/// <summary>
/// Validate the user hash. The data base random salt is added to the password, the SHA256 procedure is to apply a logic XOR
/// to the password and the data base salt.
/// The HMAC procedure use hash function in combination with a SharedHMACPassword. The ouput is computed n times to
/// make the HMAC function very slow.
/// This procedure must be the same as the creatHash to generate the same hash to compare it with the data base hash
/// </summary>
/// <param name="true">returns true if the input hash is the same as the data base hash.</param>
/// <param name="false">returns dalse if the input hash is not the same as the data base hash.</param>
/// <returns></returns>
public static bool ValidateUserHash(string password, UserKeyPair userKeys)
{
string shaInput = password + userKeys.Salt;
SHA256 mySHA256 = SHA256Managed.Create();
byte[] shaFirstRound;
shaFirstRound = mySHA256.ComputeHash(Encoding.UTF8.GetBytes(shaInput));
HMACSHA256 myHMAC = new HMACSHA256(SharedHMACPassword);
//Compute HMAC n times starting with shaFirstRound using a password for HMAC
for (int i = 0; i < iteration; i++)
{
shaFirstRound = myHMAC.ComputeHash(shaFirstRound);
}
string computedHash = Convert.ToBase64String(shaFirstRound);
//Compare the input hash with the data base hash
if (computedHash == userKeys.HashedPassword)
{
return(true);
}
return(false);
}
/// <summary>
/// Password validation.
/// </summary>
/// <param name="username">The username.</param>
/// <param name="password">The password.</param>
/// <returns></returns>
/// <Author> Daniel Molina </Author>
/// <LastModification> 25/11/2017 - 15:41 </LastModification>
/// <LastModificationBy> Daniel Molina </LastModificationBy>
public static UserResponse PasswordValidation(string username, string password)
{
try
{
//Verify the password
//Get user data by the username
User user = UserController.GetByUsername(username);
//Get user by username or email
if (user == null)
{
user = UserController.GetByEmail(username);
if (user == null)
{
Logger.Logger.Info(profileName, "Method Response: User not found. Username:"******"Method Response: User is Deleted. Username:"******"Method Response: User is not Active. Username:"******"Method Response: User is Disactive. Userlogin:"******"Method Response: Incorrect password." + username);
return(new UserResponse {
Code = (int)ResponseCode.Incorrect_password_or_username, Message = ResponseCode.Incorrect_password_or_username.ToString()
});
}
//Correct password, reset the User password retries
User updateUserInfoAfterLogin = new User();
updateUserInfoAfterLogin.UserID = user.UserID;
updateUserInfoAfterLogin.Username = user.Username;
updateUserInfoAfterLogin.Password = user.Password;
updateUserInfoAfterLogin.Name = user.Name;
updateUserInfoAfterLogin.Lastname = user.Lastname;
updateUserInfoAfterLogin.Email = user.Email;
updateUserInfoAfterLogin.Salt = user.Salt;
updateUserInfoAfterLogin.PasswordRetries = 0;
updateUserInfoAfterLogin.MaxRetries = user.MaxRetries;
updateUserInfoAfterLogin.IsActive = user.IsActive;
updateUserInfoAfterLogin.IsDeleted = user.IsDeleted;
updateUserInfoAfterLogin.LastLoginDate = DateTime.Now;
updateUserInfoAfterLogin.Culture = GlobalManager.Instance.Culture;
UserController.Update(updateUserInfoAfterLogin);
List <UserDto> newRegisterDto = new List <UserDto>();
newRegisterDto.Add(new UserDto(updateUserInfoAfterLogin));
//Store global information that is going to be used along the application.
GlobalManager.Instance.Name = updateUserInfoAfterLogin.Name;
GlobalManager.Instance.Lastname = updateUserInfoAfterLogin.Lastname;
GlobalManager.Instance.LoginDate = DateTime.Now;
GlobalManager.Instance.UserId = updateUserInfoAfterLogin.UserID;
GlobalManager.Instance.Username = updateUserInfoAfterLogin.Username;
GlobalManager.Instance.Password = updateUserInfoAfterLogin.Password;
GlobalManager.Instance.Email = updateUserInfoAfterLogin.Email;
GlobalManager.Instance.Culture = updateUserInfoAfterLogin.Culture;
return(new UserResponse {
Code = (int)ResponseCode.Successful, Message = ResponseCode.Successful.ToString()
});
}
catch (Exception ex)
{
Logger.Logger.ErrorL("PasswordRetriesListByUtilityID", "Endpoint not found exception", ex);
return(new UserResponse {
Code = (int)ResponseCode.Exception, Message = ResponseCode.Exception.ToString() + ": " + ex.Message
});
}
}
