()); }
public ActionResult Login(UserProfile profile) { using (var context = new DVTManagementSystemContext()) { try { var PasswordHashingmMethod = new PasswordHashing(); string HashedPassword = PasswordHashingmMethod.HashInput(profile.PasswordHash); var user = context.UserProfiles.Single(u => u.EmailAddress == profile.EmailAddress && u.PasswordHash == profile.PasswordHash && u.IsApproved == true); if (user != null) { Session["FirstName"] = user.FirstName.ToString(); Session["LastName"] = user.FirstName.ToString(); return(RedirectToAction("Dashboard", "Applicant")); } } catch (System.Exception) { ModelState.AddModelError(string.Empty, "Username or Password is incorrect"); } } return(View()); }
public ActionResult Register(RegisterViewModel registerViewModel) { if (!ModelState.IsValid) { return(View(registerViewModel)); } var user = registerViewModel.GetUser(); var salt = RandomString(128); var hash = PasswordHashing.GetPasswordHash(registerViewModel.Password, salt); var userRole = _roleService.GetRoles(r => r.Name == "user").FirstOrDefault(); user.Roles = new List <Role> { userRole }; user.PasswordSalt = salt; user.PasswordHash = hash; try { _userService.AddUser(user); _userService.Save(); return(RedirectToAction("Login")); } catch { ModelState.AddModelError("", $"User with login {user.Login} already exists!"); return(View(registerViewModel)); } }
private void signUpButton_Click(object sender, EventArgs e) { try { PasswordHashing passwordHashing = new PasswordHashing(); UsersRepository usersRepository = new UsersRepository(); FileCreation fileCreation = new FileCreation(); Validations(); User user = new User(usernameBox.Text, passwordHashing.creatingHashedPassword(passwordBox.Text), fileCreation.createFile(usernameBox.Text)); user.fileLocation = fileCreation.EncryptWithAES(user.fileLocation); usersRepository.AddNewUserToDB(user); usersRepository.ChangeFileName(user); DialogResult dialog = MessageBox.Show("You signed up successfully!", "OK", MessageBoxButtons.OK); if (dialog == DialogResult.OK) { MainWindow.loggedInUser = user; LoggedIn loggedIn = new LoggedIn(); loggedIn.ShowDialog(); } } catch (Exception exc) { MessageBox.Show(exc.Message); } }
public void PasswordIsHashedTest() { string input = "Password"; string output = PasswordHashing.HashPassword(input); Assert.AreNotEqual(input, output); }
public async Task <ServiceResponse <GetUserDto> > Login(LoginDto login) { ServiceResponse <GetUserDto> serviceResponse = new ServiceResponse <GetUserDto>(); PasswordHashing ph = new PasswordHashing(); User entity = new User(); try { entity = _context.Users.First(u => u.Username == login.Username); if (ph.IsValid(login.Hash, entity.Salt, entity.Hash)) { serviceResponse.Data = _mapper.Map <GetUserDto>(_context.Users.Include(u => u.UserBooks).FirstOrDefault(u => u.Id == entity.Id)); } else { throw new Exception(""); } } catch (Exception ex) { serviceResponse.Success = false; serviceResponse.Message += (ex.InnerException != null) ? ex.InnerException.Message : ex.Message; if (serviceResponse.Message == "") { serviceResponse.Message = "Niepoprawny login lub hasło."; } } return(serviceResponse); }
// Кога корисникот креира свој акаунт private void btnSingUpVerify_Click(object sender, EventArgs e) { this.Hide(); // Се креира Please Wait инстанца која праќа Query на Azure за да се креира акаунт PleaseWait W = new PleaseWait(txtUsernameSignUp.Text.Trim(), PasswordHashing.hashPassword(txtPasswrodSignUp.Text), txtFirstName.Text.Trim(), txtLastName.Text.Trim()); W.ShowDialog(); bool success = W.sigupOK; W.Dispose(); // Доколку успешно е регистриран if (success) { MessageBox.Show("Succesfull registration !"); this.DialogResult = DialogResult.OK; } // Доколку не е успешено регистриран else { TryAgain N = new TryAgain(); N.ShowDialog(); this.Show(); N.Dispose(); } }
