public bool Put(AccountPasswordResetModel model)
{
using (DatabaseContext context = Util.CreateContext())
{
var smsConfirmationCode = (from c in context.SmsConfirmationCodes
where c.MobileNumber == model.MobileNumber
orderby c.Created descending
select c).FirstOrDefault();
if (smsConfirmationCode == null || smsConfirmationCode.ConfirmationCode != model.Code)
{
return(false);
}
string salt = PWDTK.GetRandomSaltHexString();
byte[] saltBytes = PWDTK.HashHexStringToBytes(salt);
string passwordHash = PWDTK.PasswordToHashHexString(saltBytes, model.Password);
var account = (from a in context.Accounts
where a.Email == model.MobileNumber || a.Phone == model.MobileNumber
select a).FirstOrDefault();
if (account == null)
{
return(false);
}
account.Salt = salt;
account.PasswordHash = passwordHash;
context.SmsConfirmationCodes.Remove(smsConfirmationCode);
context.SaveChanges();
return(true);
}
}
private void CompareHashButton_Click(object sender, RoutedEventArgs e)
{
if (!PasswordMeetsPolicy(PasswordTextBox.Password, PwdPolicy))
{
return;
}
var stopW = new Stopwatch();
stopW.Start();
if (PWDTK.ComparePasswordToHash(_salt, PasswordTextBox.Password, _hash, iterations))
{
stopW.Stop();
//Password hash matches stored hash allow entry into system and log details as per corporate audit logging
MessageBox.Show("Password hash matches stored hash");
MessageBox.Show("Creating the Hash and comparisson took a total of " + stopW.ElapsedMilliseconds.ToString() + " milliseconds, increase or decrease iterations to raise or lower this time");
}
else
{
stopW.Stop();
//Password hash does NOT match stored hash, deny access and log details as per corporate audit logging
MessageBox.Show("Password hash does NOT match stored hash");
MessageBox.Show("Creating the Hash and comparisson took a total of " + stopW.ElapsedMilliseconds.ToString() + " milliseconds, increase or decrease iterations to raise or lower this time");
}
}
public ActionResult ManageDoctor(DoctorViewModel model, Address address, bool changeLoginInfo)
{
if (ModelState.IsValid)
{
var doctor = db.Users.Find(model.ID);
GlobalHelpers.Transfer<DoctorViewModel, User>(model, doctor, "Address,Phones,password");
if (changeLoginInfo)
{
if (doctor.password != model.password)
{
var passwordHelper = new PasswordHelper();
if (!passwordHelper.HashPassword(model.password))
{
model.Address = address;
ModelState.AddModelError("", _("lblPasswordPolicyErr"));
return View(model);
}
doctor.password = PWDTK.HashBytesToHexString(passwordHelper.Hash);
doctor.salt = PWDTK.HashBytesToHexString(passwordHelper.Salt);
}
}
GlobalHelpers.Transfer<Address, Address>(address, doctor.Address, "ID,Insurers,Users");
doctor.gender = ((char)model.gender).ToString();
doctor.maritalStatus = ((char)model.maritalStatus).ToString();
var doctorData = db.Doctors.FirstOrDefault(d => d.userID == model.ID);
doctorData.speciality = model.speciality;
db.Entry(doctor).State = EntityState.Modified;
db.SaveChanges();
return RedirectToAction("Index", "Home");
}
model.Address = address;
return View(model);
}
public ActionResult Edit(PatientViewModel model, Address address, bool changeLoginInfo)
{
if (ModelState.IsValid)
{
var user = db.Users.Find(model.ID);
GlobalHelpers.Transfer <PatientViewModel, User>(model, user, "Address,Phones,password");
if (changeLoginInfo)
{
if (user.password != model.password)
{
var passwordHelper = new PasswordHelper();
if (!passwordHelper.HashPassword(model.password))
{
model.Address = address;
ModelState.AddModelError("", _("lblPasswordPolicyErr"));
return(View(model));
}
user.password = PWDTK.HashBytesToHexString(passwordHelper.Hash);
user.salt = PWDTK.HashBytesToHexString(passwordHelper.Salt);
}
}
GlobalHelpers.Transfer <Address, Address>(address, user.Address, "ID,Insurers,Users");
user.gender = ((char)model.gender).ToString();
user.maritalStatus = ((char)model.maritalStatus).ToString();
db.Entry(user).State = EntityState.Modified;
db.SaveChanges();
return(RedirectToAction("Index"));
}
model.Address = address;
return(View(model));
}
public ActionResult ManageEmployee(EmployeeViewModel model, Address address, bool changeLoginInfo)
{
if (ModelState.IsValid)
{
var user = db.Users.Find(model.ID);
// transferir propiedaades entre el modelo de empleado y el objeto de usuario
// exceptuando las propiedades especificadas en el último argumento.
GlobalHelpers.Transfer<EmployeeViewModel, User>(model, user, "Address,Phones,password");
if (changeLoginInfo) // si se especificó cambiar los datos de inicio de sesión
{
if (user.password != model.password) // si se cambió la contraseña
{
var passwordHelper = new PasswordHelper();
if (!passwordHelper.HashPassword(model.password))
{
model.Address = address;
ModelState.AddModelError("", _("lblPasswordPolicyErr"));
return View(model);
}
user.password = PWDTK.HashBytesToHexString(passwordHelper.Hash);
user.salt = PWDTK.HashBytesToHexString(passwordHelper.Salt);
}
}
GlobalHelpers.Transfer<Address, Address>(address, user.Address, "ID,Insurers,Users");
user.gender = ((char)model.gender).ToString();
user.maritalStatus = ((char)model.maritalStatus).ToString();
db.Entry(user).State = EntityState.Modified;
db.SaveChanges();
return RedirectToAction("Index", "Home");
}
model.Address = address;
return View(model);
}
internal Guid CreateAccount(AccountCreateInfo model, bool isAdmin = false)
{
using (DatabaseContext context = Util.CreateContext())
{
string passwordHash = "";
string salt = "";
if (String.IsNullOrEmpty(model.FacebookUserId)) //if not a facebook user, hex password.
