public RegisterUserCode HashClearTextPassword(string UserName) { BorrowerDAL dal = new BorrowerDAL(_connection); Borrower b = dal.BorrowerFindByName(UserName); if (b == null) { return(RegisterUserCode.UserNameNotFound); } BorrowerSecuredDAL sdal = new BorrowerSecuredDAL(_connection); BorrowerSecured sb = sdal.BorrowerSecuredFindByID(b.BorrowerID); if (sb == null) { return(RegisterUserCode.SecuredDataNotFound); } // when using cleartext the SALT Field contains "ClearText" instead of salt // the cleartext password in in HASH if (sb.Salt == "ClearText") { string salt = System.Web.Helpers.Crypto.GenerateSalt(20); // when using cleartext, the HASH field contains the cleartext password string pw = sb.Hash + salt; string hash = System.Web.Helpers.Crypto.HashPassword(pw); sdal.BorrowerSecuredUpdateJust(b.BorrowerID, hash, salt); } else { return(RegisterUserCode.SecuredAlready); } return(RegisterUserCode.Success); }
public Borrower ValidateUserClearText(string UserName, string Password) { BorrowerSecured rv = null; BorrowerSecuredDAL dal = new BorrowerSecuredDAL(_connection); { rv = dal.BorrowerSecuredFindByName(UserName); if (rv == null) { return(null); } if (Password == rv.Hash) { return(rv); } } return(null); }
public Borrower ValidateUserHashed(string UserName, string Password) { BorrowerSecured rv = null; BorrowerSecuredDAL dal = new BorrowerSecuredDAL(_connection); { rv = dal.BorrowerSecuredFindByName(UserName); if (rv == null) { return(null); } string pw = Password + rv.Salt; bool verified = System.Web.Helpers.Crypto.VerifyHashedPassword(rv.Hash, pw); if (verified) { return(rv); } } return(null); }
public BorrowerSecured ToBorrowerSecured(IDataReader reader) { // rolename is read only so it must be constructed BorrowerSecured rv = new BorrowerSecured(reader.GetString(5)); // the values of the GetXXX have been validated by the constructor // the GetNullableXXX are EXTENSION methods. Look in class // readerHelper. these functions 'appear' in reader when the // readerHelper is in scope. dot into reader and see the icon // in front of the GetNullableXXX methods. This is the indicator // that the methods come from somewhere else. rv.BorrowerID = reader.GetInt32(0); rv.BorrowerName = reader.GetNullableString(1); rv.BorrowerEMail = reader.GetNullableString(2); rv.BorrowerDOB = reader.GetNullableDateTime(3); rv.RoleID = reader.GetInt32(4); rv.Hash = reader.GetNullableString(6); rv.Salt = reader.GetNullableString(7); return(rv); }
public BorrowerSecured BorrowerSecuredFindByEMail(string EMail) { BorrowerSecured rv = null; // a default return value try { EnsureConnected(); using (IDbCommand command = _connection.CreateCommand()) { // configure the command object command.CommandType = CommandType.StoredProcedure; command.CommandText = "BorrowerSecuredFindByEmail"; IDbDataParameter p = command.CreateParameter(); p.ParameterName = "@BorrowerEmail"; p.DbType = DbType.String; p.Direction = ParameterDirection.Input; p.Value = EMail; command.Parameters.Add(p); // load the data from the database using (IDataReader reader = command.ExecuteReader()) { // the mapper is constructed, and this is where the shape // is validated to insure it is correct // if the database structure changes, // an exception will be thrown // the less efficient Get Ordinal methods are only // invoked one time per command // this less efficient (but required) code // is outside the loop BorrowerSecuredMapper mapper = new BorrowerSecuredMapper(reader); int count = 0; while (reader.Read()) { rv = mapper.ToBorrowerSecured(reader); // the mapper uses the much more efficient getXXX // methods internally to avoid boxing and // string manipulation. this more efficient code is // inside the loop count++; } // this method is expecting a single record to be returned // check to see if more than one record was returned // this probably means that a where clause is incorrect in the SQL layer if (count > 1) { throw new Exception("Multiple reccords found with id: {BorrowerID}"); } } } } catch (Exception ex) when(Logger.Log(ex, "DAL")) { // ALL exceptions are logged by the when clause // and then the exception is tossed to the next layer up. // the catch block is NEVER invoked because the // when clause never evaluates to true since the // Log method returns false } return(rv); }