public Outcome Execute() { Outcome response = new Outcome(); if (incommingPrincipal == null) { ssoregresponse.isSuccessful = false; ssoregresponse.Messages.Add("No User"); return(response); } HMAC256 hashing = new HMAC256(); var salt = hashing.GenerateSalt(); HashDTO hashDTO = new HashDTO() { Original = incommingPrincipal.Claims.Where(c => c.Type == "password") .Select(c => c.Value).SingleOrDefault() + salt }; ssoregresponse.username = incommingPrincipal.Claims.Where(c => c.Type == "username") .Select(c => c.Value).SingleOrDefault(); ssoregresponse.password = hashing.Hash(hashDTO); ssoregresponse.salt = salt; ssoregresponse.Messages.Add("Success!"); ssoregresponse.isSuccessful = true; response.Result = ssoregresponse; return(response); }
public void HashPassword() { HMAC256 hmac256 = new HMAC256(); string password = "******"; string salt = hmac256.GenerateSalt(); HashDTO dto = new HashDTO() { Original = password, Salt = salt }; string hash = hmac256.Hash(dto); for (int i = 0; i < 1000; i++) { Assert.Equal(hash, hmac256.Hash(dto)); } }
/// <summary> /// Creates dto based on validated information /// </summary> /// <param name="user"> Validated registeration information </param> /// <param name="geoCoordinates"> Validated Geocoordinates based on the location of registration information </param> /// <returns> The gateway DTO needed to create the user in the database </returns> public RegGatewayDTO CreateGatewayDTO(RegInfo user, WebAPIGeocode geoCoordinates) { var hmac = new HMAC256(); var salt = hmac.GenerateSalt(); // Returns null if salt was not generated (empty string) if (salt.Equals("")) { return(null); } var hashDTO = new HashDTO() { Original = user.UserCredInfo.Password + salt }; var hashPassword = hmac.Hash(hashDTO); // Return null if hash was not generated (empty string) if (hashPassword.Equals("")) { return(null); } var questions = new List <string>(); var answers = new List <string>(); foreach (SecurityQuestion QandA in user.SecurityQandAs) { questions.Add(QandA.Question); // hashes the answer to the security question var hmacDTO = new HashDTO() { Original = QandA.Answer }; var hashAnswer = hmac.Hash(hmacDTO); // returns null if hash was not generated if (hashAnswer.Equals("")) { return(null); } answers.Add(hashAnswer); } // Maps data to the dto for the gateway var mappedDTO = new RegGatewayDTO() { UserName = user.UserCredInfo.Username, Password = hashPassword, FirstName = user.UserProfile.FirstName, LastName = user.UserProfile.LastName, Type = user.UserProfile.UserType, Skill = user.UserProfile.Skill, Address = geoCoordinates.Street, City = geoCoordinates.City, State = geoCoordinates.State, Zipcode = geoCoordinates.ZipCode, Longitude = geoCoordinates.Longitude, Latitude = geoCoordinates.Latitude, UserClaims = new SetDefaultClaims().GetDefaultClaims(), Salt = salt, Questions = questions, Answers = answers }; return(mappedDTO); }
/// <summary> /// Set nw password for user /// </summary> /// <returns>return true if successful else false</returns> public Outcome Execute() { var response = new Outcome(); var messages = new List <string>(); ResetPasswordResponseDTO validResponse = new ResetPasswordResponseDTO(); // Returns error if user credentials are null if (incommingCredentials == null) { validResponse.isSuccessful = false; messages.Add(AccountConstants.REGISTRATION_INVALID); validResponse.Messages = messages; response.Result = validResponse; return(response); } var validator = new UserCredValidator(); var results = validator.Validate(incommingCredentials); IList <ValidationFailure> failures = results.Errors; // Returns any error messages if there was any when validating if (failures.Any()) { foreach (ValidationFailure failure in failures) { messages.Add(failure.ErrorMessage); } validResponse.isSuccessful = false; validResponse.Messages = messages; response.Result = validResponse; return(response); } if (new BadPasswordService().BadPassword(incommingCredentials.Password) == true) { validResponse.isSuccessful = false; messages.Add("Bad Password"); validResponse.Messages = messages; response.Result = validResponse; return(response); } HMAC256 hashPassword = new HMAC256(); string newSALT = hashPassword.GenerateSalt(); HashDTO hashDTO = new HashDTO() { Original = incommingCredentials.Password + newSALT }; string newPassword = hashPassword.Hash(hashDTO); LoginDTO newCredentials = new LoginDTO() { UserName = incommingCredentials.Username, Password = newPassword, SaltValue = newSALT }; LoginGateway loginGateway = new LoginGateway(); response.Result = loginGateway.SetNewPass(newCredentials); return(response); }