{
salt = PWDTK.GetRandomSaltHexString();
byte[] saltBytes = PWDTK.HashHexStringToBytes(salt);
passwordHash = PWDTK.PasswordToHashHexString(saltBytes, model.Password);
}
string role = isAdmin ? "Administrator" : "User";
Account account = new Account
{
Guid = Guid.NewGuid(),
Username = model.Username,
FacebookUserId = model.FacebookUserId,
Salt = salt,
PasswordHash = passwordHash,
Roles = JsonConvert.SerializeObject(new string[] { role }),
Phone = model.Phone,
LanguageCode = model.LanguageCode,
IsActive = true,
Created = DateTime.UtcNow,
LastLogin = DateTime.UtcNow
};
context.Accounts.Add(account);
context.SaveChanges();
return(account.Guid);
}
}
public bool VerifyCredentials(VerifyCredentialsRequest model)
{
if (model == null || String.IsNullOrEmpty(model.Username) || String.IsNullOrEmpty(model.Password))
{
throw new HttpResponseException(HttpStatusCode.BadRequest);
}
using (DatabaseContext context = new DatabaseContext())
{
Account account = (from a in context.Accounts
where model.Username == a.Username || model.Username == a.FacebookUserId
select a).FirstOrDefault();
if (account == null)
{
throw new HttpResponseException(HttpStatusCode.BadRequest);
}
//test access token login
if (model.Username == account.FacebookUserId)
{
return(FacebookVerifyCredentials(account.FacebookUserId, model.Password));
}
//user has facebook account, but attempting password.
if (model.Username == account.Username && !String.IsNullOrEmpty(account.FacebookUserId))
{
return(false);
}
var saltBytes = PWDTK.HashHexStringToBytes(account.Salt);
var passwordBytes = PWDTK.HashHexStringToBytes(account.PasswordHash);
return(PWDTK.ComparePasswordToHash(saltBytes, model.Password, passwordBytes));
}
}
public ActionResult Register(string email, string password, string password2)
{
if (!IsEmailAddress(email))
{
return(View(new RegisterVM
{
ErrorMessage = "You must enter a valid email address"
}));
}
if (email.IsNullOrEmpty() || password.IsNullOrEmpty() || password2.IsNullOrEmpty())
{
return(View(new RegisterVM
{
ErrorMessage = "All fields marked with * are mandatory"
}));
}
if (password != password2)
{
return(View(new RegisterVM
{
ErrorMessage = "Passwords do not match"
}));
}
if (!PasswordMeetsPolicy(password, PwdPolicy))
{
return(View(new RegisterVM
{
ErrorMessage = "Password must be at least 6 characters long"
}));
}
var user = userService.GetUser(email);
if (user != null)
{
return(View(new RegisterVM
{
ErrorMessage = "That email is already taken"
}));
}
var salt = PWDTK.GetRandomSalt(saltSize);
var hash = PWDTK.PasswordToHash(salt, password, Configuration.GetHashIterations());
user = new User
{
UserName = email,
Salt = salt,
Password = hash,
LoginProvider = LoginProvider.Internal
};
user.Id = userService.InsertUser(user, () => Redis.AddUser(user));
FormsAuthentication.SetAuthCookie(user.Id.ToString(), createPersistentCookie: true);
return(RedirectToAction("Index", "Home"));
}
/// <summary>
/// Verifica se uma senha informada é a senha encriptografada armazenada no banco.
/// </summary>
/// <param name="senha">A senha usada na tentativa de login</param>
/// <param name="salt">O salt recuperado do banco para o usuario</param>
/// <param name="hashedSenha">O hash recuperado do banco para o usuario</param>
/// <returns>Se a senha é a mesma</returns>
public static bool Verificar(string senha, byte[] salt, byte[] hashedSenha)
{
return(PWDTK.ComparePasswordToHash(
salt: salt,
password: senha,
hash: hashedSenha));
}
public bool ComparePassword(string password, string hash, string salt)
{
Hash = PWDTK.HashHexStringToBytes(hash);
Salt = PWDTK.HashHexStringToBytes(salt);
return(PWDTK.ComparePasswordToHash(Salt, password, Hash, iterations));
}
private void CmdGuardar_Click()
{
try
{
// tblUser tbluser = _db.tblUsers.Find(_Id);
// _db.Entry(tbluser).State = System.Data.Entity.EntityState.Modified;
IntPtr passwordBSTR = default(IntPtr);
string insecurePassword = "";
passwordBSTR = Marshal.SecureStringToBSTR(Password);
insecurePassword = Marshal.PtrToStringBSTR(passwordBSTR);
IntPtr passwordVerificationBSTR = default(IntPtr);
string insecurePasswordVerification = string.Empty;
passwordVerificationBSTR = Marshal.SecureStringToBSTR(PasswordVerification);
insecurePasswordVerification = Marshal.PtrToStringBSTR(passwordVerificationBSTR);
if (!insecurePassword.Equals(insecurePasswordVerification))
{
throw new Exception("Error con el Password");
}
//Hash password
if (!PasswordMeetsPolicy(insecurePassword, PwdPolicy))
{
return;
}
_salt = PWDTK.GetRandomSalt(saltSize);
string salt = PWDTK.GetSaltHexString(_salt);
_hash = PWDTK.PasswordToHash(_salt, insecurePassword, iterations);
var hashedPassword = PWDTK.HashBytesToHexString(_hash);
using (SqlExcuteCommand exe = new SqlExcuteCommand()
{
DBCnnStr = DBEndososCnnStr
})
{
exe.MyUpdateUser(_Id, hashedPassword, salt);
}
// tbluser.SecurityStamp = salt;
// tbluser.PasswordHash = hashedPassword;
//_db.SaveChanges();
MessageBox.Show("Dones...", "Done", MessageBoxButton.OK, MessageBoxImage.Information);
CmdSalir_Click();
}
catch (Exception ex)
{
MethodBase site = ex.TargetSite;
MessageBox.Show(ex.Message, site.Name, MessageBoxButton.OK, MessageBoxImage.Error);
}
}
private bool PasswordMeetsPolicy(String Password, PWDTK.PasswordPolicy PassPolicy)
{
if (PWDTK.TryPasswordPolicyCompliance(Password, PassPolicy))
{
return(true);
}
else
{
return(false);
}
}
public ActionResult ResetPassword(ResetModel model)
{
if (ModelState.IsValid)
{
var user = db.Users
.FirstOrDefault(u => u.email == model.email);
if (user == null)
{
ModelState.AddModelError("", _("lblInvalidMailErr"));
}
else
{
try
{
var fromAddress = new MailAddress(Settings.Default.SMTP_Mail, Settings.Default.SMTP_FromName);
var toAddress = new MailAddress(model.email, user.firstName);
string fromPassword = Settings.Default.SMTP_Password;
string subject = Language.ResetPasword_SubjectMsg;
var passwordHelper = new PasswordHelper();
var password = GlobalHelpers.CreateRandomPassword(10);
passwordHelper.HashGeneratedPassword(password);
user.password = PWDTK.HashBytesToHexString(passwordHelper.Hash);
user.salt = PWDTK.HashBytesToHexString(passwordHelper.Salt);
db.SaveChanges();
string body = string.Format(
