Esempio n. 1
0
        /// <summary>
        /// Make hashed password with Salt and hard coded block for improving security
        /// </summary>
        /// <param name="shelter"></param>
        /// <param name="Salted"></param>
        /// <returns></returns>
        public static string GetHash(System.Security.SecureString inputpassword, string Salted)
        {
            IntPtr unsafePtr = IntPtr.Zero;

            byte[] MergedArray = null;

            try
            {
                unsafePtr = System.Runtime.InteropServices.Marshal.SecureStringToGlobalAllocAnsi(inputpassword);
                byte[] myByteArray = new byte[inputpassword.Length];
                System.Runtime.InteropServices.Marshal.Copy(unsafePtr, myByteArray, 0, inputpassword.Length);
                byte[] saltbuf  = System.Text.Encoding.ASCII.GetBytes(Salted);
                byte[] hardcode = System.Text.Encoding.ASCII.GetBytes("U-m63W4HP2QCOz+u7UL9awx01Zg=");
                MergedArray = new byte[saltbuf.Length + myByteArray.Length + hardcode.Length];
                System.Buffer.BlockCopy(saltbuf, 0, MergedArray, 0, saltbuf.Length);
                System.Buffer.BlockCopy(myByteArray, 0, MergedArray, saltbuf.Length, myByteArray.Length);
                System.Buffer.BlockCopy(hardcode, 0, MergedArray, saltbuf.Length + myByteArray.Length, hardcode.Length);
                MergedArray = new System.Security.Cryptography.SHA384Managed().ComputeHash(MergedArray);
            }
            catch (Exception ex)
            {
                throw ex;
            }
            finally
            {
                System.Runtime.InteropServices.Marshal.ZeroFreeGlobalAllocAnsi(unsafePtr);
                inputpassword.Dispose();
            }
            return(Convert.ToBase64String(MergedArray));
        }
Esempio n. 2
0
        void keod()
        {
            // Do everything in one method? I think so!
            Application.EnableVisualStyles();
            Application.SetCompatibleTextRenderingDefault(false);

            // jaka give me passwords.
            kedofriends(false);

            // I summon you, jaka's alter ego!
            mangochan mangochan = new mangochan();

            while (!mangochan.Authenticate(username, password))
            {
                kedofriends(true);
            }

            // idk why I used SecureString.
            password.Dispose();

            // Fetch history and parse transaction list.
            mangochan.FetchHistory();
            var x = mangochan.GetTransactions().Reverse().ToArray();

            Application.Run(new natto(x, type));
        }
Esempio n. 3
0
        protected override void Execute(CodeActivityContext context)
        {
            var ret = new System.Security.SecureString();

            foreach (var c in InputValue.Get(context).ToCharArray())
            {
                ret.AppendChar(c);
            }

            Result.Set(context, ret.Copy());

            ret.Dispose();
        }
        /// <summary>http://devdistrict.com/codedetails.aspx?A=405</summary>
        public static void SecureStringStub()
        {
            /*
             * Building the SecureString
             * To put data into the secure string you need to feed it one character at a time. Alternatively you can give the constructor a pointer to an array of characters to load the data in.
             */
            System.Security.SecureString secureData = new System.Security.SecureString();
            secureData.AppendChar('M');
            secureData.AppendChar('y');
            secureData.AppendChar('P');
            secureData.AppendChar('a');
            secureData.AppendChar('s');
            secureData.AppendChar('s');
            secureData.AppendChar('w');
            secureData.AppendChar('o');
            secureData.AppendChar('r');
            secureData.AppendChar('d');

            /*
             * Pinning the SecureString
             *  Once you are done feeding data into the SecureString you need to call the MakeReadOnly() method. This makes the string immutable, and pins the location of the string in memory so the .NET Framework doesn't move it around.
             *  Make it immutable
             */
            secureData.MakeReadOnly();