public async Task UpdateUserPasswordAsync(UserPasswordUpdateModel passwordUpdate) { var userId = passwordUpdate.UserId; var password = PasswordHashing.GeneratePassword(passwordUpdate.Password); await _userRepository.UpdateUserPasswordAsync(userId, password); }
public void Correct_Password_Wrong_Encoding_Should_Not_Match(HashingAlgo hashingAlgo) { var originalHashConfig = new HashingConfig { GenratePerPasswordSalt = true, GlobalSalt = null, SaltedPasswordFormat = SaltedPasswordFormat, HashingAlgo = hashingAlgo, PasswordHashEncodingType = EncodingType.Hex }; var mismatchedHashConfig = new HashingConfig { GenratePerPasswordSalt = true, GlobalSalt = null, SaltedPasswordFormat = SaltedPasswordFormat, HashingAlgo = hashingAlgo, PasswordHashEncodingType = EncodingType.Base64 }; var passwordHashing = new PasswordHashing(); var hash = passwordHashing.GetHash(CorrectPassword, originalHashConfig); var match = passwordHashing.CheckPassword(hash, mismatchedHashConfig, CorrectPassword); Assert.False(match); }
public int Register(string email, string password, string foreignLanguage) { int foreignLanguageId = GetForeignLanguageByName(foreignLanguage); password = PasswordHashing.Hash(password); return(_accountRepository.Register(email, password, foreignLanguageId)); }
public void TooHighComplexityPasswordTest() { string password = "******"; PasswordHashing provider = new PasswordHashing(complexity: 25); string hash = provider.Compute(password); }
public void TestGenerateAndCompareHashMatch() { byte[] saltAndHash = Convert.FromBase64String(PasswordHashing.EncodePassword(KnownPassword.ToSecureString(), null)); byte[] salt = PasswordHashing.ExtractStoredSalt(saltAndHash); Assert.That(salt, Is.Not.Null); Assert.That(PasswordHashing.HashesMatch(Convert.FromBase64String(PasswordHashing.EncodePassword(KnownPassword.ToSecureString(), salt)), saltAndHash)); }
public void NullPasswordTest() { string password = null; PasswordHashing provider = new PasswordHashing(); string hash = provider.Compute(password); }
public void TestHashDoesntMatch() { byte[] storedHash = Convert.FromBase64String(KnownHashAndSalt); byte[] salt = PasswordHashing.GenerateSalt(); byte[] curHash = Convert.FromBase64String(PasswordHashing.EncodePassword(KnownPassword.ToSecureString(), salt)); Assert.That(PasswordHashing.HashesMatch(storedHash, curHash), Is.False); }
public void TestEncode() { byte[] storedHash = Convert.FromBase64String(KnownHashAndSalt); byte[] salt = PasswordHashing.ExtractStoredSalt(storedHash); byte[] curHash = Convert.FromBase64String(PasswordHashing.EncodePassword(KnownPassword.ToSecureString(), salt)); Assert.That(storedHash, Is.EqualTo(curHash), "Hashed Passphrase 'HACK' should be the same"); }
public void TestHashMatches() { byte[] storedHash = Convert.FromBase64String(KnownHashAndSalt); byte[] salt = PasswordHashing.ExtractStoredSalt(storedHash); byte[] curHash = Convert.FromBase64String(PasswordHashing.EncodePassword(KnownPassword.ToSecureString(), salt)); Assert.That(PasswordHashing.HashesMatch(storedHash, curHash), Is.True); }
public void TestPasswordHashing() { var hashing = new PasswordHashing(); var hashedPassword = hashing.CreateHash("test"); var result = hashing.ValidatePassword("test", hashedPassword); Assert.IsTrue(result); }
public void TestExtractSalt() { byte[] expectedSalt = Convert.FromBase64String(KnownSalt); byte[] storedHash = Convert.FromBase64String(KnownHashAndSalt); byte[] salt = PasswordHashing.ExtractStoredSalt(storedHash); Assert.That(salt, Is.EqualTo(expectedSalt)); }
