public void CryptoCreateHash()
{
var crypto = new MD5Crypto();
crypto.SaltSize = 64;
var password = "******";
var encoding = new UTF8Encoding();
var passwordBytes = encoding.GetBytes(password);
crypto.SaltHash = true;
var hash = crypto.ComputeHash(passwordBytes);
var salt = crypto.Salt;
crypto.Salt = salt;
var newHash = crypto.ComputeHash(passwordBytes);
var saltstring = Convert.ToBase64String(salt);
var hashstring = Convert.ToBase64String(hash);
Assert.IsTrue(hash.SequenceEqual(newHash));
}
public bool AllowLogin(string username, string password, ref User user)
{
var userAccount = GetUserByUserName(username);
if (Equals(userAccount, null))
{
if (!Equals(UserNotFound, null))
UserNotFound.Invoke(this, EventArgs.Empty);
return false;
}
var encoding = new UTF8Encoding();
var passwordBytes = encoding.GetBytes(password);
var salt = Convert.FromBase64String(userAccount.Salt);
var crypto = new MD5Crypto();
crypto.Salt = salt;
var hash = crypto.ComputeHash(passwordBytes, salt);
var stringHash = Convert.ToBase64String(hash);
if(Equals(stringHash, userAccount.Password))
{
user = new User(userAccount.UserRoleID,
userAccount.ID, userAccount.UserName, string.Empty, string.Empty, "Default");
return true;
}
if (!Equals(InvalidPassword, null))
InvalidPassword.Invoke(this, EventArgs.Empty);
return false;
}