//this method will get the user details from the database based on the basis of the given username. //The given password will be matched with the retrieved password to see if the credentials are valid or not. public bool ValidateLoginCredentials(string userName, string password, bool validate, out DataSet userDetails) { bool valid = false; byte[] origHashedPasswordInBytes = new byte[1]; string origDecryptedPassword = string.Empty; string userId = string.Empty; string createdDate = string.Empty; byte[] vector; byte[] iVector = new byte[1]; byte[] hashedPass = new byte[1]; //get the user details Users user = new Users(); userDetails = user.GetLoginUserDetails(userName); if (userDetails != null && userDetails.Tables.Count > 0 && userDetails.Tables[0].Rows.Count > 0) { //get the original password.. only if need to validate if (validate) { origHashedPasswordInBytes = (byte[])userDetails.Tables[0].Rows[0]["PasswordBytes"]; } userId = userDetails.Tables[0].Rows[0]["UserId"].ToString(); createdDate = Convert.ToDateTime(userDetails.Tables[0].Rows[0]["CreatedDate"].ToString()).ToString("MMddyyyy"); } else { return(valid); } //create the Vector string[] vectorFiller = { "@", "A", "B", "2", "c", "i", "3", "E" };//this constant will be used to fill the vector if the length is less than 16 string vectorString = createdDate.Substring(0, 4) + userId + createdDate.Substring(4, 4); int vectorLength = vectorString.Length; //making sure that the vector string is exactly of 16 characters if (vectorLength < 16) { //if the length is less than 16, append the remaining characters from the constant for (int i = 0; i < (16 - vectorLength); i++) { vectorString = vectorString + vectorFiller[i]; } } else if (vectorLength > 16) { //if the length is more than 16, truncate the extra characters vectorString = vectorString.Substring(0, 16); } //vector = EncDecWithAES.GetBytes(createdDate.Substring(0, 4) + userId + createdDate.Substring(4, 4)); vector = Encoding.ASCII.GetBytes(vectorString); //vector = createdDate.Substring(0, 4) + "@AB2cd3E" + createdDate.Substring(4, 4); iVector = vector; //validate only if needed, else return true by default. We use this method for various functionalities. if (validate) { //validate the password //decrypt the original password origDecryptedPassword = EncDecWithAES.Decrypt(origHashedPasswordInBytes, vector); valid = PasswordHash.ValidatePassword(password, origDecryptedPassword); hashedPass = EncDecWithAES.Encrypt(PasswordHash.CreatePasswordHashFromOriginal(password, origDecryptedPassword), vector); } else { valid = true; } return(valid); }