public ActionResult CheckOut(CheckOutViewModel model) { if (ModelState.IsValid) { var order = ProcessCheckOut(model, cartManager.MyCart); var orderNo = orderProvider.CreateOrderFromCart(order); var encryptedOrderNo = RijndaelHelper.Encrypt(orderNo, ConfigurationInstance[ConfigurationKeys.CryptographyKey]); string returnUrl = String.Format("{0}?o={1}", Url.Action("CheckOutSuccess"), encryptedOrderNo); return(Json(new { Error = false, OrderNo = orderNo, ReturnUrl = returnUrl })); } var allErrors = ModelState.Values.SelectMany(v => v.Errors).Select(o => o.ErrorMessage); return(Json(new { Error = true, Errors = allErrors })); }
public User ValidateLogin(LoginViewModel model) { string encryptedPassword = RijndaelHelper.Encrypt(model.Password, cryptographyKey); var user = new User(); //get username with loginname var currentUser = AllUsers.SingleOrDefault(us => us.LoginName == model.LoginName && !us.DelDate.HasValue); if (currentUser != null) { if (currentUser.Password == encryptedPassword) { user = AllUsers.SingleOrDefault(x => x.UserName == currentUser.UserName && x.Password == encryptedPassword); } else { return(null); } } else { return(null); } return(user); }
public ActionResult PaymentConfirmation(FormCollection form, PaymentConfirmationViewModel model) { if (ModelState.IsValid) { bool paymentConfirmationIsValid = orderProvider.ValidateOrderPayment( model.OrderNo, model.PayAmount); if (paymentConfirmationIsValid) { if (!orderProvider.IsOrderPaymentConfirmed(model.OrderNo)) { orderProvider.CreatePaymentConfirmation(model.OrderNo, model.BankId, 2, model.PaymentDate, model.SenderName, model.PayAmount, null); string encryptedOrderNo = RijndaelHelper.Encrypt(model.OrderNo, CryptographyKey); return(RedirectToAction("PaymentConfirmationSuccess", new { token = encryptedOrderNo })); } ModelState.AddModelError(String.Empty, String.Format("Payment confirmation for order {0} has been created already.", model.OrderNo)); return(RedirectToAction("PaymentConfirmation")); } ModelState.AddModelError(String.Empty, String.Format("Invalid Payment for Order {0}", model.OrderNo)); return(RedirectToAction("PaymentConfirmation")); } return(View(model)); }
public void AddOrUpdateEmployee(int id, string userName, string name, string gender, string email, int roleID, bool isAllowLogin, bool isActive, IDictionary <int, string> cellPhones) { var employee = id == 0 ? new Employee() : context.Employees.Single(emp => emp.ID == id); employee.UserName = userName; employee.RoleID = roleID; employee.Name = name; employee.Gender = gender; employee.Email = email; employee.IsAllowLogin = isAllowLogin; employee.IsActive = isActive; employee.CellPhone1 = cellPhones[1]; employee.CellPhone2 = cellPhones[2]; EntityHelper.SetAuditFields(id, employee, CurrentUserName); if (id == 0) { employee.Password = isAllowLogin ? RijndaelHelper.Encrypt("mustchange", cryptographyKey) : String.Empty; context.Employees.InsertOnSubmit(employee); } context.SubmitChanges(); }
public virtual string GetProtocolUrl() { string json = SerializeObject(); json = RijndaelHelper.Encrypt(json); return(string.Format("{0}://{1}", ProtocolName, json)); }
protected override void DoSetUp() { sender = new Sender(); receiver = new Receiver(); transport = new RijndaelEncryptionTransportDecorator(sender, receiver, KeyBase64); Console.WriteLine(RijndaelHelper.GenerateNewKey()); }
public void ResetPassword(int employeeID) { var employee = repository.Single <Employee>(emp => emp.ID == employeeID); employee.Password = RijndaelHelper.Encrypt(ConfigurationManager.AppSettings[ApplicationSettingKeys.DefaultPassword], ConfigurationManager.AppSettings[ApplicationSettingKeys.CryptographyKey]); repository.SetAuditFieldsForUpdate(employee, principal.Identity.Name); repository.UnitOfWork.SaveChanges(); }
public static void CreateKeyVector_KeySize_OutOfRange(int keySize) { // Arrange // Act Assert.Throws <ArgumentOutOfRangeException>(() => RijndaelHelper.CreateKeyVector("test", keySize)); // Assert }
