コード例 #1
0
ファイル: DB.cs プロジェクト: balilamaor/Prototypes
        static public bool AccessIsAllowed(string userName, string password)
        {
            string connectionString = ConfigurationManager.ConnectionStrings["gasTrackerConnectionString"].ConnectionString;

            using (SqlConnection connection = new SqlConnection())
            {
                string strSQL = string.Format("Select * From Accounts where {0} = @{0}", AccountTable.UserName);
                using (SqlCommand selectUserCommand = new SqlCommand(strSQL, connection))
                {
                    SqlParameter parameter = new SqlParameter();
                    parameter.ParameterName = "@" + AccountTable.UserName;
                    parameter.Value         = userName;
                    parameter.SqlDbType     = SqlDbType.VarChar;
                    parameter.Size          = MAX_USERNAME_LENGHT;
                    selectUserCommand.Parameters.Add(parameter);

                    connection.ConnectionString = connectionString;
                    connection.Open();

                    using (SqlDataReader myDataReader = selectUserCommand.ExecuteReader(CommandBehavior.CloseConnection))
                    {
                        DataTable accountsTable = new DataTable();
                        accountsTable.Load(myDataReader);
                        if (accountsTable.Rows.Count != 1 || accountsTable.HasErrors)
                        {
                            return(false);
                        }

                        DataRow accountRow = accountsTable.Rows[0];
                        byte[]  salt       = Convert.FromBase64String((string)accountRow[AccountTable.Salt]);
                        byte[]  encriptedSaltedPassword             = Authentification.MakeEncriptedSaltedPassword(password, salt);
                        string  encriptedSaltedPasswordStringByUser = Convert.ToBase64String(encriptedSaltedPassword);

                        string passwordDB = (string)accountRow[AccountTable.Password];

                        return(encriptedSaltedPasswordStringByUser == passwordDB);
                    }
                }
            }
        }
コード例 #2
0
ファイル: DB.cs プロジェクト: balilamaor/Prototypes
        static public void AddAccount(string userName, string password)
        {
            ValidateUserNamePassword(userName, password);

            string sqlInsert = string.Format("Insert Into dbo.Accounts " +
                                             "({0}, {1}, {2}, {3}, {4}, {5}) Values " +
                                             "(@{0}, @{1}, @{2}, @{3}, @{4}, @{5})",
                                             AccountTable.UserName, AccountTable.Password, AccountTable.Salt, AccountTable.Created, AccountTable.Updated, AccountTable.State);

            byte[] salt = new byte[SALT_LENGHT];
            using (RNGCryptoServiceProvider saltGenerator = new RNGCryptoServiceProvider())
            {
                saltGenerator.GetBytes(salt);
            }

            byte[] encriptedSaltedPassword       = Authentification.MakeEncriptedSaltedPassword(password, salt);
            string encriptedSaltedPasswordString = Convert.ToBase64String(encriptedSaltedPassword);

            Debug.Print(string.Format("encriptedSaltedPasswordString.Length {0}", encriptedSaltedPasswordString.Length));
            Validator.ThrowIfTrue <ArgumentOutOfRangeException>(encriptedSaltedPasswordString.Length > PASSWORD_FIELD_LENGHT,
                                                                string.Format("The encriptedSaltedPasswordString is loo long:  {0}", encriptedSaltedPasswordString.Length));

            string encodedSaltBase64String = Convert.ToBase64String(salt);

            Debug.Print(string.Format("encodedSaltBase64String.Length {0}", encodedSaltBase64String.Length));
            Validator.ThrowIfTrue <ArgumentOutOfRangeException>(encodedSaltBase64String.Length > SALT_FIELD_LENGHT,
                                                                string.Format("The encodedSaltBase64String is loo long:  {0}", encodedSaltBase64String.Length));

            using (SqlConnection connection = new SqlConnection())
            {
                using (SqlCommand command = new SqlCommand(sqlInsert, connection))
                {
                    SqlParameter parameter = new SqlParameter();
                    parameter.ParameterName = "@" + AccountTable.UserName;
                    parameter.Value         = userName;
                    parameter.SqlDbType     = SqlDbType.VarChar;
                    parameter.Size          = MAX_USERNAME_LENGHT;
                    command.Parameters.Add(parameter);

                    parameter = new SqlParameter();
                    parameter.ParameterName = "@" + AccountTable.Password;
                    parameter.Value         = encriptedSaltedPasswordString;
                    parameter.SqlDbType     = SqlDbType.VarChar;
                    parameter.Size          = PASSWORD_FIELD_LENGHT;
                    command.Parameters.Add(parameter);

                    parameter = new SqlParameter();
                    parameter.ParameterName = "@" + AccountTable.Salt;
                    parameter.Value         = encodedSaltBase64String;
                    parameter.SqlDbType     = SqlDbType.VarChar;
                    parameter.Size          = SALT_FIELD_LENGHT;
                    command.Parameters.Add(parameter);

                    parameter = new SqlParameter();
                    parameter.ParameterName = "@" + AccountTable.Created;
                    parameter.Value         = DateTime.Now.ToUniversalTime();
                    parameter.SqlDbType     = SqlDbType.DateTime2;
                    command.Parameters.Add(parameter);

                    parameter = new SqlParameter();
                    parameter.ParameterName = "@" + AccountTable.Updated;
                    parameter.Value         = DateTime.Now.ToUniversalTime();
                    parameter.SqlDbType     = SqlDbType.DateTime2;
                    command.Parameters.Add(parameter);

                    parameter = new SqlParameter();
                    parameter.ParameterName = "@" + AccountTable.State;
                    parameter.Value         = AccountState.Active;
                    parameter.SqlDbType     = SqlDbType.Int;
                    command.Parameters.Add(parameter);

                    connection.ConnectionString = ConfigurationManager.ConnectionStrings["gasTrackerConnectionString"].ConnectionString;;
                    connection.Open();
                    command.ExecuteNonQuery();
                }
            }
        }