private bool ValidatePasswordEncrypted(UserPartRecord partRecord, string password) { return String.Equals(password, Encoding.UTF8.GetString(_encryptionService.Decode(Convert.FromBase64String(partRecord.Password))), StringComparison.Ordinal); }
private static bool ValidatePasswordHashed(UserPartRecord partRecord, string password) { var saltBytes = Convert.FromBase64String(partRecord.PasswordSalt); var passwordBytes = Encoding.Unicode.GetBytes(password); var combinedBytes = saltBytes.Concat(passwordBytes).ToArray(); byte[] hashBytes; using (var hashAlgorithm = HashAlgorithm.Create(partRecord.HashAlgorithm)) { hashBytes = hashAlgorithm.ComputeHash(combinedBytes); } return partRecord.Password == Convert.ToBase64String(hashBytes); }
private void SetPasswordEncrypted(UserPartRecord partRecord, string password) { partRecord.Password = Convert.ToBase64String(_encryptionService.Encode(Encoding.UTF8.GetBytes(password))); partRecord.PasswordSalt = null; }
private static void SetPasswordHashed(UserPartRecord partRecord, string password) { var saltBytes = new byte[0x10]; using (var random = new RNGCryptoServiceProvider()) { random.GetBytes(saltBytes); } var passwordBytes = Encoding.Unicode.GetBytes(password); var combinedBytes = saltBytes.Concat(passwordBytes).ToArray(); byte[] hashBytes; using (var hashAlgorithm = HashAlgorithm.Create(partRecord.HashAlgorithm)) { hashBytes = hashAlgorithm.ComputeHash(combinedBytes); } partRecord.PasswordFormat = MembershipPasswordFormat.Hashed; partRecord.Password = Convert.ToBase64String(hashBytes); partRecord.PasswordSalt = Convert.ToBase64String(saltBytes); }
private static bool ValidatePasswordClear(UserPartRecord partRecord, string password) { return partRecord.Password == password; }
private static void SetPasswordClear(UserPartRecord partRecord, string password) { partRecord.PasswordFormat = MembershipPasswordFormat.Clear; partRecord.Password = password; partRecord.PasswordSalt = null; }
private bool ValidatePassword(UserPartRecord partRecord, string password) { // Note - the password format stored with the record is used // otherwise changing the password format on the site would invalidate // all logins switch (partRecord.PasswordFormat) { case MembershipPasswordFormat.Clear: return ValidatePasswordClear(partRecord, password); case MembershipPasswordFormat.Hashed: return ValidatePasswordHashed(partRecord, password); case MembershipPasswordFormat.Encrypted: return ValidatePasswordEncrypted(partRecord, password); default: throw new ApplicationException("Unexpected password format value"); } }
void SetPassword(UserPartRecord partRecord, string password) { switch (GetSettings().PasswordFormat) { case MembershipPasswordFormat.Clear: SetPasswordClear(partRecord, password); break; case MembershipPasswordFormat.Hashed: SetPasswordHashed(partRecord, password); break; case MembershipPasswordFormat.Encrypted: SetPasswordEncrypted(partRecord, password); break; default: throw new ApplicationException(T("Unexpected password format value").ToString()); } }