public User Authenticate(string userName, string password) { if ((String.IsNullOrWhiteSpace(userName)) || (String.IsNullOrWhiteSpace(password))) { return(null); } DbUser user; using (var context = new RelayContext()) { user = context.Users.SingleOrDefault(u => u.UserName == userName); if (user == null) { return(null); } } var passwordInformation = new PasswordInformation { Hash = user.Password, Salt = user.Salt, Iterations = user.Iterations }; if (_passwordHash.ValidatePassword(Encoding.UTF8.GetBytes(password), passwordInformation)) { return(new User() { UserName = user.UserName, Id = user.Id, CreationDate = user.CreationDate }); } return(null); }
public bool Authenticate(string userName, string password, out Guid linkId) { linkId = Guid.Empty; using (var context = new RelayContext()) { byte[] passwordBytes; try { passwordBytes = Convert.FromBase64String(password); } catch { return(false); } var link = context.Links.Where(p => p.UserName == userName).Select(p => new { p.Id, p.Password, p.Iterations, p.Salt }).FirstOrDefault(); if (link == null) { return(false); } var passwordInformation = new PasswordInformation { Hash = link.Password, Iterations = link.Iterations, Salt = link.Salt }; var cacheKey = userName + "/" + password; PasswordInformation previousInfo; lock (_successfullyValidatedUsernamesAndPasswords) { _successfullyValidatedUsernamesAndPasswords.TryGetValue(cacheKey, out previousInfo); } // found in cache (NOTE: cache only contains successfully validated passwords to prevent DOS attacks!) if (previousInfo != null) { if (previousInfo.Hash == passwordInformation.Hash && previousInfo.Iterations == passwordInformation.Iterations && previousInfo.Salt == passwordInformation.Salt) { linkId = link.Id; return(true); } } // ELSE: calculate and cache if (!_passwordHash.ValidatePassword(passwordBytes, passwordInformation)) { return(false); } lock (_successfullyValidatedUsernamesAndPasswords) { { _successfullyValidatedUsernamesAndPasswords[cacheKey] = passwordInformation; } } linkId = link.Id; return(true); } }
public PasswordInformationTest() { _passwordInformation = null; }
public void SetFields(PasswordInformation info) { if (!string.IsNullOrWhiteSpace(info.Hint)) { _password.Placeholder = info.Hint; } _forgotPassword.IsVisible = info.HasRecovery; _currentSalt = info.CurrentSalt; _newSalt = info.NewSalt; }
private static Task<ActivationResult> Register(Service service, string nationalNumber, string countryCode, string code, string firstName = null, string lastName = null) { return Task<ActivationResult>.Factory.StartNew(() => { var result = Telegram.RegisterCode(service, GetSettingsTelegramSettings(nationalNumber), countryCode + nationalNumber, GetSettingsCodeHash(nationalNumber), code, firstName, lastName, GetSettingsRegistered(nationalNumber)); if (result == null) { return new ActivationResult { Success = false, ErrorMessage = Localize.GetString("TelegramCodeError") }; } if (result.Response != Telegram.CodeRegister.Type.Success) { string errorMessage = null; var info = new PasswordInformation(); switch (result.Response) { case Telegram.CodeRegister.Type.NumberInvalid: errorMessage = Localize.GetString("TelegramCodeNumberInvalid"); break; case Telegram.CodeRegister.Type.CodeEmpty: errorMessage = Localize.GetString("TelegramCodeInvalidMessage"); break; case Telegram.CodeRegister.Type.CodeExpired: errorMessage = Localize.GetString("TelegramCodeCodeExpired"); break; case Telegram.CodeRegister.Type.CodeInvalid: errorMessage = Localize.GetString("TelegramCodeCodeInvalid"); break; case Telegram.CodeRegister.Type.FirstNameInvalid: errorMessage = Localize.GetString("TelegramCodeFirstNameInvalid"); break; case Telegram.CodeRegister.Type.LastNameInvalid: errorMessage = Localize.GetString("TelegramCodeLastNameInvalid"); break; case Telegram.CodeRegister.Type.PasswordNeeded: info.CurrentSalt = result.CurrentSalt; info.HasRecovery = result.HasRecovery; info.Hint = result.Hint; info.NewSalt = result.NewSalt; break; default: errorMessage = Localize.GetString("TelegramCodeError"); break; } return new ActivationResult { Success = false, ErrorMessage = errorMessage, PasswordNeeded = result.Response == Telegram.CodeRegister.Type.PasswordNeeded, PasswordInformation = info }; } return new ActivationResult { Success = true, AccountId = result.AccountId, }; }); }