コード例 #1
0
        public async Task <IdentityResult> ValidateAsync(UserManager <IdentityUser> manager, IdentityUser user, string password)
        {
            if (string.IsNullOrWhiteSpace(password))
            {
                return(IdentityResult.Success);
            }

            try
            {
                var isBreached = await client.IsPasswordPwned(password);

                if (isBreached)
                {
                    var errorText = T.Get("security.passwordStolen");

                    return(IdentityResult.Failed(new IdentityError {
                        Code = "PwnedError", Description = errorText
                    }));
                }
            }
            catch (Exception ex)
            {
                log.LogError(ex, w => w
                             .WriteProperty("operation", "CheckPasswordPwned")
                             .WriteProperty("status", "Failed"));
            }

            return(IdentityResult.Success);
        }
コード例 #2
0
        static void Do(Options options)
        {
            var csvFile = options.Path;

            var records = new List <KeepassLayout>();

            using (var reader = new StreamReader(csvFile))
            {
                using (var csv = new CsvReader(reader))
                {
                    records = csv.GetRecords <KeepassLayout>().ToList();
                }
            }

            var grouped = records.GroupBy(r => r.LoginName).Select(s => new { Login = s.Key, Records = s.ToList() }).ToList().Where(l => l.Login.Contains("@"));

            var client = new HaveIBeenPwnedRestClient();

            foreach (var login in grouped)
            {
                var breaches = client.GetAccountBreaches(login.Login).Result;
                if (breaches.Any())
                {
                    Console.WriteLine($"Login: {login.Login}, Breaches: {string.Join(", ",breaches.Select(b => b.Title))}");
                    foreach (var record in login.Records)
                    {
                        var pwnedPass = client.IsPasswordPwned(record.Password).Result;
                        if (pwnedPass)
                        {
                            Console.WriteLine($"Possible pwned password - Account: {record.Account}, Password: {record.Password}");
                        }
                    }
                }
            }
        }
コード例 #3
0
        public async Task <IdentityResult> ValidateAsync(UserManager <IdentityUser> manager, IdentityUser user, string password)
        {
            try
            {
                var isBreached = await client.IsPasswordPwned(password);

                if (isBreached)
                {
                    return(Error);
                }
            }
            catch (Exception ex)
            {
                log.LogError(ex, w => w
                             .WriteProperty("operation", "CheckPasswordPwned")
                             .WriteProperty("status", "Failed"));
            }

            return(IdentityResult.Success);
        }
コード例 #4
0
        public async Task <IdentityResult> ValidateAsync(UserManager <UserEntity> manager, UserEntity user, string password)
        {
            try
            {
                var isBreached = await pwned.IsPasswordPwned(password);

                if (isBreached)
                {
                    var errorMessage = localizer["PwnedPasswordError"];

                    return(IdentityResult.Failed(new IdentityError {
                        Code = ErrorCode, Description = errorMessage
                    }));
                }
            }
            catch (Exception ex)
            {
                log.LogError(ex, "Failed to validate password with haveibeenpowned.com");
            }

            return(IdentityResult.Success);
        }