/// <summary>
/// Used to validate the user database password with the recieved one.
/// </summary>
/// <param name="user">{ApplicationUser} The user informations from the database.</param>
/// <param name="plainTextPassword">{string} the recieved plain text password.</param>
/// <returns>{bool} True if valid, False otherwise.</returns>
public static bool ValidateUserCredentials(ApplicationUser user, string plainTextPassword)
{
string sha1PwdHash = PasswrodHelper.GenerateSha1HashBase64(plainTextPassword, user.PasswordPublicSalt);
string sha512PwdHash = PasswrodHelper.GenerateSha512HashBase64(sha1PwdHash, user.PasswordPrivateSalt);
return(PasswrodHelper.ValidatePassword(sha512PwdHash, user.PasswordHash as string));
}
private async Task <IdentityResult> GeneratePasswordHash(ApplicationUser user, string newPassword, bool validatePassword = true)
{
if (validatePassword)
{
var validate = await this.ValidatePasswordAsync(user, newPassword);
if (!validate.Succeeded)
{
return(validate);
}
}
var passwordStore = this.GetPasswordStore();
var password = PasswrodHelper.GenratePassword(newPassword);
user.PasswordPublicSalt = password.PasswordPublicSalt;
user.PasswordPrivateSalt = password.PasswordPrivateSalt;
await passwordStore.SetPasswordHashAsync(user, password.PasswordHash, this.CancellationToken);
await this.UpdateSecurityStampInternal(user);
return(IdentityResult.Success);
}
/// <summary>
/// Used to Generate a second hash {SHA512} based on the SHA1 password hash and the private salt.
/// </summary>
/// <param name="passwordSha1HashBase64">{string} SHA1 password Hash base 64.</param>
/// <param name="passwordPrivateSalt">{string} Password Salt either from the database or a newly generated salt.</param>
/// <returns>{string} base 64 Passwrod SHA512 hash.</returns>
public static string GenerateSha512HashBase64(string passwordSha1HashBase64, string passwordPrivateSalt)
{
HashAlgorithm secondHasher = new SHA512CryptoServiceProvider();
byte[] secondHash = secondHasher.ComputeHash(PasswrodHelper.CombineSalt(Convert.FromBase64String(passwordSha1HashBase64), Convert.FromBase64String(passwordPrivateSalt)));
return(Convert.ToBase64String(secondHash));
}
/// <summary>
/// Used to Generate an SHA1 password hash based on the plain text password and the public salt.
/// </summary>
/// <param name="plainTextPassword">{string} Plain text password.</param>
/// <param name="passwordPublicSalt">{string} Password Salt either from the database or a newly generated salt.</param>
/// <returns>{string} base 64 Passwrod SHA1 hash.</returns>
public static string GenerateSha1HashBase64(string plainTextPassword, string passwordPublicSalt)
{
HashAlgorithm firstHasher = new SHA1CryptoServiceProvider();
byte[] firstHash = firstHasher.ComputeHash(PasswrodHelper.CombineSalt(System.Text.Encoding.UTF8.GetBytes(plainTextPassword), Convert.FromBase64String(passwordPublicSalt)));
return(Convert.ToBase64String(firstHash));
}
/// <summary>
/// Override the {UserManager.VerifyPasswordAsync(...)} method to match our need.
/// Returns a <see cref="PasswordVerificationResult"/> indicating the result of a password hash comparison.
/// </summary>
/// <param name="user">The user whose password should be verified.</param>
/// <param name="password">The password to verify.</param>
/// <returns>
/// The <see cref="Task"/> that represents the asynchronous operation, containing the <see cref="PasswordVerificationResult"/>
/// of the operation.
/// </returns>
private PasswordVerificationResult VerifyPasswordAsync(ApplicationUser user, string password)
{
if (string.IsNullOrWhiteSpace(user.PasswordHash) || string.IsNullOrWhiteSpace(user.PasswordPublicSalt) || string.IsNullOrWhiteSpace(user.PasswordPrivateSalt))
{
return(PasswordVerificationResult.Failed);
}
var isValid = PasswrodHelper.ValidateUserCredentials(user, password);
return(isValid ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed);
}
/// <summary>
/// Used To generate password hash and its salts based on the given plain text password.
/// </summary>
/// <param name="plainTextPassword">{String} plain text password.</param>
/// <returns>{PasswordModel} Newly generated password.</returns>
public static PasswordModel GenratePassword(string plainTextPassword)
{
var publicSalt = PasswrodHelper.GenerateNewSaltBase64();
var privateSalt = PasswrodHelper.GenerateNewSaltBase64();
var firstHashBase64 = PasswrodHelper.GenerateSha1HashBase64(plainTextPassword, publicSalt);
var finalHash = PasswrodHelper.GenerateSha512HashBase64(firstHashBase64, privateSalt);
return(new PasswordModel()
{
Password = plainTextPassword,
PasswordHash = finalHash,
PasswordPublicSalt = publicSalt,
PasswordPrivateSalt = privateSalt,
});
}
/// <summary>
/// Used to Generate a random password with the public and private salt.
/// </summary>
/// <returns>{PasswordHolder} The Newly created password.</returns>
public static PasswordModel GenerateRandomPassword()
{
var random = new byte[8];
new RNGCryptoServiceProvider().GetBytes(random);
var password = Convert.ToBase64String(random);
var publicSalt = PasswrodHelper.GenerateNewSaltBase64();
var privateSalt = PasswrodHelper.GenerateNewSaltBase64();
var firstHashBase64 = PasswrodHelper.GenerateSha1HashBase64(password, publicSalt);
var finalHash = PasswrodHelper.GenerateSha512HashBase64(firstHashBase64, privateSalt);
return(new PasswordModel()
{
Password = password,
PasswordHash = finalHash,
PasswordPublicSalt = publicSalt,
PasswordPrivateSalt = privateSalt,
});
}
