public async Task <IActionResult> ChangePassword(string password, string newPassword, string confirmPassword) { if (string.IsNullOrEmpty(password) || string.IsNullOrEmpty(newPassword) || newPassword.Length < 8 || newPassword != confirmPassword) { ModelState.AddModelError("Message", "Invalid Password"); return(View()); } UserBasicData basicData = new UserBasicData(); if (await basicData.FromDBAsync(UserId) == false) { ModelState.AddModelError("Message", "Invalid Session"); return(View()); } if (PasswordUtility.VerifyPassword(password, basicData.Password) == false) { ModelState.AddModelError("Message", "Invalid Password"); return(View()); } var query = new DBQuery_User_Update_Password(); query.IN.UserId = UserId; query.IN.Password = PasswordUtility.HashPassword(newPassword); await DBThread.Instance.ReqQueryAsync(query); return(RedirectToAction("Index", "Dashboard")); }
public async ValueTask <OperationResult <IIdentityTicket> > VerifyAsync(string key, Ticket data, string scenario, CancellationToken cancellation = default) { if (string.IsNullOrWhiteSpace(data.Identity)) { if (string.IsNullOrEmpty(key)) { return(OperationResult.Fail(SecurityReasons.InvalidIdentity, "Missing identity.")); } data.Identity = key; } //获取验证失败的解决器 var attempter = this.Attempter; //确认验证失败是否超出限制数,如果超出则返回账号被禁用 if (attempter != null && !attempter.Verify(data.Identity, data.Namespace)) { return(OperationResult.Fail(SecurityReasons.AccountSuspended)); } //获取当前用户的密码及密码盐 var userId = this.GetPassword(data.Identity, data.Namespace, out var storedPassword, out var storedPasswordSalt, out var status, out _); //如果帐户不存在则返回无效账户 if (userId == 0) { return(OperationResult.Fail(SecurityReasons.InvalidIdentity)); } //如果账户状态异常则返回账户状态异常 if (status != UserStatus.Active) { return(OperationResult.Fail(SecurityReasons.AccountDisabled)); } //密码校验失败则返回密码验证失败 if (!PasswordUtility.VerifyPassword(data.Password, storedPassword, storedPasswordSalt, "SHA1")) { //通知验证尝试失败 if (attempter != null) { attempter.Fail(data.Identity, data.Namespace); } return(OperationResult.Fail(SecurityReasons.InvalidPassword)); } //通知验证尝试成功,即清空验证失败记录 if (attempter != null) { attempter.Done(data.Identity, data.Namespace); } return(OperationResult.Success <IIdentityTicket>(new Ticket(data.Namespace, data.Identity))); }
public void VerifyPasswordTest() { string password = "******"; string salt = PasswordUtility.GenerateSalt(password.Length); string hashPassword = PasswordUtility.HashPassword(PasswordUtility.SaltPassword(password, salt)); Assert.That(PasswordUtility.VerifyPassword(hashPassword, password, salt), Is.True); Assert.That(PasswordUtility.VerifyPassword(hashPassword, "notmypassword", salt), Is.False); }
// 로그인 처리 private async Task <ErrorCode> ProcessLoginAsync(string emailOrUserName, string password, int timeZoneOffsetFromUTC) { if (User.Identity.IsAuthenticated) { return(ErrorCode.AlreadyLoggedin); } if (emailOrUserName.Length < 2) { return(ErrorCode.InvalidUserName); } bool isEMail = emailOrUserName.Contains('@'); AccountBasicData basicData = new AccountBasicData(); if (isEMail) { if (await basicData.FromDBByEmailAsync(emailOrUserName) == false) { return(ErrorCode.InvalidEMail); } } else { if (await basicData.FromDBByUserNameAsync(emailOrUserName) == false) { return(ErrorCode.InvalidUserName); } } if (PasswordUtility.VerifyPassword(password, basicData.Password) == false) { return(ErrorCode.InvalidPassword); } var claims = new List <Claim>(); claims.Add(new Claim(ClaimTypes.SerialNumber, basicData.AccountDBKey.ToString())); claims.Add(new Claim(ClaimTypes.GivenName, basicData.GivenName)); claims.Add(new Claim(ClaimTypes.Surname, basicData.SurName)); claims.Add(new Claim(ClaimTypes.Name, basicData.Username)); claims.Add(new Claim(ClaimTypes.Email, basicData.EMail)); claims.Add(new Claim("TimeZoneOffset", TimeSpan.FromMinutes(timeZoneOffsetFromUTC).ToString())); var userIdentity = new ClaimsIdentity(claims, "login"); ClaimsPrincipal principal = new ClaimsPrincipal(userIdentity); await HttpContext.SignInAsync(principal); return(ErrorCode.Success); }