public void WhitespacePasswordTest() { string password = "******"; PasswordHashing provider = new PasswordHashing(); string hash = provider.Compute(password); }
public async Task SignOutUserAsync(Users userToCreate, string plainPassword) { string passwordSalt = PasswordHashing.CreateSalt(); userToCreate.PasswordSalt = passwordSalt; userToCreate.PasswordHash = PasswordHashing.GenerateHash(plainPassword, passwordSalt); await _context.Users.AddAsync(userToCreate); }
public RegisterResponse Register(RegisterRequest request) { var LogExists = _campaignDbContext.Clients.Any(c => c.Login.Equals(request.Login)); var MailExists = _campaignDbContext.Clients.Any(c => c.Email.Equals(request.Email)); var PhoneNumExists = _campaignDbContext.Clients.Any(c => c.Phone.Equals(request.Phone)); if (LogExists || MailExists || PhoneNumExists) { throw new ClientExistsException("Such client is already exists"); } var claims = new[] { new Claim(ClaimTypes.NameIdentifier, request.Login), new Claim(ClaimTypes.Name, request.LastName), new Claim(ClaimTypes.Role, "Client"), }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("faafsasfassdgdfger524312")); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken ( issuer: "Artem", audience: "Clients", claims: claims, expires: DateTime.Now.AddMinutes(10), signingCredentials: creds ); var accessToken = new JwtSecurityTokenHandler().WriteToken(token); var refreshToken = Guid.NewGuid(); var refreshT = refreshToken.ToString(); var salt = PasswordHashing.GenerateSalt(); var passwrd = PasswordHashing.Create(request.Password, salt); var client = new Client() { FirstName = request.FirstName, LastName = request.LastName, Email = request.Email, Phone = request.Phone, Login = request.Login, Password = passwrd, RefreshToken = refreshT, Salt = salt }; _campaignDbContext.Add(client); _campaignDbContext.SaveChanges(); return(new RegisterResponse { AccessToken = accessToken, RefreshToken = refreshT }); }
public async Task <bool> SaveAppUser(AppUser user, string newPasswordToHash = null) { bool success = true; if (!String.IsNullOrEmpty(newPasswordToHash)) { user.PasswordSalt = PasswordHashing.PasswordSaltInBase64(); user.PasswordHash = PasswordHashing.PasswordToHashBase64(newPasswordToHash, user.PasswordSalt); } try { using (var conn = new SqlConnection(_connectionString)) { await conn.OpenAsync(); string upsert = $"MERGE [AppUser] WITH (ROWLOCK) AS [T] " + $"USING (SELECT {user.Id} AS [id]) AS [S] " + $"ON [T].[id] = [S].[id] " + $"WHEN MATCHED THEN UPDATE SET [SubjectId]='{user.SubjectId}', [Username]='{user.Username}', [PasswordHash]='{user.PasswordHash}', [PasswordSalt]='{user.PasswordSalt}', [ProviderName]='{user.ProviderName}', [ProviderSubjectId]='{user.ProviderSubjectId}' " + $"WHEN NOT MATCHED THEN INSERT ([SubjectId],[Username],[PasswordHash],[PasswordSalt],[ProviderName],[ProviderSubjectId]) " + $"VALUES ('{user.SubjectId}','{user.Username}','{user.PasswordHash}','{user.PasswordSalt}','{user.ProviderName}','{user.ProviderSubjectId}'); " + $"SELECT SCOPE_IDENTITY();"; object result = null; using (var cmd = new SqlCommand(upsert, conn)) { result = await cmd.ExecuteScalarAsync(); } int newId = (result is null || result is DBNull) ? 0 : Convert.ToInt32(result); // SCOPE_IDENTITY returns a SQL numeric(38,0) type if (newId > 0) { user.Id = newId; } if (user.Id > 0 && user.Claims.Count > 0) { foreach (Claim c in user.Claims) { string insertIfNew = $"MERGE [Claim] AS [T] " + $"USING (SELECT {user.Id} AS [uid], '{c.Subject}' AS [sub], '{c.Type}' AS [type], '{c.Value}' as [val]) AS [S] " + $"ON [T].