Language.ResetPassword_BodyMsg, user.CompleteName,
user.username, password
);
var smtp = new SmtpClient
{
Host = Settings.Default.SMTP_Host,
Port = Convert.ToInt16(Settings.Default.SMTP_Port),
EnableSsl = true,
DeliveryMethod = SmtpDeliveryMethod.Network,
UseDefaultCredentials = false,
Credentials = new NetworkCredential(fromAddress.Address, fromPassword)
};
using (var message = new MailMessage(fromAddress, toAddress) { Subject = subject, Body = body, IsBodyHtml = true })
{ smtp.Send(message); }
TempData["success"] = _("lblSendMailSuccess");
}
catch
{
ModelState.AddModelError("", _("lblSendMailErr"));
}
}
}
return View(model);
}
private bool userMeetsPolicy(string username, PWDTK.UserPolicy userPolicy)
{
UserPolicyException usrEx = new UserPolicyException("");
if (PWDTK.TryUserNamePolicyCompliance(username, userPolicy, ref usrEx))
{
return(true);
}
else
{
throw new Exception(usrEx.Message);
}
}
public bool HashGeneratedPassword(string password)
{
try
{
Salt = PWDTK.GetRandomSalt(saltSize);
Hash = PWDTK.PasswordToHash(Salt, password, iterations);
return(true);
}
catch
{
return(false);
}
}
public bool HashPassword(string password)
{
//A check to make sure the supplied password meets our defined password
//policy before using CPU resources to calculate hash, this step is optional
if (PasswordMeetsPolicy(password, PwdPolicy))
{
//Get a random salt
Salt = PWDTK.GetRandomSalt(saltSize);
//Generate the hash value
Hash = PWDTK.PasswordToHash(Salt, password, iterations);
return(true);
}
return(false);
}
private bool PasswordMeetsPolicy(String Password, PWDTK.PasswordPolicy PassPolicy)
{
PasswordPolicyException pwdEx = new PasswordPolicyException("");
if (PWDTK.TryPasswordPolicyCompliance(Password, PassPolicy, ref pwdEx))
{
return(true);
}
else
{
//Password does not comply with PasswordPolicy so we get the error message from the PasswordPolicyException to display to the user
MessageBox.Show(pwdEx.Message);
return(false);
}
}
public ActionResult Create(DoctorViewModel model, Address address, string[] Uphones)
{
if (ModelState.IsValid)
{
db.Addresses.Add(address);
var user = new User();
GlobalHelpers.Transfer <DoctorViewModel, User>(model, user);
user.gender = ((char)model.gender).ToString();
user.maritalStatus = ((char)model.maritalStatus).ToString();
// obtener hash de contraseña para almacenar en la bd.
var passwordHelper = new PasswordHelper();
if (!passwordHelper.HashPassword(user.password))
{
ModelState.AddModelError("", _("lblPasswordPolicyErr"));
return(View(model));
}
user.password = PWDTK.HashBytesToHexString(passwordHelper.Hash);
user.salt = PWDTK.HashBytesToHexString(passwordHelper.Salt);
user.Address = address;
user.superUser = false;
user.status = true;
db.Users.Add(user);
// Agregar telefonos
if (Uphones != null)
{
foreach (string n in Uphones)
{
var phone = new Phone();
var data = n.Split('|');
phone.number = data[0];
phone.type = (int)GlobalHelpers.ParseEnum <PhoneTypes>(data[1]);
phone.notes = data[2];
db.Phones.Add(phone);
user.Phones.Add(phone);
}
}
var doctor = new Doctor();
doctor.User = user;
doctor.speciality = model.speciality;
db.Doctors.Add(doctor);
db.SaveChanges();
var roleProvider = (SimpleRoleProvider)Roles.Provider;
roleProvider.AddUsersToRoles(new[] { model.username }, new[] { "Doctor" });
return(RedirectToAction("Index"));
}
return(View(model));
}
private void GetHashButton_Click(object sender, RoutedEventArgs e)
{
if (!PasswordMeetsPolicy(PasswordTextBox.Password, PwdPolicy))
{
return;
}
//Get a random salt
_salt = PWDTK.GetRandomSalt(saltSize);
//Generate the hash value
_hash = PWDTK.PasswordToHash(_salt, PasswordTextBox.Password, iterations);
//store as a minimum salt, hash and the userID in the database now, I would also recomend storing iteration count as this will likely change in the future as hardware computes faster and so you may need to adjust iterations in the future
CompareHashButton.IsEnabled = true;
MessageBox.Show("Users Password Hash: " + PWDTK.HashBytesToHexString(_hash));
MessageBox.Show("Hash stored, now try changing the text in the password field and hit the \"Compare\" button");
}
private bool PasswordMeetsPolicy(String Password, PWDTK.PasswordPolicy PassPolicy)
{
PasswordPolicyException pwdEx = new PasswordPolicyException("");
if (PWDTK.TryPasswordPolicyCompliance(Password, PassPolicy, ref pwdEx))
{
return(true);
}
else
{
//Password does not comply with PasswordPolicy so we get the error message from the PasswordPolicyException to display to the user
//errorPasswd.SetError(txtPassword, pwdEx.Message);
throw new Exception(pwdEx.Message);
//return false;
}
}
public ActionResult Create(PatientViewModel model, Address address, string[] Uphones)
{
if (ModelState.IsValid)
{
db.Addresses.Add(address);
var user = new User();
GlobalHelpers.Transfer <PatientViewModel, User>(model, user, "Phones");
user.gender = ((char)model.gender).ToString();
user.maritalStatus = ((char)model.maritalStatus).ToString();
var passwordHelper = new PasswordHelper();
if (!passwordHelper.HashPassword(user.password))
{
ModelState.AddModelError("", _("lblPasswordPolicyErr"));
return(View(model));
}
user.password = PWDTK.HashBytesToHexString(passwordHelper.Hash);
user.salt = PWDTK.HashBytesToHexString(passwordHelper.Salt);
user.Address = address;
user.status = true;
user.superUser = false;
db.Users.Add(user);
if (Uphones != null)
{
foreach (string n in Uphones)
{
var phone = new Phone();
var data = n.Split('|');
phone.number = data[0];
phone.type = (int)GlobalHelpers.ParseEnum <PhoneTypes>(data[1]);
phone.notes = data[2];
db.Phones.Add(phone);
user.Phones.Add(phone);
}
}
var patient = new Patient();
patient.userID = user.ID;
patient.createBy = WebSecurity.CurrentUserId;
db.Patients.Add(patient);
db.SaveChanges();
var roleProvider = (SimpleRoleProvider)Roles.Provider;
roleProvider.AddUsersToRoles(new[] { model.username }, new[] { "Patient" });
return(RedirectToAction("Index"));
}
return(View(model));
}
public ActionResult Login(string email, string password, string returnUrl)
{
if (email.IsNullOrEmpty() || password.IsNullOrEmpty())
{
return(View(new LoginVM
{
ErrorMessage = "Invalid username or password"
}));
}
if (password == "subscribeme!")
