/// <summary> /// Used to validate the user database password with the recieved one. /// </summary> /// <param name="user">{ApplicationUser} The user informations from the database.</param> /// <param name="plainTextPassword">{string} the recieved plain text password.</param> /// <returns>{bool} True if valid, False otherwise.</returns> public static bool ValidateUserCredentials(ApplicationUser user, string plainTextPassword) { string sha1PwdHash = PasswrodHelper.GenerateSha1HashBase64(plainTextPassword, user.PasswordPublicSalt); string sha512PwdHash = PasswrodHelper.GenerateSha512HashBase64(sha1PwdHash, user.PasswordPrivateSalt); return(PasswrodHelper.ValidatePassword(sha512PwdHash, user.PasswordHash as string)); }
private async Task <IdentityResult> GeneratePasswordHash(ApplicationUser user, string newPassword, bool validatePassword = true) { if (validatePassword) { var validate = await this.ValidatePasswordAsync(user, newPassword); if (!validate.Succeeded) { return(validate); } } var passwordStore = this.GetPasswordStore(); var password = PasswrodHelper.GenratePassword(newPassword); user.PasswordPublicSalt = password.PasswordPublicSalt; user.PasswordPrivateSalt = password.PasswordPrivateSalt; await passwordStore.SetPasswordHashAsync(user, password.PasswordHash, this.CancellationToken); await this.UpdateSecurityStampInternal(user); return(IdentityResult.Success); }
/// <summary> /// Used to Generate a second hash {SHA512} based on the SHA1 password hash and the private salt. /// </summary> /// <param name="passwordSha1HashBase64">{string} SHA1 password Hash base 64.</param> /// <param name="passwordPrivateSalt">{string} Password Salt either from the database or a newly generated salt.</param> /// <returns>{string} base 64 Passwrod SHA512 hash.</returns> public static string GenerateSha512HashBase64(string passwordSha1HashBase64, string passwordPrivateSalt) { HashAlgorithm secondHasher = new SHA512CryptoServiceProvider(); byte[] secondHash = secondHasher.ComputeHash(PasswrodHelper.CombineSalt(Convert.FromBase64String(passwordSha1HashBase64), Convert.FromBase64String(passwordPrivateSalt))); return(Convert.ToBase64String(secondHash)); }
/// <summary> /// Used to Generate an SHA1 password hash based on the plain text password and the public salt. /// </summary> /// <param name="plainTextPassword">{string} Plain text password.</param> /// <param name="passwordPublicSalt">{string} Password Salt either from the database or a newly generated salt.</param> /// <returns>{string} base 64 Passwrod SHA1 hash.</returns> public static string GenerateSha1HashBase64(string plainTextPassword, string passwordPublicSalt) { HashAlgorithm firstHasher = new SHA1CryptoServiceProvider(); byte[] firstHash = firstHasher.ComputeHash(PasswrodHelper.CombineSalt(System.Text.Encoding.UTF8.GetBytes(plainTextPassword), Convert.FromBase64String(passwordPublicSalt))); return(Convert.ToBase64String(firstHash)); }
/// <summary> /// Override the {UserManager.VerifyPasswordAsync(...)} method to match our need. /// Returns a <see cref="PasswordVerificationResult"/> indicating the result of a password hash comparison. /// </summary> /// <param name="user">The user whose password should be verified.</param> /// <param name="password">The password to verify.</param> /// <returns> /// The <see cref="Task"/> that represents the asynchronous operation, containing the <see cref="PasswordVerificationResult"/> /// of the operation. /// </returns> private PasswordVerificationResult VerifyPasswordAsync(ApplicationUser user, string password) { if (string.IsNullOrWhiteSpace(user.PasswordHash) || string.IsNullOrWhiteSpace(user.PasswordPublicSalt) || string.IsNullOrWhiteSpace(user.PasswordPrivateSalt)) { return(PasswordVerificationResult.Failed); } var isValid = PasswrodHelper.ValidateUserCredentials(user, password); return(isValid ? PasswordVerificationResult.Success : PasswordVerificationResult.Failed); }
/// <summary> /// Used To generate password hash and its salts based on the given plain text password. /// </summary> /// <param name="plainTextPassword">{String} plain text password.</param> /// <returns>{PasswordModel} Newly generated password.</returns> public static PasswordModel GenratePassword(string plainTextPassword) { var publicSalt = PasswrodHelper.GenerateNewSaltBase64(); var privateSalt = PasswrodHelper.GenerateNewSaltBase64(); var firstHashBase64 = PasswrodHelper.GenerateSha1HashBase64(plainTextPassword, publicSalt); var finalHash = PasswrodHelper.GenerateSha512HashBase64(firstHashBase64, privateSalt); return(new PasswordModel() { Password = plainTextPassword, PasswordHash = finalHash, PasswordPublicSalt = publicSalt, PasswordPrivateSalt = privateSalt, }); }
/// <summary> /// Used to Generate a random password with the public and private salt. /// </summary> /// <returns>{PasswordHolder} The Newly created password.</returns> public static PasswordModel GenerateRandomPassword() { var random = new byte[8]; new RNGCryptoServiceProvider().GetBytes(random); var password = Convert.ToBase64String(random); var publicSalt = PasswrodHelper.GenerateNewSaltBase64(); var privateSalt = PasswrodHelper.GenerateNewSaltBase64(); var firstHashBase64 = PasswrodHelper.GenerateSha1HashBase64(password, publicSalt); var finalHash = PasswrodHelper.GenerateSha512HashBase64(firstHashBase64, privateSalt); return(new PasswordModel() { Password = password, PasswordHash = finalHash, PasswordPublicSalt = publicSalt, PasswordPrivateSalt = privateSalt, }); }