public bool ValidateUser(string userName, string password, string cryptographyKey) { var employee = context.Employees.SingleOrDefault(emp => emp.UserName == userName && emp.IsAllowLogin); if (employee != null) { var clearPassword = RijndaelHelper.Decrypt(employee.Password, cryptographyKey); return(clearPassword == password); } return(false); }
public bool ValidateUser(string userName, string password, string cryptographyKey) { var employee = repository.FindOne <Employee>(emp => emp.UserName == userName && emp.IsAllowLogin); if (employee != null) { var clearPassword = RijndaelHelper.Decrypt(employee.Password, cryptographyKey); return(clearPassword == password); } return(false); }
public void ChangePassword(string userName, string newPassword, string cryptographyKey) { var employee = context.Employees.SingleOrDefault(emp => emp.UserName == userName); if (employee != null) { employee.Password = RijndaelHelper.Encrypt(newPassword, cryptographyKey); EntityHelper.SetAuditFieldsForUpdate(employee, userName); } context.SubmitChanges(); }
public void ChangePassword(string userName, string newPassword, string cryptographyKey) { var employee = repository.FindOne <Employee>(emp => emp.UserName == userName); if (employee != null) { employee.Password = RijndaelHelper.Encrypt(newPassword, cryptographyKey); repository.SetAuditFieldsForUpdate(employee, userName); } repository.UnitOfWork.SaveChanges(); }
public static void CreateKeyVector(string key, string iv, int keySize, string passphrase) { // Arrange // Act var result = RijndaelHelper.CreateKeyVector(passphrase, keySize); // Assert Assert.Equal(key, Convert.ToBase64String(result.First)); Assert.Equal(iv, Convert.ToBase64String(result.Second)); }
public void UseCase() { //These two values should not be hard coded in your code. byte[] key = { 251, 9, 67, 117, 237, 158, 138, 150, 255, 97, 103, 128, 183, 65, 76, 161, 7, 79, 244, 225, 146, 180, 51, 123, 118, 167, 45, 10, 184, 181, 202, 190 }; byte[] vector = { 214, 11, 221, 108, 210, 71, 14, 15, 151, 57, 241, 174, 177, 142, 115, 137 }; using (var rijndaelHelper = new RijndaelHelper(key, vector)) { var encrypt = rijndaelHelper.Encrypt("StringToEncrypt"); var decrypt = rijndaelHelper.Decrypt(encrypt); Assert.AreEqual("StringToEncrypt", decrypt); } }
public static void CreateDecryptor() { // Arrange var provider = new RijndaelManaged(); // Act var result = RijndaelHelper.CreateDecryptor(provider, "sdf2qw2@", 256); // Assert Assert.NotNull(result); result.Dispose(); provider.Clear(); }
private static bool Verify(byte[] signedaddon, out SignedAddonHeader header, out byte[] assembly) { using (var stream = new MemoryStream(signedaddon)) { using (var reader = new BinaryReader(stream)) { using (var rsaProvider = new RSACryptoServiceProvider(new CspParameters { ProviderType = 1 })) { using (var sha1 = new SHA1CryptoServiceProvider()) { rsaProvider.ImportCspBlob(Convert.FromBase64String(PublicKey)); var headerBuffer = reader.ReadBytes(Marshal.SizeOf(typeof(SignedAddonHeader))); var assemblyBuffer = reader.ReadBytes(signedaddon.Length - headerBuffer.Length); header = DeserializeStructure <SignedAddonHeader>(headerBuffer); bool result; switch (header.Data.SignatureVersion) { case "2": const int signatureSize = 320; var verifyBuffer = new byte[signedaddon.Length - signatureSize]; Array.Copy(signedaddon, signatureSize, verifyBuffer, 0, verifyBuffer.Length); result = rsaProvider.VerifyData(verifyBuffer, sha1, header.Signature); break; default: Log.Instance.DoLog("You are using an older version of the addon, support for older addons will be removed soon."); result = rsaProvider.VerifyData(assemblyBuffer, sha1, header.Signature); break; } if (result) { var key = CustomRsa.DecodeBlock(header.CryptoData.Key, new BigInteger(Exponent), new BigInteger(Modulus)); assembly = RijndaelHelper.Decrypt(assemblyBuffer, key, header.CryptoData.Salt, header.CryptoData.Iterations); return(true); } } } } } assembly = null; return(false); }
