public IActionResult DoLogin([FromBody] CredentialCreateDto credentialCreateDto) { /* Checks if the received object is well formed */ if (!ModelState.IsValid) { return(BadRequest()); } /* Calculate the SHA256(<password>+SALT) - OBSOLETE and INSECURE! */ //string STRING_CalculatedSHA256Password = CryptoHelper.ComputeSha256Hash(credentialCreateDto.Password.PadLeft(32, '*') + _configuration.GetSection("NCLVaultConfiguration").GetValue(typeof(string), "PASSWORD_SALT")); var credential = _vaultDbContext.Credentials.Where(cred => cred.Username == credentialCreateDto.Username).FirstOrDefault(); /* Checks the credential */ if (credential != null && !PBKDF2Provider.IsValid(credentialCreateDto.Password.PadLeft(32, '*'), credential.Password)) //cred.Password == STRING_CalculatedSHA256Password)) { return(Unauthorized()); } // The login process is terminated correctly, generates the JWT token // Generates the ClaimIndentity object var identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme); // Adds to the JWT token the Username Claim that contains the username that has logged in */ identity.AddClaim(new Claim("username", credentialCreateDto.Username)); /* Saves the generated ClaimsPrincipal inside the HTTP Context */ HttpContext.User = new ClaimsPrincipal(identity); return(Ok()); }
public ActionResult <InitResponse> DoSignup([FromBody] CredentialCreateDto credentialCreateDto) { /* Checks if the request body respects the Template Decorators of the CredentialCreateDto Objects */ if (!ModelState.IsValid) { return(BadRequest()); } /* Checks if there's present a user with the same username */ if (_vaultDbContext.Credentials.Any(credential => credential.Username.Equals(credentialCreateDto.Username))) { return(Unauthorized()); //401 } // Creates a Credential object Credential credential = new Credential { // Sets the passed Username Username = credentialCreateDto.Username, // Sets the passed Password - Sha256(<passed_password>+salt) - OBSOLETE AND INSECURE! //Password = CryptoHelper.ComputeSha256Hash(credentialCreateDto.Password.PadLeft(32, '*') + _configuration.GetSection("NCLVaultConfiguration").GetValue(typeof(string), "PASSWORD_SALT")) Password = PBKDF2Provider.Generate(credentialCreateDto.Password.PadLeft(32, '*')) }; // Adds the element to Credential table and save _vaultDbContext.Credentials.Add(credential); _vaultDbContext.SaveChanges(); // Returns the stored Credential return(Ok(new InitResponse { Username = credential.Username })); }
public void T2_001_HashAndVerify() { string STRING_HashedString = PBKDF2Provider.Generate("!//Lab2020"); Assert.IsTrue(PBKDF2Provider.IsValid("!//Lab2020", STRING_HashedString)); }