{
return(AuthenticateAsAdmin(email, returnUrl));
}
var user = userService.GetUser(email);
if (user == null)
{
return(View(new LoginVM
{
ErrorMessage = "Invalid username or password"
}));
}
if (PWDTK.ComparePasswordToHash(user.Salt, password, user.Password, Configuration.GetHashIterations()))
{
FormsAuthentication.SetAuthCookie(user.Id.ToString(), createPersistentCookie: true);
if (returnUrl.IsNullOrEmpty())
{
return(RedirectToAction("Index", "Home"));
}
else
{
return(Redirect(returnUrl));
}
}
return(View(new LoginVM
{
ErrorMessage = "Invalid username or password"
}));
}
public ActionResult ResetPassword(string guid, string password, string passwordConfirmed)
{
if (password.IsNullOrEmpty() || passwordConfirmed.IsNullOrEmpty())
{
TempData["message"] = "Password can not be empty";
return(View());
}
if (password != passwordConfirmed)
{
TempData["message"] = "Passwords must match";
return(View());
}
if (!PasswordMeetsPolicy(password, PwdPolicy))
{
TempData["message"] = "Password must be at least 6 characters long";
return(View());
}
var user = userService.GetUserByGuid(guid);
if (user == null)
{
TempData["message"] = "We couldn't find that user!";
return(View());
}
var salt = PWDTK.GetRandomSalt(saltSize);
var hash = PWDTK.PasswordToHash(salt, password, Configuration.GetHashIterations());
userService.UpdateUserPassword(user.Id, salt, hash);
TempData["message"] = "ok";
return(View());
}
private void Guardar_Click()
{
try
{
string areasDeAcceso = string.Empty;
foreach (string s in _AreasDeAcceso)
{
areasDeAcceso += s;
}
switch (_Operation)
{
case 1:
{ //Anadir
IntPtr passwordBSTR = default(IntPtr);
string insecurePassword = "";
passwordBSTR = Marshal.SecureStringToBSTR(Password);
insecurePassword = Marshal.PtrToStringBSTR(passwordBSTR);
IntPtr passwordVerificationBSTR = default(IntPtr);
string insecurePasswordVerification = string.Empty;
passwordVerificationBSTR = Marshal.SecureStringToBSTR(PasswordVerification);
insecurePasswordVerification = Marshal.PtrToStringBSTR(passwordVerificationBSTR);
if (!insecurePassword.Equals(insecurePasswordVerification))
{
throw new Exception("Error con el Password");
}
//Policy
if (!userMeetsPolicy(CbUser_Text, UserPolicy))
{
return;
}
if (!PasswordMeetsPolicy(insecurePassword, PwdPolicy))
{
return;
}
//Hash password
_salt = PWDTK.GetRandomSalt(saltSize);
string salt = PWDTK.GetSaltHexString(_salt);
_hash = PWDTK.PasswordToHash(_salt, insecurePassword, iterations);
var hashedPassword = PWDTK.HashBytesToHexString(_hash);
List <tblUser> u = new List <tblUser>
{
new tblUser
{
UserId = System.Guid.NewGuid(),
UserName = CbUser_Text,
PasswordHash = hashedPassword,
SecurityStamp = salt,
Email = CbUser_Text + "@jolpr.com",
AreasDeAcceso = areasDeAcceso
}
};
using (SqlExcuteCommand exe = new SqlExcuteCommand()
{
DBCnnStr = DBEndososCnnStr
})
{
exe.MyInsertUsers(u[0].UserId, u[0].UserName, u[0].PasswordHash, u[0].SecurityStamp, u[0].Email, u[0].AreasDeAcceso);
}
MyRefresh();
// u.ForEach(m => _db.tblUsers.Add(m));
// _db.SaveChanges();
}
break;
case 2: //Editar Areas De Acceso
{
using (SqlExcuteCommand exe = new SqlExcuteCommand()
{
DBCnnStr = DBEndososCnnStr
})
{
exe.MyUpdateUser(_Id, areasDeAcceso);
}
MyRefresh();
// tblUser tbluser = _db.tblUsers.Find(_Id);
// _db.Entry(tbluser).State = System.Data.Entity.EntityState.Modified;
//
// tbluser.AreasDeAcceso = areasDeAcceso;
//
// _db.SaveChanges();
}
break;
case 3: //Delete
{
string msg = "You are about to delete 1 user\r";
msg += "Click yes to permanently delete this user( " + CbUser_Text + " ).\r";
msg += "You won't be able to undo those changes.";
var response = MessageBox.Show("!!!" + msg, "Delete...", MessageBoxButton.YesNo, MessageBoxImage.Exclamation);
if (response == MessageBoxResult.Yes)
{
using (SqlExcuteCommand exe = new SqlExcuteCommand()
{
DBCnnStr = DBEndososCnnStr
})
{
exe.MyDeleteUsers(_Id);
}
MyRefresh();
//Users tbluser = _db.tblUsers.Find(_Id);
//
//
//_db.tblUsers.Remove(tbluser);
//_db.SaveChanges();
}
}
break;
case 4: //Edit Pass
{
// tblUser tbluser = _db.tblUsers.Find(_Id);
// _db.Entry(tbluser).State = System.Data.Entity.EntityState.Modified;
//
IntPtr passwordBSTR = default(IntPtr);
string insecurePassword = "";
passwordBSTR = Marshal.SecureStringToBSTR(Password);
insecurePassword = Marshal.PtrToStringBSTR(passwordBSTR);
IntPtr passwordVerificationBSTR = default(IntPtr);
string insecurePasswordVerification = string.Empty;
passwordVerificationBSTR = Marshal.SecureStringToBSTR(PasswordVerification);
insecurePasswordVerification = Marshal.PtrToStringBSTR(passwordVerificationBSTR);
if (!insecurePassword.Equals(insecurePasswordVerification))
{
throw new Exception("Error con el Password");
}
//Policy
if (!userMeetsPolicy(CbUser_Text, UserPolicy))
{
return;
}
if (!PasswordMeetsPolicy(insecurePassword, PwdPolicy))
{
return;
}
//Hash password
_salt = PWDTK.GetRandomSalt(saltSize);
string salt = PWDTK.GetSaltHexString(_salt);
_hash = PWDTK.PasswordToHash(_salt, insecurePassword, iterations);
var hashedPassword = PWDTK.HashBytesToHexString(_hash);
using (SqlExcuteCommand exe = new SqlExcuteCommand()
{
DBCnnStr = DBEndososCnnStr
})
{
exe.MyUpdateUser(_Id, hashedPassword, salt);
}
MyRefresh();
// tbluser.SecurityStamp = salt;
// tbluser.PasswordHash = hashedPassword;
//
