Esempio n. 1
0
        /// <summary>
        /// Validate the user
        /// </summary>
        /// <param name="loginUserName">The login username</param>
        /// <param name="loginPassword">The login password</param>
        /// <returns>The validated user; else null</returns>
        public virtual Data.User Validate(string loginUserName, string loginPassword)
        {
            Data.User user = null;

            try
            {
                // Find the user.
                user = Select.SelectDataEntity(u => (u.LoginUserName == loginUserName));

                // If user exists.
                if (user != null)
                {
                    // Encode password.
                    Nequeo.Cryptography.IPasswordEncryption encoder = PasswordAuthorisationCode.GetEncoder();
                    string password = encoder.Decode(user.LoginPassword, encoder.PasswordFormat, loginPassword);

                    // If not equal then reject.
                    if (password != loginPassword)
                    {
                        user = null;
                    }
                }
            }
            catch { user = null; }

            // Return the user.
            return(user);
        }
Esempio n. 2
0
        /// <summary>
        /// Encode the password.
        /// </summary>
        /// <param name="user">The user data.</param>
        /// <param name="encode">Encode the user.</param>
        private void EncodePassword(Data.User user, bool encode = true)
        {
            Nequeo.Cryptography.IPasswordEncryption encoder = PasswordAuthorisationCode.GetEncoder();

            // Get the current user.
            Data.User current = new Data.DataContext().Users.First(u => u.UserID == user.UserID);

            string currentPasswordEncoded       = current.Password;
            string passwordEncoded              = encoder.Encode(user.Password, encoder.PasswordFormat);
            string currentPasswordAnswerEncoded = current.PasswordAnswer;
            string passwordAnswerEncoded        = encoder.Encode(user.PasswordAnswer, encoder.PasswordFormat);

            // If password is different.
            if (user.Password != currentPasswordEncoded)
            {
                // If the passwords do not match.
                if (currentPasswordEncoded != passwordEncoded)
                {
                    // Encode password.
                    user.Password = passwordEncoded;
                }
            }

            // If password is different.
            if (user.PasswordAnswer != currentPasswordAnswerEncoded)
            {
                // If the passwords do not match.
                if (currentPasswordAnswerEncoded != passwordAnswerEncoded)
                {
                    // Encode password.
                    user.PasswordAnswer = passwordAnswerEncoded;
                }
            }
        }
Esempio n. 3
0
        /// <summary>
        /// Validates the current user credentials.
        /// </summary>
        /// <param name="username">The login username.</param>
        /// <param name="password">The login password.</param>
        /// <param name="applicationName">The application name.</param>
        /// <returns>The current user else null.</returns>
        public virtual Data.User ValidateUser(string username, string password, string applicationName = null)
        {
            Data.User user = null;

            try
            {
                if (String.IsNullOrEmpty(applicationName))
                {
                    user = Select.SelectDataEntity(u => (u.Username == username));
                }
                else
                {
                    user = Select.SelectDataEntity(
                        u => (u.Username == username) &&
                        (u.ApplicationName == applicationName));
                }

                // If user exists.
                if (user != null)
                {
                    // Encode password.
                    Nequeo.Cryptography.IPasswordEncryption encoder = PasswordAuthorisationCode.GetEncoder();
                    string pass = encoder.Decode(user.Password, encoder.PasswordFormat, password);

                    // If not equal then reject.
                    if (pass != password)
                    {
                        user = null;
                    }
                }
            }
            catch { user = null; }
            return(user);
        }
Esempio n. 4
0
        /// <summary>
        /// Unencode the password.
        /// </summary>
        /// <param name="password">The password.</param>
        /// <param name="encodedPassword">The encoded password.</param>
        /// <returns>The un-encoded password.</returns>
        private string UnEncodePassword(string password, string encodedPassword)
        {
            string pass = encodedPassword;

            // Select the apprepriate password format.
            switch (PasswordFormat)
            {
            case System.Web.Security.MembershipPasswordFormat.Clear:
                break;

            case System.Web.Security.MembershipPasswordFormat.Encrypted:
                // Decrypt the encrypted password.
                Nequeo.Cryptography.IPasswordEncryption encoder = PasswordAuthorisationCode.GetEncoder();
                pass = encoder.Decode(encodedPassword, Cryptography.PasswordFormat.Encrypted);
                break;

            case System.Web.Security.MembershipPasswordFormat.Hashed:
                // Validate with hash
                Nequeo.Cryptography.IPasswordEncryption encoderHash = PasswordAuthorisationCode.GetEncoder();
                pass = encoderHash.Decode(encodedPassword, Cryptography.PasswordFormat.Hashed, password);
                break;

            default:
                throw new Exception("Unsupported password format.");
            }

