/// <summary> /// Creates a digest for the given user and his password stored in the database, and compares against the /// digest sent in the response. /// This method assumes that the userToken is validated for having values for all required properties. /// </summary> /// <param name="userToken">User token</param> /// <returns>Zentity authenticated token</returns> private static ZentityAuthenticatedToken ProcessAuthentication(DigestSecurityToken userToken) { //// Get user's password from db //// Compute H(A2) based using the request uri stored in the token. //// Compute H(A1) using user name and realm stored in the token, and password retrieved from the database. //// Compute Hash of H(A1):nonce:H(A2) //// Compare against the digest hash stored in the token. ZentityAuthenticatedToken token = null; string databasePassword = ZentityUserManager.GetPassword(userToken.UserName); //// No db password means invalid user name, since, we do not allow empty passwords. if (string.IsNullOrEmpty(databasePassword)) { return(null); } string hA1 = ComputeHash( userToken.UserName + ":" + userToken.Realm + ":" + databasePassword, userToken.ChecksumAlgorithm); string hA2 = ComputeHash( userToken.HttpMethod + ":" + userToken.RequestUri, userToken.ChecksumAlgorithm); string databaseDigest = hA1 + ":" + userToken.Nonce + ":" + hA2; string databaseDigestHash = ComputeHash(databaseDigest, userToken.DigestAlgorithm); if (string.Equals(databaseDigestHash, userToken.DigestResponse)) { token = new ZentityAuthenticatedToken(userToken.UserName); } return(token); }
protected void ChangePasswordButton_Click(object sender, EventArgs e) { if (Page.IsValid) { bool success; try { success = ZentityUserManager.ChangePassword(userName, CurrentPasswordTextBox.Text, NewPasswordTextBox.Text); if (success) { Utility.ShowMessage(StatusLabel, Resources.Resources.PasswordChangeSuccess, false); ChangePasswordPanel.Visible = false; } else { Utility.ShowMessage(StatusLabel, Resources.Resources.PasswordChangeError, true); } } catch (AuthenticationException ex) { Utility.ShowMessage(StatusLabel, Resources.Resources.PasswordChangeError + Constants.Space + ex.Message, true); } } }