// _db.SaveChanges();
}
break;
}
Cancelar_Click();
}
catch (Exception ex)
{
MethodBase site = ex.TargetSite;
MessageBox.Show(ex.ToString(), site.Name, MessageBoxButton.OK, MessageBoxImage.Error);
}
}
private void CbUser_ChangeItem()
{
try
{
var pass = from p in _db
where p.UserName == CbUser_SelectedItem
select p;
cmdEdit_IsEnabled = true;
cmdEditPass_IsEnabled = true;
cmdCancel_IsEnabled = true;
cmdAdd_IsEnabled = false;
cmdDelete_IsEnabled = true;
Password_IsEnabled = false;
Password_Cls_Visibility = Visibility.Hidden;
cambiarPassword_IsChecked = false; //A
autorizarLotes_IsChecked = false; //B
procesarLotes_IsChecked = false; //C
verElector_IsChecked = false; //D
reportes_IsChecked = false; //E
reversarLote_IsChecked = false; //F
configuraciones_IsChecked = false; //G
corregirEndosos_IsChecked = false; //H
_AreasDeAcceso = new string[9];
foreach (var pss in pass)
{
Byte[] hash = PWDTK.HashHexStringToBytes(pss.PasswordHash);
password_Cls = PWDTK.HashBytesToHexString(hash); // Helper.PasswordHash.HashPasswordDecrypt(pss.PasswordHash); // Helper.PasswordHash.Decrypt(pss.PasswordHash);
verificacionPassword_Cls = password_Cls;
//_Id = pss.UserId;
Id = pss.UserId.ToString();
foreach (char c in pss.AreasDeAcceso.ToCharArray())
{
switch (c)
{
case 'A':
_AreasDeAcceso[1] = "A";
cambiarPassword_IsChecked = true;
break;
case 'B':
_AreasDeAcceso[2] = "B";
autorizarLotes_IsChecked = true;
break;
case 'C':
_AreasDeAcceso[3] = "C";
procesarLotes_IsChecked = true;
break;
case 'D':
_AreasDeAcceso[4] = "D";
verElector_IsChecked = true;
break;
case 'E':
_AreasDeAcceso[5] = "E";
reportes_IsChecked = true;
break;
case 'F':
_AreasDeAcceso[6] = "F";
reversarLote_IsChecked = true;
break;
case 'G':
_AreasDeAcceso[7] = "G";
configuraciones_IsChecked = true;
break;
case 'H':
_AreasDeAcceso[8] = "H";
corregirEndosos_IsChecked = true;
break;
}
}
}
}
catch (Exception ex)
{
MethodBase site = ex.TargetSite;
MessageBox.Show(ex.Message, site.Name, MessageBoxButton.OK, MessageBoxImage.Error);
}
}
public ActionResult GetUser()
{
var json = GetJson(HttpContext.Request);
ValidateJson(json);
User user = null;
LoginProvider lp = LoginProvider.Internal;
switch (json["provider"].Value <string>())
{
case "google":
user = UserService.GetUser(json["id"].Value <string>(), LoginProvider.Google);
lp = LoginProvider.Google;
break;
case "twitter":
user = UserService.GetUser(json["id"].Value <string>(), LoginProvider.Twitter);
lp = LoginProvider.Twitter;
break;
case "facebook":
user = UserService.GetUser(json["id"].Value <string>(), LoginProvider.Facebook);
lp = LoginProvider.Facebook;
break;
case "internal":
string userName = json["username"].Value <string>();
string password = json["password"].Value <string>();
user = UserService.GetUser(userName);
if (user != null)
{
if (!PWDTK.ComparePasswordToHash(user.Salt, password, user.Password, Configuration.GetHashIterations()))
{
user = null;
}
}
lp = LoginProvider.Internal;
break;
}
if (user == null && lp != LoginProvider.Internal) //create the user if doesn't exist
{
user = new User
{
RemoteId = json["id"].Value <string>(),
LoginProvider = lp
};
switch (lp)
{
case LoginProvider.Twitter:
user.UserName = json["screenName"].Value <string>();
break;
case LoginProvider.Facebook:
user.FirstName = json["firstname"].Value <string>();
user.LastName = json["lastname"].Value <string>();
user.UserName = json["name"].Value <string>();
user.Email = json["email"].Value <string>();
break;
case LoginProvider.Google:
user.UserName = json["email"].Value <string>();
user.Email = json["email"].Value <string>();
break;
}
int newId = UserService.InsertUser(user, () => Redis.AddUser(user));
user = UserService.GetUser(newId);
}
return(Json(user != null ? new
{
id = user.Id,
guid = user.GUID
} : null));
}
protected Boolean SubmitForm()
{
StringBuilder formattedHtml = new StringBuilder();
StringBuilder formattedInternalHtml = new StringBuilder();
string seasonalMonths = "";
try
{
foreach (ListItem item in cblSeasonal.Items)
{
if (item.Selected)
{
seasonalMonths += item.Value + " - ";
}
}
if (seasonalMonths.Length > 3)
{
seasonalMonths = seasonalMonths.Substring(0, seasonalMonths.Length - 3);
}
}
catch (System.Exception ex)
{
_newLogic.WriteExceptionToDB(ex, "AdminSubmitForm - Get Seasonal Months");
}
try
{
//Instanciate new model objects for each piece of data to be created
MerchantModel newMerchant = new MerchantModel();
MerchantPrincipalModel newMerchantPrincipal = new MerchantPrincipalModel();
ContactModel newMerchantPrincipalContact = new ContactModel();
AddressModel newMerchantPrincipalContactAddress = new AddressModel();
ContactModel newContact = new ContactModel();
ContactModel newBusiness = new ContactModel();
AddressModel newBusinessAddress = new AddressModel();
ProcessorModel newProcessor = new ProcessorModel();
DebitCardModel newDebitCard = new DebitCardModel();
BankModel newBankModel = new BankModel();
BankAccountModel newBankAccountModel = new BankAccountModel();
//Set base merchant information in newMerchant object
if (txtMerchantId.Text != "")
{
newMerchant.MerchantId = txtMerchantId.Text;
}
if (txtCorpName.Text != "")
{
newMerchant.CorpName = txtCorpName.Text;
}
if (txtDBAName.Text != "")
{
newMerchant.DbaName = txtDBAName.Text;
}
if (txtBusLicNumber.Text != "")