            // Return the un-encoded password.
            return(pass);
        }
Esempio n. 5
0
        /// <summary>
        /// Get encoder.
        /// </summary>
        /// <param name="useAuthorisationCode">Should the authorisation code be used.</param>
        /// <returns>The password encoder.</returns>
        public static Nequeo.Cryptography.IPasswordEncryption GetEncoder(bool useAuthorisationCode = true)
        {
            Nequeo.Security.Configuration.Reader    reader  = new Security.Configuration.Reader();
            Nequeo.Cryptography.IPasswordEncryption encoder = reader.GetEncoder();

            // Return the encoder.
            return(encoder);
        }
Esempio n. 6
0
        /// <summary>
        /// Encode the password.
        /// </summary>
        /// <param name="user">The user data.</param>
        /// <param name="encode">Encode the user.</param>
        private void EncodePassword(Data.User user, bool encode = true)
        {
            Nequeo.Cryptography.IPasswordEncryption encoder = PasswordAuthorisationCode.GetEncoder();

            if (encode)
            {
                // Encode password.
                user.LoginPassword = encoder.Encode(user.LoginPassword, encoder.PasswordFormat);
            }
            else
            {
                // Decode password.
                user.LoginPassword = encoder.Decode(user.LoginPassword, encoder.PasswordFormat);
            }
        }
Esempio n. 7
0
        /// <summary>
        /// Get the password encoder.
        /// </summary>
        /// <param name="section">The config section group and section name.</param>
        /// <returns>The password encryption encoder.</returns>
        /// <exception cref="System.Exception">Configuration load exception is thrown.</exception>
        public Nequeo.Cryptography.IPasswordEncryption GetEncoder(string section = "NequeoSecurityGroup/NequeoSecurityPassword")
        {
            Nequeo.Cryptography.IPasswordEncryption encoder = null;

            try
            {
                // Refreshes the named section so the next time that it is retrieved it will be re-read from disk.
                System.Configuration.ConfigurationManager.RefreshSection(section);

                // Create a new default host type
                // an load the values from the configuration
                // file into the default host type.
                SecurityPassword defaultEncoder =
                    (SecurityPassword)System.Configuration.ConfigurationManager.GetSection(section);

                // Make sure the section is defined.
                if (defaultEncoder == null)
                {
                    throw new Exception("Configuration section has not been defined.");
                }

                // Get the encoder element.
                EncoderElement encoderElement = defaultEncoder.EncoderSection;
                if (encoderElement == null)
                {
                    throw new Exception("Configuration element Encoder has not been defined.");
                }

                // Create an instance of the encoder type.
                Type ecoderType = Nequeo.Reflection.TypeAccessor.GetType(encoderElement.TypeValue);
                encoder = (Nequeo.Cryptography.IPasswordEncryption)Nequeo.Reflection.TypeAccessor.CreateInstance(ecoderType);
                encoder.PasswordFormat    = encoderElement.PasswordFormat;
                encoder.AuthorisationCode = encoderElement.AuthorisationCode;
                encoder.HashcodeType      = encoderElement.HashcodeType;
            }
            catch (Exception)
            {
                throw;
            }

            // Return the encoder.
            return(encoder);
        }
Esempio n. 8
0
        /// <summary>
        /// Validate the user
        /// </summary>
        /// <param name="loginUserName">The login username</param>
        /// <param name="loginPassword">The login password</param>
        /// <returns>The validated user; else null</returns>
        public virtual Edm.User Validate(string loginUserName, string loginPassword)
        {
            Edm.User user = null;

            try
            {
                // Encode password.
                Nequeo.Security.Configuration.Reader    reader  = new Security.Configuration.Reader();
                Nequeo.Cryptography.IPasswordEncryption encoder = reader.GetEncoder();

                // Encode the password.
                string encodedPassword = encoder.Encode(loginPassword, encoder.PasswordFormat);

                // Get the user for the credentials.
                user = Select.SelectIQueryableItems(
                    u =>
                    (u.LoginUserName == loginUserName) &&
                    (u.LoginPassword == encodedPassword)).First();
            }
            catch { user = null; }

            // Return the user.
            return(user);
        }
Esempio n. 9
0
 /// <summary>
 /// Loads from the configuration file the security password encoder.
 /// </summary>
 /// <param name="section">The config section group and section name.</param>
 public void LoadSecurityPasswordEncoder(string section = "NequeoSecurityGroup/NequeoSecurityPassword")
 {
     _securityPassword = new Nequeo.Security.Configuration.Reader().GetEncoder(section);
 }
Esempio n. 10
0
 /// <summary>
 /// Password manager provider.
 /// </summary>
 /// <param name="securityPassword">A password security encryption implementation.</param>
 public PasswordManager(Nequeo.Cryptography.IPasswordEncryption securityPassword)
 {
     _securityPassword = securityPassword;
 }