public void CompareHashWithSalt()
{
IHashProvider hashProvider = SaltedHashProvider;
byte[] providerHash = hashProvider.CreateHash(plainText);
Assert.IsTrue(hashProvider.CompareHash(plainText, providerHash), "true");
byte[] badHash = new byte[50];
RNGCryptoServiceProvider.Create().GetBytes(badHash);
Assert.IsFalse(hashProvider.CompareHash(plainText, badHash), "false");
}
internal static bool CompareHash(IHashProvider provider, string plaintext, string hashedText)
{
byte[] bytes = Encoding.Unicode.GetBytes(plaintext);
byte[] hashedtext = Convert.FromBase64String(hashedText);
bool flag = provider.CompareHash(bytes, hashedtext);
CryptographyUtility.GetRandomBytes(bytes);
return(flag);
}
internal static bool CompareHash(string hashInstance, byte[] plaintext, byte[] hashedText, ConfigurationContext context)
{
ArgumentValidation.CheckForNullReference(hashInstance, "hashInstance");
ArgumentValidation.CheckForEmptyString(hashInstance, "hashInstance");
HashProviderFactory factory = new HashProviderFactory(context);
IHashProvider hashProvider = factory.CreateHashProvider(hashInstance);
return(hashProvider.CompareHash(plaintext, hashedText));
}
/// <devdoc>
/// Compares the password passed in against the password stored in the database.
/// </devdoc>
private bool PasswordsMatch(byte[] password, string userName)
{
DbAuthenticationProviderData dbAuthenticationProviderData = (DbAuthenticationProviderData)securityConfigurationView.GetAuthenticationProviderData(ConfigurationName);
bool result = false;
UserRoleManager manager = new UserRoleManager(dbAuthenticationProviderData.Database, securityConfigurationView.ConfigurationContext);
byte[] hashedPassword = manager.GetPassword(userName);
if (hashedPassword != null)
{
HashProviderFactory hashFactory = new HashProviderFactory(securityConfigurationView.ConfigurationContext);
IHashProvider hashProvider = hashFactory.CreateHashProvider(dbAuthenticationProviderData.HashProvider);
result = hashProvider.CompareHash(password, hashedPassword);
}
return(result);
}
/// <overrides>
/// Compares plain text input with a computed hash using the given hash provider instance.
/// </overrides>
/// <summary>
/// Compares plain text input with a computed hash using the given hash provider instance.
/// </summary>
/// <remarks>
/// Use this method to compare hash values. Since hashes may contain a random "salt" value, two seperately generated
/// hashes of the same plain text may result in different values.
/// </remarks>
/// <param name="hashInstance">A hash instance from configuration.</param>
/// <param name="plaintext">The input for which you want to compare the hash to.</param>
/// <param name="hashedText">The hash value for which you want to compare the input to.</param>
/// <returns><c>true</c> if plainText hashed is equal to the hashedText. Otherwise, <c>false</c>.</returns>
public static bool CompareHash(string hashInstance, byte[] plaintext, byte[] hashedText)
{
if (string.IsNullOrEmpty(hashInstance))
{
throw new ArgumentException(Resources.ExceptionNullOrEmptyString, "hashInstance");
}
try
{
HashProviderFactory factory = new HashProviderFactory(ConfigurationSourceFactory.Create());
IHashProvider hashProvider = factory.Create(hashInstance);
return(hashProvider.CompareHash(plaintext, hashedText));
}
catch (ConfigurationErrorsException configurationException)
{
TryLogHashConfigurationError(configurationException, hashInstance);
throw;
}
}
/// <overrides>
/// Compares plain text input with a computed hash using the given hash provider instance.
/// </overrides>
/// <summary>
/// Compares plain text input with a computed hash using the given hash provider instance.
/// </summary>
/// <remarks>
/// Use this method to compare hash values. Since hashes may contain a random "salt" value, two seperately generated
/// hashes of the same plain text may result in different values.
/// </remarks>
/// <param name="hashInstance">A hash instance from configuration.</param>
/// <param name="plaintext">The input for which you want to compare the hash to.</param>
/// <param name="hashedText">The hash value for which you want to compare the input to.</param>
/// <returns><c>true</c> if plainText hashed is equal to the hashedText. Otherwise, <c>false</c>.</returns>
public override bool CompareHash(string hashInstance, byte[] plaintext, byte[] hashedText)
{
IHashProvider hashProvider = GetHashProvider(hashInstance);
return(hashProvider.CompareHash(plaintext, hashedText));
}
internal static bool CompareHash(IHashProvider provider, string plaintext, string hashedText)
{
byte[] plainTextBytes = UnicodeEncoding.Unicode.GetBytes(plaintext);
byte[] hashedTextBytes = Convert.FromBase64String(hashedText);
bool result = provider.CompareHash(plainTextBytes, hashedTextBytes);
CryptographyUtility.GetRandomBytes(plainTextBytes);
return result;
}
internal static bool CompareHash(IHashProvider provider, string plaintext, string hashedText)
{
byte[] bytes = Encoding.Unicode.GetBytes(plaintext);
byte[] hashedtext = Convert.FromBase64String(hashedText);
bool flag = provider.CompareHash(bytes, hashedtext);
CryptographyUtility.GetRandomBytes(bytes);
return flag;
}