// 로그인 처리 private async Task <ErrorCode> ProcessLoginAsync(string email, string password, int timeZoneOffsetFromUTC = 0) { if (User.Identity.IsAuthenticated) { return(ErrorCode.AlreadyLoggedin); } if (email.IsValidEmailAddress() == false) { return(ErrorCode.InvalidEMail); } UserBasicData basicData = new UserBasicData(); if (await basicData.FromDBByEmailAsync(email) == false) { return(ErrorCode.InvalidEMail); } if (PasswordUtility.VerifyPassword(password, basicData.Password) == false) { return(ErrorCode.InvalidPassword); } var claims = new List <Claim>(); claims.Add(new Claim(HenaClaimTypes.UserId, basicData.UserId.ToString())); claims.Add(new Claim(HenaClaimTypes.GivenName, basicData.GivenName)); claims.Add(new Claim(HenaClaimTypes.Surname, basicData.SurName)); claims.Add(new Claim(HenaClaimTypes.Email, basicData.EMail)); claims.Add(new Claim(HenaClaimTypes.Language, basicData.Language)); claims.Add(new Claim(HenaClaimTypes.TimeZoneId, basicData.TimeZoneId)); claims.Add(new Claim(HenaClaimTypes.TimeZoneOffset, TimeSpan.FromMinutes(timeZoneOffsetFromUTC).ToString())); var userIdentity = new ClaimsIdentity(claims, "login"); ClaimsPrincipal principal = new ClaimsPrincipal(userIdentity); await HttpContext.SignInAsync(principal); Response.Cookies.Delete(HenaClaimTypes.UserId); Response.Cookies.Append(HenaClaimTypes.UserId, basicData.UserId.ToString()); return(ErrorCode.Success); }
public IUserIdentity Authenticate(string identity, string password, string @namespace, string scene, ref IDictionary <string, object> parameters) { if (string.IsNullOrWhiteSpace(identity)) { throw new ArgumentNullException(nameof(identity)); } //创建验证上下文对象 var context = new AuthenticationContext(this, identity, @namespace, scene, parameters); //激发“Authenticating”事件 this.OnAuthenticating(context); //获取验证失败的解决器 var attempter = this.Attempter; //确认验证失败是否超出限制数,如果超出则抛出账号被禁用的异常 if (attempter != null && !attempter.Verify(identity, @namespace)) { //设置当前上下文的异常 context.Exception = new AuthenticationException(AuthenticationReason.AccountSuspended); //激发“Authenticated”事件 this.OnAuthenticated(context); //抛出异常 if (context.Exception != null) { throw context.Exception; } return(context.User); } //获取当前用户的密码及密码向量 var userId = this.GetPassword(identity, @namespace, out var storedPassword, out var storedPasswordSalt, out var status, out var statusTimestamp); //如果帐户不存在,则抛出异常 if (userId == 0) { //设置当前上下文的异常 context.Exception = new AuthenticationException(AuthenticationReason.InvalidIdentity); //激发“Authenticated”事件 this.OnAuthenticated(context); //抛出异常 if (context.Exception != null) { throw context.Exception; } return(null); } switch (status) { case UserStatus.Unapproved: //因为账户状态异常而抛出验证异常 context.Exception = new AuthenticationException(AuthenticationReason.AccountUnapproved); //激发“Authenticated”事件 this.OnAuthenticated(context); if (context.Exception != null) { throw context.Exception; } return(context.User); case UserStatus.Disabled: //因为账户状态异常而抛出验证异常 context.Exception = new AuthenticationException(AuthenticationReason.AccountDisabled); //激发“Authenticated”事件 this.OnAuthenticated(context); if (context.Exception != null) { throw context.Exception; } return(context.User); } //如果验证失败,则抛出异常 if (!PasswordUtility.VerifyPassword(password, storedPassword, storedPasswordSalt, "SHA1")) { //通知验证尝试失败 if (attempter != null) { attempter.Fail(identity, @namespace); } //密码校验失败则抛出验证异常 context.Exception = new AuthenticationException(AuthenticationReason.InvalidPassword); //激发“Authenticated”事件 this.OnAuthenticated(context); if (context.Exception != null) { throw context.Exception; } return(context.User); } //通知验证尝试成功,即清空验证失败记录 if (attempter != null) { attempter.Done(identity, @namespace); } //获取指定用户编号对应的用户对象 context.User = this.DataAccess.Select <IUser>(Condition.Equal(nameof(IUser.UserId), userId)).FirstOrDefault(); //设置凭证有效期的配置策略 if (this.Option != null) { context.Parameters["Credential:Option"] = this.Option; } //激发“Authenticated”事件 this.OnAuthenticated(context); if (context.HasParameters) { parameters = context.Parameters; } //返回成功的验证结果 return(context.User); }