[AppUser_id]=[S].[uid] AND [T].[Subject]=[S].[sub] AND [T].[Type]=[S].[type] AND [T].[Value]=[S].[val] " + $"WHEN NOT MATCHED THEN INSERT ([AppUser_id],[Issuer],[OriginalIssuer],[Subject],[Type],[Value],[ValueType]) " + $"VALUES ('{user.Id}','{c.Issuer ?? string.Empty}','{c.OriginalIssuer ?? string.Empty}','{user.SubjectId}','{c.Type}','{c.Value}','{c.ValueType ?? string.Empty}');"; using (var cmd = new SqlCommand(insertIfNew, conn)) { await cmd.ExecuteNonQueryAsync(); } } } } } catch { success = false; } return(success); }
public void HashWithSaltTest() { PasswordHashing ph = new PasswordHashing(); string password = "******"; HashWithSaltResult hashResult = ph.HashWithSalt(password, 64, SHA512.Create()); HashWithSaltResult hashResult2 = ph.HashWithSalt(password, hashResult.Salt, SHA512.Create()); Assert.AreEqual <string>(hashResult.CipherText, hashResult2.CipherText); }
public static UserEntity ToUserEntity(this UserCreateModel usercreateModel) { return(new UserEntity { PartitionKey = Global.UserPartitionKey, RowKey = usercreateModel.Id, Id = usercreateModel.Id, PasswordHash = PasswordHashing.HashPassword(usercreateModel.Password), UserName = usercreateModel.UserName }); }
public async Task <User> CreateUserAsync(User user) { var userEntity = _mapper.Map <Models.Entities.User>(user); userEntity.Password = PasswordHashing.GeneratePassword(userEntity.Password); var userModel = await PerformUserCreation(userEntity); return(userModel); }
private void btnChangePass_Click(object sender, EventArgs e) { try { var passDb = DBC.ExecuteQuery("SELECT \"password\" FROM \"APPUSER\" WHERE " + $"username = '******';").Rows[0][0].ToString(); if (PasswordHashing.CheckPassword(txtActual.Text, passDb)) { if (!txtNewPass.Text.Equals(txtNewPass2.Text)) { MessageBox.Show(@"Las contraseñas nuevas no coinciden", @"Error", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1, MessageBoxOptions.DefaultDesktopOnly); } else { var hashedNew = PasswordHashing.CreateHash(txtNewPass.Text); var command = $"UPDATE \"APPUSER\" SET \"password\" = '{hashedNew}'" + $" WHERE username = '******';"; DBC.ExecuteNonQuery(command); MessageBox.Show(@"Contraseña actualizada", @"Completado", MessageBoxButtons.OK, MessageBoxIcon.Information, MessageBoxDefaultButton.Button1, MessageBoxOptions.DefaultDesktopOnly); } } else { MessageBox.Show(@"Su contraseña actual no es correcta", @"Error", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1, MessageBoxOptions.DefaultDesktopOnly); } } catch (Exception exception) { MessageBox.Show(exception.Message, @"Error", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1, MessageBoxOptions.DefaultDesktopOnly); } finally { txtActual.Text = ""; txtActual_Leave(null, EventArgs.Empty); txtNewPass.Text = ""; txtNewPass_Leave(null, EventArgs.Empty); txtNewPass2.Text = ""; txtNewPass2_Leave(null, EventArgs.Empty); } }
public void TestExtractNoSaltProvided() { byte[] expectedSalt = Convert.FromBase64String(KnownSalt); byte[] storedHash = Convert.FromBase64String(""); Assert.That(storedHash.Length, Is.LessThan(expectedSalt.Length)); byte[] salt = PasswordHashing.ExtractStoredSalt(storedHash); Assert.That(salt, Is.Not.EqualTo(expectedSalt)); }
public void TestExtractBadSalt() { byte[] expectedSalt = Convert.FromBase64String(KnownSalt); byte[] storedHash = Convert.FromBase64String("W4HzBdwizUNGfhTQJnP="); Assert.That(storedHash.Length, Is.LessThan(expectedSalt.Length)); byte[] salt = PasswordHashing.ExtractStoredSalt(storedHash); Assert.That(salt, Is.Not.EqualTo(expectedSalt)); }