public static string CreateToken(int id, string name, IdentityType identityType) { //生成一个60分钟内有效的令牌 var info = new TokenInfo { IdentityId = id, IdentityName = name, ExpirationTime = DateTime.Now.AddMinutes(60), IdentityType = identityType }; //将令牌序列化成字符串并加密 return(RijndaelHelper.Encrypt(JsonConvert.SerializeObject(info))); }
public ActionResult PaymentConfirmationSuccess(string token) { try { string decryptedOrderNo = RijndaelHelper.Decrypt(token, CryptographyKey); ViewBag.OrderNo = decryptedOrderNo; ModelState.Clear(); } catch (Exception ex) { return(RedirectToAction("PaymentConfirmation")); } return(View()); }
public void AddOrUpdateEmployee(int id, string userName, string name, string initial, string gender, string email, int roleID, bool isAllowLogin, bool isActive, bool isAllowBackdate, IDictionary <int, string> cellPhones, int backColor) { var employee = id == 0 ? new Employee() : repository.Single <Employee>(emp => emp.ID == id); employee.UserName = userName; employee.RoleID = roleID; employee.Name = name; employee.Initial = initial; employee.Gender = gender; employee.Email = email; employee.IsAllowLogin = isAllowLogin; employee.IsActive = isActive; employee.IsAllowBackdate = isAllowBackdate; employee.CellPhone1 = cellPhones[1]; employee.CellPhone2 = cellPhones[2]; employee.BackColor = backColor; if (id == 0) { repository.Add(employee); } else { repository.Update(employee); } repository.SetAuditFields(id, employee, principal.Identity.Name); if (String.IsNullOrEmpty(employee.Password)) { employee.Password = isAllowLogin ? RijndaelHelper.Encrypt(ConfigurationManager.AppSettings[ApplicationSettingKeys.DefaultPassword], cryptographyKey) : String.Empty; } repository.UnitOfWork.SaveChanges(); }
internal static byte[] VerifyAndDecrypt(byte[] signedaddon) { SignedAddonHeader header; byte[] encryptedAssembly = null; using (var stream = new MemoryStream(signedaddon)) { using (var reader = new BinaryReader(stream)) { var headerBuffer = reader.ReadBytes(Marshal.SizeOf(typeof(SignedAddonHeader))); var assemblyBuffer = reader.ReadBytes(signedaddon.Length - headerBuffer.Length); var gcHandle = GCHandle.Alloc(headerBuffer, GCHandleType.Pinned); header = (SignedAddonHeader)Marshal.PtrToStructure(gcHandle.AddrOfPinnedObject(), typeof(SignedAddonHeader)); gcHandle.Free(); var cspParams = new CspParameters { ProviderType = 1 }; using (var rsaProvider = new RSACryptoServiceProvider(cspParams)) { rsaProvider.ImportCspBlob(Convert.FromBase64String(PublicKey)); using (var sha1 = new SHA1CryptoServiceProvider()) { if (rsaProvider.VerifyData(assemblyBuffer, sha1, header.Signature)) { encryptedAssembly = assemblyBuffer; } } } } } if (encryptedAssembly != null) { var key = CustomRsa.DecodeBlock(header.CryptoData.Key, new BigInteger(Exponent), new BigInteger(Modulus)); return(RijndaelHelper.Decrypt(encryptedAssembly, key, header.CryptoData.Salt, header.CryptoData.Iterations)); } return(null); }
public ActionResult CheckOutSuccess(string o) { cartManager.EmptyCart(); var model = new CheckOutSuccessViewModel(); try { string orderNo = RijndaelHelper.Decrypt(o, ConfigurationInstance[ConfigurationKeys.CryptographyKey]); var order = orderProvider.GetOrder(orderNo); model.SubmittedOrder = order; } catch (CryptographicException ex) { Logger.FatalException(ex.Message, ex); return(RedirectToAction("InvalidCheckOutProcess")); } return(View(model)); }
