/// <summary>
        /// Constructor
        /// </summary>
        /// <param name="username">(string) username for the user</param>
        /// <param name="password">(string) password for the user</param>
        /// <param name="callback">(IServiceCallback) for the user</param>
        public User(string username, string password, IServiceCallback callback)
        {
            UserName = username;
            Callback = callback;

            #region Use PBDK to Securely Create and Store Password

            // Generate a salt
            // The US National Institute of Standards and Technology
            // recommends a salt length of 128 bits.
            Salt = ServiceCryptology.GenerateSalt(128);

            // Convert String Password to Unicode Byte Array
            byte[] bytesPassword = Encoding.Unicode.GetBytes(password);

            // Create a Derived Key Password
            // Use default workfactor
            Password = ServiceCryptology.GenerateHash(bytesPassword, Salt, WorkFactor, 256);

            #endregion Use PBDK to Securely Create and Store Password
        } // end of method
Example #2
0
        /// <summary>
        /// Validate
        /// Note: Project uses Message security on net.tcp binding
        /// to securely receive and process the client credentials
        /// Client must build and send their username and password credentials
        /// in their communications to the service. See project article for
        /// help on how to build and securely send client credentials.
        /// </summary>
        /// <param name="username">(string) User credential "username"</param>
        /// <param name="password">(string) User credential "password"</param>
        public override void Validate(string username, string password)
        {
            #region ValidateUserRegistration

            // First try to find a registered user
            User user = HelloAuthenticateService.RegisteredUsers.FirstOrDefault(x => x.UserName == username);

            // Allow the Service Registration to Handle Unregistered User
            if (user == null)
            {
                // Do not validate non-existing users
                return;
            }

            #endregion ValidateUserRegistration

            #region AuthenticateRegisteredUser

            // Convert Password to Compare to Database Password
            // Password-Based Key Derivation Function
            byte[] bytesPassword = Encoding.Unicode.GetBytes(password);
            // Note: Cryptology values may not be suitable for production level, this is only a demo
            byte[] passwordHash = ServiceCryptology.GenerateHash(bytesPassword, user.Salt, user.WorkFactor, 256);

            // Authenticate the Existing User Password
            if (user != null && System.Text.Encoding.Default.GetString(user.Password) == System.Text.Encoding.Default.GetString(passwordHash))
            {
                // Authenticated, no other action necessary
            }
            else
            {
                throw new SecurityTokenException("Unknown Username or Incorrect Password");
            }

            #endregion AuthenticateRegisteredUser
        } // end of method