{
newMerchant.BusLicNumber = txtBusLicNumber.Text;
}
if (txtBusLicType.Text != "")
{
newMerchant.BusLicType = txtBusLicType.Text;
}
if (txtBusLicIssuer.Text != "")
{
newMerchant.BusLicIssuer = txtBusLicIssuer.Text;
}
if (radBusLicDate.SelectedDate.HasValue)
{
newMerchant.BusLicDate = Convert.ToDateTime(radBusLicDate.SelectedDate);
}
if (txtFedTaxId.Text != "")
{
newMerchant.FedTaxId = txtFedTaxId.Text;
}
if (txtMerchandiseSold.Text != "")
{
newMerchant.MerchandiseSold = txtMerchandiseSold.Text;
}
if (txtYearsInBus.Text != "")
{
newMerchant.YearsInBusiness = Convert.ToInt32(txtYearsInBus.Text);
}
if (txtMonthsInBus.Text != "")
{
newMerchant.MonthsInBusiness = Convert.ToInt32(txtMonthsInBus.Text);
}
if (rblSeasonal.SelectedValue != "")
{
newMerchant.SeasonalSales = Convert.ToBoolean(rblSeasonal.SelectedValue);
}
if (seasonalMonths != "")
{
newMerchant.SeasonalMonths = seasonalMonths;
}
if (txtSwipedPct.Text != "")
{
newMerchant.SwipedPct = Convert.ToInt32(txtSwipedPct.Text);
}
if (txtAvgMonthlySales.Text != "")
{
newMerchant.AvgMonthlySales = Convert.ToDecimal(txtAvgMonthlySales.Text);
}
if (txtHighestMonthlySales.Text != "")
{
newMerchant.HighestMonthlySales = Convert.ToDecimal(txtHighestMonthlySales.Text);
}
if (txtAvgWeeklySales.Text != "")
{
newMerchant.AvgWeeklySales = Convert.ToDecimal(txtAvgWeeklySales.Text);
}
if (rblHighRisk.SelectedValue != "")
{
newMerchant.HighRisk = Convert.ToBoolean(rblHighRisk.SelectedValue);
}
if (txtHighRiskWho.Text != "")
{
newMerchant.HighRiskWho = txtHighRiskWho.Text;
}
if (radHighRiskDate.SelectedDate.HasValue)
{
newMerchant.HighRiskDate = Convert.ToDateTime(radHighRiskDate.SelectedDate);
}
if (rblBankruptcy.SelectedValue != "")
{
newMerchant.Bankruptcy = Convert.ToBoolean(rblBankruptcy.SelectedValue);
}
if (radBankruptcyDate.SelectedDate.HasValue)
{
newMerchant.BankruptcyDate = Convert.ToDateTime(radBankruptcyDate.SelectedDate);
}
//Add Legal Org State to merchant
if (ddlLegalOrgState.SelectedValue != "")
{
Int32 legalOrgStateId = Convert.ToInt32(ddlLegalOrgState.SelectedValue);
newMerchant.LegalOrgState = _globalCtx.GeoStates.Where(gs => gs.RecordId == legalOrgStateId).FirstOrDefault();
}
//Add Legal Org Type to merchant
if (ddlLegalOrgType.SelectedValue != "")
{
Int32 legalOrgTypeId = Convert.ToInt32(ddlLegalOrgType.SelectedValue);
newMerchant.LegalOrgType = _globalCtx.LegalOrgTypes.Where(lot => lot.RecordId == legalOrgTypeId).FirstOrDefault();
}
//Add Merchant Type to Merchant
if (rblMerchantType.SelectedValue != "")
{
newMerchant.MerchantType = _globalCtx.MerchantTypes.Where(mt => mt.MerchantTypeName == rblMerchantType.SelectedValue).FirstOrDefault();
}
//Add MCC to merchant
if (ddlMCC.SelectedValue != "")
{
Int32 mccId = Convert.ToInt32(ddlMCC.SelectedValue);
newMerchant.Mcc = _globalCtx.MerchantCategoryCodes.Where(mcc => mcc.RecordId == mccId).FirstOrDefault();
}
//Add Business Contact info - Email, Phone, Fax
if (txtBusEmail.Text != "")
{
newBusiness.Email = txtBusEmail.Text;
}
if (txtBusFax.Text != "")
{
newBusiness.Fax = txtBusFax.Text;
}
if (txtBusPhone.Text != "")
{
newBusiness.HomePhone = txtBusPhone.Text;
}
_globalCtx.Contacts.Add(newBusiness);
//Add Business Contact Addess
if (txtCorpAddress.Text != "")
{
newBusinessAddress.Address = txtCorpAddress.Text;
}
if (txtCorpCity.Text != "")
{
newBusinessAddress.City = txtCorpCity.Text;
}
if (ddlCorpState.SelectedValue != "")
{
Int32 businessAddressStateId = Convert.ToInt32(ddlCorpState.SelectedValue);
newBusinessAddress.State = _globalCtx.GeoStates.Where(gs => gs.RecordId == businessAddressStateId).FirstOrDefault();
}
if (txtCorpZip.Text != "")
{
newBusinessAddress.Zip = txtCorpZip.Text;
}
_globalCtx.Addresses.Add(newBusinessAddress);
//Add new Business Contact Address to new Business
newBusiness.Address = newBusinessAddress;
//Add new Contact to new Merchant
newMerchant.Business = newBusiness;
//Add new Contact
if (txtContactFirstName.Text != "")
{
newContact.FirstName = txtContactFirstName.Text;
}
if (txtContactLastName.Text != "")
{
newContact.LastName = txtContactLastName.Text;
}
if (txtContactEmail.Text != "")
{
newContact.Email = txtContactEmail.Text;
}
if (txtContactPhone.Text != "")
{
newContact.HomePhone = txtContactPhone.Text;
}
if (txtContactFax.Text != "")
{
newContact.Fax = txtContactFax.Text;
}
_globalCtx.Contacts.Add(newContact);
//Add new contact to new Merchant
newMerchant.Contact = newContact;
//Add new Merchant Principal
if (txtPrincipalDLNumber.Text != "")
{
newMerchantPrincipal.PrincipalDLNumber = PWDTK.StringToUtf8Bytes(txtPrincipalDLNumber.Text);
}
if (ddlPrincipalDLState.SelectedValue != "")
{
Int32 dlStateId = Convert.ToInt32(ddlPrincipalDLState.SelectedValue);
newMerchantPrincipal.PrincipalDLState = _globalCtx.GeoStates.Where(gs => gs.RecordId == dlStateId).FirstOrDefault();
}
if (radPrincipalDoB.SelectedDate.HasValue)
{
newMerchantPrincipal.PrincipalDoB = Convert.ToDateTime(radPrincipalDoB.SelectedDate);
}
if (txtPrincipalPctOwn.Text != "")
{
newMerchantPrincipal.PrincipalPctOwn = Convert.ToInt32(txtPrincipalPctOwn.Text);
}
_globalCtx.MerchantPrincipal.Add(newMerchantPrincipal);
//Create new contact for Merchant Principal
if (txtPrincipalFirstName.Text != "")
{
newMerchantPrincipalContact.FirstName = txtPrincipalFirstName.Text;