/// <summary> /// 认证。 /// </summary> /// <param name="filterContext">认证上下文实体对象。</param> public void OnAuthentication(AuthenticationContext filterContext) { try { var cipherText = TokenHelper.GetToken(filterContext.HttpContext.Request); if (string.IsNullOrWhiteSpace(cipherText)) { throw new Exception("令牌信息为空"); } //验证令牌 var decrypt = RijndaelHelper.Decrypt(cipherText); if (string.IsNullOrWhiteSpace(decrypt)) { throw new Exception("解密后的令牌为空"); } var tokenInfo = JsonConvert.DeserializeObject <TokenInfo>(decrypt); if (tokenInfo.ExpirationTime < DateTime.Now) { throw new Exception("令牌已经过期"); } if (this.identityType != IdentityType.All && tokenInfo.IdentityType != this.identityType) { throw new Exception("令牌身份类型不正确"); } //当前请求上下文生命周期内注入会员信息 Locator.Get <IPrincipal>().TokenInfo = tokenInfo; //每过10分钟重新颁发新的令牌 if ((tokenInfo.ExpirationTime - DateTime.Now).Minutes < 10) { TokenHelper.SetToken(tokenInfo.IdentityId, tokenInfo.IdentityName, tokenInfo.IdentityType, filterContext.HttpContext.Response); } } catch (Exception ex) { filterContext.Result = new JsonResult(new ResponseMessage(ResponseCode.Unauthorized, ex.Message)); } }
public ActionResult Login([FromBody] LoginViewModel model) { var user = _userProvider.ValidateLogin(model); if (user == null) { return(BadRequest(new { IsSuccess = false, Data = "", BearerToken = "", message = "Username or password is incorrect" })); } var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim("CurrentUserID", user.Id.ToString()), new Claim("CurrentBusinessGrupID", user.CurrentBusinessGroupId.ToString()), new Claim("CurrentEmail", user.Email.ToString()), new Claim("LoginName", model.LoginName), new Claim("Password", RijndaelHelper.Encrypt(model.Password, "IGLO2015")) }), Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); //var menuMapper = _mapper.Map<Database.Context.Models.Menu>(menu); var returnLogin = _mapper.Map <User>(user); // return basic user info (without password) and token to store client side return(Ok(new { IsSuccess = true, Data = returnLogin, BearerToken = tokenString, message = "Login Success" })); }
public static ProtocolObject DeserializeObject(string encryptJson) { int index = encryptJson.IndexOf(":") + 3; string json = encryptJson.Substring(index); //json = System.Web.HttpUtility.UrlDecode(json); try { json = RijndaelHelper.Decrypt(json); } catch { if (json[json.Length - 1] == '/') { json = json.Substring(0, json.Length - 1); } json = RijndaelHelper.Decrypt(json); } logger.Info(json); JObject jso = JsonConvert.DeserializeObject(json) as JObject; return(ProtocolObjectConvertor.ConvertTo(jso)); }
public ActionResult Create(CreateEditViewModel model) { var jsonViewModel = new AjaxViewModel(); bool IsValidEmail; try { var addr = new System.Net.Mail.MailAddress(model.Email); model.Email = addr.ToString(); IsValidEmail = true; } catch { IsValidEmail = false; } var Password = model.Password; int Number = 0; int Text = 0; for (int i = 0; i < Password.Length; i++) { int value; string Character = Password.Substring(i, 1); if (int.TryParse(Character, out value)) { Number++; } else { Text++; } } if (Password.Length < 8 || Number < 2 || !IsValidEmail || Text == 0) { if (!IsValidEmail) { jsonViewModel.SetValues(false, null, String.Format("Email is invalid")); } else { jsonViewModel.SetValues(false, null, String.Format("Password must be at least 8 characters with minimun 2 number")); } } else { try { model.Password = RijndaelHelper.Encrypt(model.Password, "IGLO2015"); model.LoginName = model.UserName; model.EmployeeID = EncryptionHelper.DecryptUrlParam(model.EmployeeID); string json = JsonConvert.SerializeObject(model); var checkCode = Utilities.RestAPIHelper <string> .Submit(json, Method.POST, url + "/UserValidateCombination"); if (!Convert.ToBoolean(checkCode)) { var endpoint = url + Route.Add; var content = Utilities.RestAPIHelper <CreateEditViewModel> .Submit(json, Method.POST, endpoint); jsonViewModel.SetValues(true, null, "Saved"); } else { jsonViewModel.SetValues(false, null, String.Format("User has been added")); } } catch (Exception ex) { jsonViewModel.SetValues(false, null, String.Format("Failed\\nMessage: {0}", ex.GetBaseException().Message)); } } return(Json(jsonViewModel)); }
public RijndaelKeyVectorProvider(string passphrase, int keySize) : base(RijndaelHelper.CreateKeyVector(passphrase, keySize)) { }
protected override void DoSetUp() { helper = new RijndaelHelper(RijndaelHelper.GenerateNewKey()); }