private static bool CheckPassword(string password, User usr) { if (string.IsNullOrEmpty(usr.Password)) { return(true); } string hashedPassword = SaltHashing.ComputeSaltedHash(password, usr.Salt); return(usr.Password == hashedPassword); }
public async Task <User> Register(User user, string password) { byte[] passwordHash, passwordSalt; //the out keyword will set value back into the variables SaltHashing.CreatePasswordHash(password, out passwordHash, out passwordSalt); //set user password values user.PasswordHash = passwordHash; user.PasswordSalt = passwordSalt; //save user async await _db.Users.AddAsync(user); await _db.SaveChangesAsync(); //return user return(user); }
private static void EncodePasswordIfRequired(User usr) { if (!string.IsNullOrEmpty(usr.Password) && usr.Password[0] == '#') { usr.Salt = SaltHashing.CreateRandomSalt(); usr.Password = SaltHashing.ComputeSaltedHash(usr.Password.Substring(1), usr.Salt); } /* * // encode password * if (usr.IsNew) * { * usr.Salt = SaltHashing.CreateRandomSalt(); * usr.Password = SaltHashing.ComputeSaltedHash(usr.Password, usr.Salt); * } * //if not new User then get it from DB * else * { * if (usr.Password == null || usr.Password.Length == 0) * { * // shorj: not really sure if this try/catch has to be exactly here * try * { * User tmp = UserDao.FindById(usr.ID); * if (tmp != null) * { * usr.Password = tmp.Password; * usr.Salt = tmp.Salt; * } * return; * } * catch (Exception ex) * { * throw new LoadException(ex); * } * } * else if (usr.Password[0] == '#') * { * usr.Salt = SaltHashing.CreateRandomSalt(); * usr.Password = SaltHashing.ComputeSaltedHash(usr.Password.Substring(1), usr.Salt); * } * }*/ }
public void SeedUsers() { var userData = System.IO.File.ReadAllText("Datas/UserSeedData.json"); var users = JsonConvert.DeserializeObject <List <User> >(userData); foreach (var user in users) { byte[] passwordHash, passwordSalt; SaltHashing.CreatePasswordHash("password", out passwordHash, out passwordSalt); user.PasswordHash = passwordHash; user.PasswordSalt = passwordSalt; user.Username = user.Username.ToLower(); _context.Users.Add(user); } _context.SaveChanges(); }
public LoginResult ChangePassword(string oldPassword, string newPassword) { LoginResult res = LoginResult.WrongLogin; User usr = GetCurrentUser(); if (usr != null) { User dbUsr = _UserSvc.GetByLogin(usr.LoginName); if (dbUsr != null) { if (!dbUsr.Active) { res = LoginResult.UserIsInactive; } else { string hashedPassword = SaltHashing.ComputeSaltedHash(oldPassword, usr.Salt); if (string.IsNullOrEmpty(dbUsr.Password) || dbUsr.Password == hashedPassword) { if (string.IsNullOrEmpty(newPassword)) { dbUsr.Password = ""; } else { dbUsr.Password = '******' + newPassword; } dbUsr.ShouldChangePassword = false; _UserSvc.Save(dbUsr); res = LoginResult.Successful; } else { res = LoginResult.WrongPassword; } } } } return(res); }