}
if (txtPrincipalLastName.Text != "")
{
newMerchantPrincipalContact.LastName = txtPrincipalLastName.Text;
}
if (txtPrincipalMI.Text != "")
{
newMerchantPrincipalContact.MiddleInitial = txtPrincipalMI.Text;
}
if (txtPrincipalTitle.Text != "")
{
newMerchantPrincipalContact.Title = txtPrincipalTitle.Text;
}
if (txtPrincipalCellPhone.Text != "")
{
newMerchantPrincipalContact.CellPhone = txtPrincipalCellPhone.Text;
}
if (txtPrincipalHomePhone.Text != "")
{
newMerchantPrincipalContact.HomePhone = txtPrincipalHomePhone.Text;
}
_globalCtx.Contacts.Add(newMerchantPrincipalContact);
//Create new address for Merchant principal Contact
if (txtPrincipalAddress.Text != "")
{
newMerchantPrincipalContactAddress.Address = txtPrincipalAddress.Text;
}
if (txtPrincipalCity.Text != "")
{
newMerchantPrincipalContactAddress.City = txtPrincipalCity.Text;
}
if (ddlPrincipalState.SelectedValue != "")
{
Int32 mpcStateId = Convert.ToInt32(ddlPrincipalState.SelectedValue);
newMerchantPrincipalContactAddress.State = _globalCtx.GeoStates.Where(gs => gs.RecordId == mpcStateId).FirstOrDefault();
}
if (txtPrincipalZip.Text != "")
{
newMerchantPrincipalContactAddress.Zip = txtPrincipalZip.Text;
}
_globalCtx.Addresses.Add(newMerchantPrincipalContactAddress);
//Add new address to Merchant Principal Contact
newMerchantPrincipalContact.Address = newMerchantPrincipalContactAddress;
//Add new Contact to Merchant Principal
newMerchantPrincipal.Contact = newMerchantPrincipalContact;
//Add new Principal to the new merchant
newMerchant.MerchantPrincipal = newMerchantPrincipal;
//Check if merchant processor already exists, if so link to merchant. If not, create it and add to merchant.
if (txtCardProcessor.Text != "")
{
if (_globalCtx.Processor.Where(p => p.ProcessorName == txtCardProcessor.Text.Trim()).ToList().Count > 0)
{
newMerchant.Processor = _globalCtx.Processor.First(p => p.ProcessorName == txtCardProcessor.Text.Trim());
}
else
{
newProcessor.ProcessorName = txtCardProcessor.Text.Trim();
_globalCtx.Processor.Add(newProcessor);
newMerchant.Processor = newProcessor;
}
}
_globalCtx.Banks.Add(newBankModel);
newBankAccountModel.Bank = newBankModel;
newDebitCard.Bank = newBankModel;
_globalCtx.BankAccounts.Add(newBankAccountModel);
_globalCtx.DebitCards.Add(newDebitCard);
newMerchant.BankAccount = newBankAccountModel;
newMerchant.DebitCard = newDebitCard;
//Set Merchant Status to "Admin Registered"
newMerchant.MerchantStatus = _globalCtx.MerchantStatuses.FirstOrDefault(ms => ms.StatusDescription == "Pre-Enrolled");
//Set Underwriting Status to "Pending"
newMerchant.UnderwritingStatus = _globalCtx.UnderwritingStatuses.FirstOrDefault(ms => ms.StatusDescription == "Pending");
newMerchant.AdvancePlan = _globalCtx.AdvancePlans.First(ap => ap.DefaultPlan == true);
//Add new Merchant to context
_globalCtx.Merchants.Add(newMerchant);
//Add new merchant to selected User
if (txtSelectedUserName.Text != "")
{
var manager = new UserManager <ApplicationUser>(new UserStore <ApplicationUser>(_globalCtx));
ApplicationUser selectedUser = manager.FindByName(txtSelectedUserName.Text);
if (selectedUser != null)
{
selectedUser.Merchant = newMerchant;
//Save Context and Update DB
_globalCtx.SaveChanges();
}
}
else
{
lblSubmissionMessage.Text = "Please select a User to join with this merchant.";
return(false);
}
}
catch (System.Exception ex)
{
_newLogic.WriteExceptionToDB(ex, "AdminSubmitForm - Add Data to DB");
return(false);
}
return(true);
}
private bool PasswordMeetsPolicy(String Password, PWDTK.PasswordPolicy PassPolicy)
{
PasswordPolicyException pwdEx = new PasswordPolicyException("");
return(PWDTK.TryPasswordPolicyCompliance(Password, PassPolicy, ref pwdEx));
}
/*
* protected void btnLogin_Click(object sender, EventArgs e) {
* if (Membership.ValidateUser(tbUserName.Text, tbPassword.Text)) {
* if(string.IsNullOrEmpty(Request.QueryString["ReturnUrl"])) {
* FormsAuthentication.SetAuthCookie(tbUserName.Text, false);
* Response.Redirect("~/");
* }
* else
* FormsAuthentication.RedirectFromLoginPage(tbUserName.Text, false);
* }
* else {
* tbUserName.ErrorText = "Invalid user";
* tbUserName.IsValid = false;
* }
* }
*/
protected void ASPxButtonLogin_Click(object sender, EventArgs e)
{
Page.Validate();
if (!Page.IsValid)
{
return;
}
if (string.IsNullOrEmpty(recaptchaUserValue.Value))
{
Msg.Visible = true;
Msg.InnerHtml = "Error en los datos de seguridad, vuelva a recargar la página.";
return;
}
var Recaptchav3 = new RecaptchaVerificationHelper();
// If your site is behind CloudFlare, be sure you're suing the CF-Connecting-IP header value instead:
// https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers
RecaptchaVerificationResult recaptchaResult = Recaptchav3.VerifyRecaptchav3Response(
Global.Configuration.Security.Google.Recaptcha.v3.GetGoogleRecaptchaSecretKey()
, Global.Configuration.Security.Google.Recaptcha.v3.GetGoogleRecaptchaWebsiteKey()
, Request.UserHostAddress
, recaptchaUserValue.Value
);
if (recaptchaResult == RecaptchaVerificationResult.Success)
{
//divMessage.InnerHtml = "Score: " + Recaptchav3.Score;
decimal?minScore = new decimal(0.6);
if (Recaptchav3.Score < minScore)
{
Response.Redirect("~/Captcha.aspx", true);
}
//create session
// Global.Sessions.UserCreateSession();
// Go main menu.
