/// <summary> /// reset password /// </summary> /// <param name="userID"></param> /// <returns></returns> public string ResetPassword(int userID) { var session = SessionFactory.CreateSession(); session.BeginTrans(); try { var saltText = string.Empty; EnumHashProvider hashProvider; var r = new Random(); var newPassword = r.Next(100000, 999999).ToString(); var encryptedPwd = HashingAlgorithmUtility.GetEncryptedHashText(newPassword, out saltText, out hashProvider); var userEntity = QuickRepository.GetById <UserAccountEntity>(userID); userEntity.Password = encryptedPwd; userEntity.PasswordFormat = (short)hashProvider; userEntity.PasswordSalt = saltText; QuickRepository.Update <UserAccountEntity>(session.Connection, userEntity, session.Transaction); session.Commit(); return(newPassword); } catch (System.Exception ex) { session.Rollback(); throw new ApplicationException("用户密码修改发生错误!"); } finally { session.Dispose(); } }
/// <summary> /// check user password /// </summary> /// <param name="userName">user name</param> /// <param name="password">password</param> /// <returns></returns> public bool CheckPassword(UserAccountEntity user, string password) { var isChecked = HashingAlgorithmUtility.CompareHash(user.PasswordFormat, password, user.PasswordSalt, user.Password); return(isChecked); }
/// <summary> /// change user password /// </summary> /// <param name="oldPassword">old password</param> /// <param name="newPassword">new password</param> public void ChangePassword(string loginName, string oldPassword, string newPassword) { UserAccountEntity userEntity = null; try { userEntity = QuickRepository.GetDefaultByName <UserAccountEntity>("LoginName", loginName); var isChecked = CheckPassword(userEntity, oldPassword); //it's better to limit wrong password 3 or 6 times to prevent someone crack the account if (!isChecked) { throw new ApplicationException("用户名和密码不匹配,请重试."); } } catch (System.ApplicationException ex) { throw new ApplicationException("修改密码发生错误!"); } try { var saltText = string.Empty; EnumHashProvider hashProvider; var encryptedPwd = HashingAlgorithmUtility.GetEncryptedHashText(newPassword, out saltText, out hashProvider); userEntity.Password = encryptedPwd; userEntity.PasswordFormat = (short)hashProvider; userEntity.PasswordSalt = saltText; QuickRepository.Update <UserAccountEntity>(userEntity); } catch (System.ApplicationException ex) { throw; } }
/// <summary> /// instance a new user /// </summary> /// <param name="userName"></param> /// <param name="password"></param> /// <param name="email"></param> /// <returns></returns> private UserAccountEntity InstanceUser(string userName, string password, string email) { var saltText = string.Empty; EnumHashProvider hashProvider; var encryptedPwd = HashingAlgorithmUtility.GetEncryptedHashText(password, out saltText, out hashProvider); var pwdSHA256 = HashingAlgorithmUtility.ComputeHash(EnumHashProvider.SHA256Managed, password); var userEntity = new UserAccountEntity(); userEntity.UserName = userName; userEntity.Password = encryptedPwd; userEntity.EMail = email; userEntity.PasswordFormat = (short)hashProvider; userEntity.PasswordSalt = saltText; return(userEntity); }
/// <summary> /// verify user authorization ticket information /// </summary> /// <param name="encryptTicket"></param> /// <returns></returns> private bool ValidateUserTicket(string encryptTicket) { var loginTicket = FormsAuthentication.Decrypt(encryptTicket); var userDataContent = loginTicket.UserData; var webLogonUserData = JsonConvert.DeserializeObject <WebLogonUserData>(userDataContent); UserID = webLogonUserData.UserID; string loginName = webLogonUserData.LoginName; string password = webLogonUserData.Password; //check user password var service = new AccountService(); var user = service.GetByLoginName(loginName); var isChecked = HashingAlgorithmUtility.CompareHash(user.PasswordFormat, password, user.PasswordSalt, user.Password); return(isChecked); }
/// <summary> /// 对请求的Api消息,用登录用户的安全key(密码)进行签名 /// </summary> /// <param name="secret"></param> /// <returns></returns> public void SignatureMessage(Credentials user) { var hashString = string.Empty; var message = HttpClient.BaseAddress.AbsoluteUri; var sha256 = HashingAlgorithmUtility.CreateHashAlgorithm(EnumHashProvider.SHA256Managed); var key = sha256.ComputeHash(Encoding.UTF8.GetBytes(user.Password)); var str = Convert.ToBase64String(key); using (var hmac = new HMACSHA256(key)) { var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(message)); hashString = Convert.ToBase64String(hash); } var authenticationValue = Convert.ToBase64String( System.Text.Encoding.UTF8.GetBytes( string.Format("{0}:{1}", user.UserName, hashString))); HttpClient.DefaultRequestHeaders.Add(WebApiRequestHeaderNameHashed, authenticationValue); }