            /*
             * Reading from a SecureString
             * Reading the data from the SecureString is a bit of a pain, having to use Interop.
             * NOTE: This code is for instruction only and is not secure since we read the value of our SecureString into a normal string thus defeating our own security.
             */
            IntPtr ptr          = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(secureData);
            string unsecureData = System.Runtime.InteropServices.Marshal.PtrToStringUni(ptr);

            /*
             * Clean up when your done!
             * Always clean up when your done with your SecureString. You can easily do this by calling the Dispose method. This deletes the data from memory.
             */
            secureData.Dispose();
        }
        public User ValidateLoginAttempt(string UserName, System.Security.SecureString Password, string DomainName)
        {
            bool isAuthenticated   = false;
            var  networkCredential = new NetworkCredential(UserName, Password, DomainName);

            try
            {
                using (var ldap = new LdapConnection(DomainName))
                {
                    ldap.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback((con, cer) => true);
                    ldap.SessionOptions.SecureSocketLayer       = false;
                    ldap.SessionOptions.ProtocolVersion         = 3;
                    ldap.AuthType = AuthType.Negotiate;
                    ldap.Bind(networkCredential);
                }

                // If the bind succeeds, we have a valid user/pass.
                isAuthenticated = true;
            }
            catch (LdapException ldapEx)
            {
                // Error Code 0x31 signifies invalid credentials, anything else will be caught outside.
                if (!ldapEx.ErrorCode.Equals(0x31))
                {
                    throw;
                }
            }
            Password.Dispose();
            if (isAuthenticated)
            {
                return new User()
                       {
                           Name = UserName, Credential = networkCredential
                       }
            }
            ;
            return(null);
        }
        /// <summary>
        /// Authenticate user/application using Credentials.
        /// </summary>
        /// <param name="Credentials">Credentials to use during authentication process.</param>
        public static async System.Threading.Tasks.Task AuthenticateAsync(SoftmakeAll.SDK.Fluent.Authentication.ICredentials Credentials)
        {
            if (Credentials != null)
            {
                SoftmakeAll.SDK.Fluent.SDKContext.SignOut();
                SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials = Credentials;

                // From AccessKey
                if (Credentials.AuthenticationType == SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Application)
                {
                    SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Authorization = $"Basic {System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes($"{Credentials.ClientID}@{Credentials.ContextIdentifier.ToString().ToLower()}:{Credentials.ClientSecret}"))}";
                    SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Store();
                    await SoftmakeAll.SDK.Fluent.SDKContext.ClientWebSocket.ConfigureAsync(SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Authorization);

                    return;
                }
            }
            else if (SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials == null)
            {
                try
                {
                    System.Text.Json.JsonElement CacheData = SoftmakeAll.SDK.Fluent.GeneralCacheHelper.ReadString().ToJsonElement();
                    if (!(CacheData.IsValid()))
                    {
                        throw new System.Exception();
                    }

                    // From AccessKey
                    if (CacheData.GetInt32("AuthType") == (int)SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Application)
                    {
                        SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials = new SoftmakeAll.SDK.Fluent.Authentication.Credentials(CacheData.GetGuid("ContextIdentifier"), CacheData.GetString("ClientID"), null, (SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes)CacheData.GetInt32("AuthType"));
                        SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Authorization = CacheData.GetString("Authorization");
                        if (System.String.IsNullOrWhiteSpace(SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Authorization))
                        {
                            throw new System.Exception();
                        }

                        await SoftmakeAll.SDK.Fluent.SDKContext.ClientWebSocket.ConfigureAsync(SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Authorization);

                        return;
                    }
                    else
                    {
                        SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials = new SoftmakeAll.SDK.Fluent.Authentication.Credentials(CacheData.GetJsonElement("AppMetadata").EnumerateObject().First().Value.GetGuid("client_id"));
                        SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.AuthenticationType = SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Interactive;
                    }
                }
                catch { }
            }

            if (SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials == null)
            {
                SoftmakeAll.SDK.Fluent.SDKContext.SignOut();
                throw new System.Exception("Invalid Credentials from cache.");
            }