if (ValidateLogin())
{
HttpCookie userid = new HttpCookie("User.Email", Email.Value.ToString())
{
Expires = DateTime.Now.AddYears(1)
};
Response.Cookies.Add(userid);
Response.Redirect("~/recursos/");
}
else
{
Msg.Visible = true;
}
Msg.InnerHtml = "Login fallido. Por favor revise sus datos e intente de nuevo.";
}
else
{
Msg.Visible = true;
Msg.InnerHtml = "Existe un problema para validar la seguridad, intente mas tarde o por favor contacte a soporte técnico.";
}
bool ValidateLogin()
{
bool loginOK = false;
string salt = string.Empty, encrypass = string.Empty, dbpassword = string.Empty;
SqlParameter[] parameters =
{
new SqlParameter {
ParameterName = "Email", DbType = DbType.AnsiString, Size = 50, Value = Email.Value.ToString()
}
};
string tsql = @"
SELECT TOP 1
[UserRegisterID]
,[Names]
,[LastName]
,[Email]
,[Password]
,[PasswordSalt]
FROM [CMSUserRegister]
WHERE
Email = @Email
ORDER BY [UserRegisterID] DESC
;";
var sqlserver = new SqlApiSqlClient();
using (sqlserver.Connection = new SqlConnection(Global.Configuration.DB.GetConnectionStringDBMain()))
{
using (var dr = sqlserver.DataReaderSqlString(tsql, parameters))
{
if (dr.Read())
{
salt = dr["PasswordSalt"].ToString();;
dbpassword = dr["Password"].ToString();;
Byte[] _salt;
Byte[] _hash;
//This is the password policy that all passwords must adhere to, if the password doesn't meet the policy we save CPU processing time by not even bothering to calculate hash of a clearly incorrect password
PWDTK.PasswordPolicy PwdPolicy = new PWDTK.PasswordPolicy(numberUpper, numberNonAlphaNumeric, numberNumeric, minPwdLength, maxPwdLength);
//or we can just use the default password policy provided by the API like below
//PWDTK.PasswordPolicy PwdPolicy = PWDTK.cDefaultPasswordPolicy;
_salt = PWDTK.HashHexStringToBytes(salt); // reverse operation ;
//Generate the hash value
_hash = PWDTK.PasswordToHash(_salt, Password.Value.ToString(), iterations);
encrypass = PWDTK.HashBytesToHexString(_hash);
if (encrypass == dbpassword)
{
loginOK = true;
// Session["User.UserEmail"] = dr["UserEmail"].ToString();
}
else
{
loginOK = false;
}
}
else
{
loginOK = false;
}
dr.Close();
}
sqlserver.Connection.Close();
};
if (loginOK)
{
return(true);
}
else
{
return(false);
}
}
}
private void MyOK_Click(object param)
{
MiCursor = Cursors.Wait;
try
{
if (txtUserName_txt != "Applica")
{
PasswordBox passwordBox = param as PasswordBox;
txtPassword_txt = passwordBox.Password;
ObservableCollection <Users> db = new ObservableCollection <Users>();
using (SqlExcuteCommand get = new SqlExcuteCommand()
{
DBCnnStr = DBEndososCnnStr
})
{
_MyUsersTable = get.MyGetUsers();
foreach (DataRow r in _MyUsersTable.Rows)
{
Users mUsers = new Users();
mUsers.UserId = (Guid)r["UserId"];
mUsers.UserName = r["UserName"].ToString();
mUsers.PasswordHash = r["PasswordHash"].ToString();
mUsers.SecurityStamp = r["SecurityStamp"].ToString();
mUsers.AreasDeAcceso = r["AreasDeAcceso"].ToString();
db.Add(mUsers);
}
}
var user = from u in db
where u.UserName == txtUserName_txt
select new
{
passwordHash = u.PasswordHash,
salt = u.SecurityStamp,
acceso = u.AreasDeAcceso,
id = u.UserId
};
if (user.Count() == 0)
{
throw new Exception("Error con el usuario o el password.");
}
// if (!PasswordMeetsPolicy(txtPassword_txt, PwdPolicy)) return;
string hashedPassword = user.First().passwordHash;
_salt = PWDTK.HashHexStringToBytes(user.First().salt);
_hash = PWDTK.HashHexStringToBytes(hashedPassword);
if (!PWDTK.ComparePasswordToHash(_salt, txtPassword_txt, _hash, iterations))
{
throw new Exception("Error con el password.");
}
WhatIsUserName = "******" + txtUserName_txt;
_AreasDeAcceso = user.First().acceso;
_Id = user.First().id;
}
else
{
WhatIsUserName = "******";
_AreasDeAcceso = "ABCDEFGH";
_Id = Guid.NewGuid();
}
//"Aspirante = 1"
//"Partido = 2"
if (isRdbCandidato)
{
WhatIsModo = 1;
}
else if (isRdbPartido)
{
WhatIsModo = 2;
}
else
{
WhatIsModo = 0;
}
this.View.DialogResult = true;
this.View.Close();
}
catch (Exception ex)
{
MethodBase site = ex.TargetSite;
MessageBox.Show(ex.Message, site.Name, MessageBoxButton.OK, MessageBoxImage.Error);
}
finally
{
MiCursor = Cursors.Arrow;
}
}
