public void PasswordHash_Encode() { var hashes = new[] { PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt1")), PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt2")), PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt1")), PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt2")), PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt1")), PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt2")), PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt1")), PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt2")), }; Assert.AreNotEqual(hashes[0], hashes[1]); // same password, different salt Assert.AreNotEqual(hashes[0], hashes[2]); // different password, same salt Assert.AreNotEqual(hashes[0], hashes[3]); // different password, different salt for (int i = 0; i < 4; i++) { Assert.AreNotEqual(hashes[i], hashes[i + 4]); // not equal even if created by same params. } Assert.IsTrue(PasswordHashProvider.CheckPassword("Password1", hashes[0], new TestPasswordSaltProvider("Salt1"))); Assert.IsTrue(PasswordHashProvider.CheckPassword("Password1", hashes[1], new TestPasswordSaltProvider("Salt2"))); Assert.IsTrue(PasswordHashProvider.CheckPassword("Password2", hashes[2], new TestPasswordSaltProvider("Salt1"))); Assert.IsTrue(PasswordHashProvider.CheckPassword("Password2", hashes[3], new TestPasswordSaltProvider("Salt2"))); }
public override void Save(NodeSaveSettings settings) { // Check uniqueness first if (Id == 0 || PropertyNamesForCheckUniqueness.Any(p => IsPropertyChanged(p))) { CheckUniqueUser(); } if (_password != null) { this.PasswordHash = PasswordHashProvider.EncodePassword(_password, this); } Domain = GenerateDomain(); var originalId = this.Id; // save current password to the list of old passwords this.SaveCurrentPassword(); base.Save(settings); // AD Sync SynchUser(originalId); if (originalId == 0) { // set creator for performant self permission setting // creator of the user will always be the user itself. this way setting permissions to the creators group on /Root/IMS will be adequate for user permissions // if you need the original creator, use the auditlog Retrier.Retry(3, 200, typeof(Exception), () => { // need to clear this flag to avoid getting an 'Id <> 0' error during copying this.CopyInProgress = false; this.CreatedBy = this; this.Owner = this; this.VersionCreatedBy = this; this.DisableObserver(TypeResolver.GetType(NodeObserverNames.NOTIFICATION, false)); this.DisableObserver(TypeResolver.GetType(NodeObserverNames.WORKFLOWNOTIFICATION, false)); base.Save(SavingMode.KeepVersion); }); // create profile if (IdentityManagement.UserProfilesEnabled) { CreateProfile(); } } }
public override void Save(NodeSaveSettings settings) { // Check uniqueness first CheckUniqueUser(); if (base.IsPropertyChanged("CreationDate")) { if (_password != null) { this.PasswordHash = PasswordHashProvider.EncodePassword(_password, this); } } Domain = GenerateDomain(); var originalId = this.Id; // save current password to the list of old passwords this.SaveCurrentPassword(); base.Save(settings); // AD Sync SynchUser(originalId); // set creator for performant self permission setting // creator of the user will always be the user itself. this way setting permissions to the creators group on /Root/IMS will be adequate for user permissions // if you need the original creator, use the auditlog if (originalId == 0) { //need to clear this flag to avoid getting an 'Id <> 0' error during copying this.CopyInProgress = false; this.CreatedBy = this; this.VersionCreatedBy = this; this.DisableObserver(TypeHandler.GetType(NodeObserverNames.NOTIFICATION)); this.DisableObserver(TypeHandler.GetType(NodeObserverNames.WORKFLOWNOTIFICATION)); base.Save(SavingMode.KeepVersion); } // create profiles if (originalId == 0 && Repository.UserProfilesEnabled) { CreateProfile(); } }
public bool CheckPasswordMatch(string passwordInClearText) { var match = false; try { // Check with the configured provider. match = PasswordHashProvider.CheckPassword(passwordInClearText, this.PasswordHash, this); } catch (SaltParseException) { // Keep 'match = false' and do not do other thing. } // If the migration is not enabled, shorting: return with the result. if (!Configuration.Security.EnablePasswordHashMigration) { return(match); } // If password was matched the migration is not needed. if (match) { return(true); } // Not match and migration is enabled. // Check with the outdated provider if (!PasswordHashProvider.CheckPasswordForMigration(passwordInClearText, this.PasswordHash, this)) { // If does not match, game over. return(false); } // Migration: generating a new hash with the configured provider and salt. this.PasswordHash = PasswordHashProvider.EncodePassword(passwordInClearText, this); using (new SystemAccount()) Save(SavingMode.KeepVersion); return(true); }
public static string EncodePassword(string passwordInClearText, IPasswordSaltProvider saltProvider) { return(PasswordHashProvider.EncodePassword(passwordInClearText, saltProvider)); }