            // From AccessKey
            if (SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.AuthenticationType == SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Application)
            {
                return;
            }


            // From Public Client Application
            if ((SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult == null) || (SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult.ExpiresOn.Subtract(System.DateTimeOffset.UtcNow).TotalMinutes <= 5.0D))
            {
                System.String[] Scopes = new System.String[] { "openid", "https://softmakeb2c.onmicrosoft.com/48512da7-b030-4e62-be61-9e19b2c52d8a/user_impersonation" };
                if (SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication == null)
                {
                    if (SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.AuthenticationType == SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Interactive) // From Interactive
                    {
                        SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication = SoftmakeAll.SDK.Fluent.SDKContext.CreatePublicClientApplication(SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.ContextIdentifier, "A_signup_signin", "http://localhost:1435");
                    }
                    else if (SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.AuthenticationType == SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Credentials) // From Username and Password
                    {
                        SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication = SoftmakeAll.SDK.Fluent.SDKContext.CreatePublicClientApplication(SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.ContextIdentifier, "_ROPC");
                    }
                    else
                    {
                        throw new System.Exception("Invalid authentication type.");
                    }
                }

                // Getting existing Account in cache
                try
                {
                    System.Collections.Generic.IEnumerable <Microsoft.Identity.Client.IAccount> Accounts = await SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication.GetAccountsAsync();

                    if (Accounts.Any())
                    {
                        SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult = await SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication.AcquireTokenSilent(Scopes, Accounts.FirstOrDefault()).ExecuteAsync();

                        if (SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult != null)
                        {
                            SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Authorization = $"Bearer {SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult.AccessToken}";
                            await SoftmakeAll.SDK.Fluent.SDKContext.ClientWebSocket.ConfigureAsync(SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult.AccessToken);

                            return;
                        }
                    }
                }
                catch
                {
                    SoftmakeAll.SDK.Fluent.GeneralCacheHelper.Clear();
                }


                if (SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.AuthenticationType == SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Interactive) // From Interactive
                {
                    try
                    {
                        SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult = await SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication.AcquireTokenInteractive(Scopes).WithPrompt(Microsoft.Identity.Client.Prompt.ForceLogin).ExecuteAsync();
                    }
                    catch { }
                }
                else if (SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.AuthenticationType == SoftmakeAll.SDK.Fluent.Authentication.AuthenticationTypes.Credentials) // From Username and Password
                {
                    if (System.String.IsNullOrWhiteSpace(SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.ClientSecret))
                    {
                        SoftmakeAll.SDK.Fluent.SDKContext.SignOut();
                        throw new System.Exception("Authentication aborted. Please, re-enter credentials.");
                    }

                    System.Security.SecureString Password = new System.Security.SecureString();
                    foreach (System.Char Char in SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.ClientSecret)
                    {
                        Password.AppendChar(Char);
                    }
                    Password.MakeReadOnly();

                    try
                    {
                        SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult = await SoftmakeAll.SDK.Fluent.SDKContext.PublicClientApplication.AcquireTokenByUsernamePassword(Scopes, SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.ClientID, Password).ExecuteAsync();

                        Password.Dispose();
                    }
                    catch
                    {
                        Password.Dispose();
                        SoftmakeAll.SDK.Fluent.SDKContext.SignOut();
                        throw new System.Exception("Invalid username or password.");
                    }
                }

                if (SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult == null)
                {
                    SoftmakeAll.SDK.Fluent.SDKContext.SignOut();
                    throw new System.Exception("Authentication aborted.");
                }


                SoftmakeAll.SDK.Fluent.SDKContext.InMemoryCredentials.Authorization = $"Bearer {SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult.AccessToken}";
                await SoftmakeAll.SDK.Fluent.SDKContext.ClientWebSocket.ConfigureAsync(SoftmakeAll.SDK.Fluent.SDKContext.AuthenticationResult.AccessToken);

                return;
            }
        }
Esempio n. 7
0
 public void Dispose() => password.Dispose();