private bool ValidatePasswordHashed(UserPart userPart, string password) { var saltBytes = Convert.FromBase64String(userPart.PasswordSalt); bool isValid; if (userPart.HashAlgorithm == PBKDF2) { // We can't reuse ComputeHashBase64 as the internally generated salt repeated calls to Crypto.HashPassword() return different results. isValid = Crypto.VerifyHashedPassword(userPart.Password, Encoding.Unicode.GetString(CombineSaltAndPassword(saltBytes, password))); } else { isValid = SecureStringEquality(userPart.Password, ComputeHashBase64(userPart.HashAlgorithm, saltBytes, password)); } // Migrating older password hashes to Default algorithm if necessary and enabled. if (isValid && userPart.HashAlgorithm != DefaultHashAlgorithm) { var keepOldConfiguration = _appConfigurationAccessor.GetConfiguration("Orchard.Users.KeepOldPasswordHash"); if (String.IsNullOrEmpty(keepOldConfiguration) || keepOldConfiguration.Equals("false", StringComparison.OrdinalIgnoreCase)) { userPart.HashAlgorithm = DefaultHashAlgorithm; userPart.Password = ComputeHashBase64(userPart.HashAlgorithm, saltBytes, password); } } return(isValid); }
/// <summary> /// Get list of comma separated paths from web.config appSettings /// Also return the default path /// </summary> static string[] GetConfigPaths(IAppConfigurationAccessor appConfigurationAccessor, string key, string defaultPath) { char[] delim = { ',' }; string configuration = appConfigurationAccessor.GetConfiguration(key) ?? ""; return(configuration.Split(delim, StringSplitOptions.RemoveEmptyEntries).Concat(new string[] { defaultPath }).Select(s => s.Trim()).Distinct(StringComparer.OrdinalIgnoreCase).ToArray()); }
private bool PasswordIsValid(string password) { var configuredPassword = _appConfigurationAccessor.GetConfiguration(AppConfigurationKeys.ApiPassword); Argument.ThrowIfNullOrEmpty(configuredPassword, AppConfigurationKeys.ApiPassword); return(password == configuredPassword); }
public ApiResult GetLastVersion(string softKey) { int totalCount; var last = _currencyService.GetListPaged <SoftRelease>(1, 1, sr => sr.SoftKey.Equals(softKey, StringComparison.OrdinalIgnoreCase), out totalCount, new OrderModelField { IsDesc = true, PropertyName = "CreateTime" }); var result = new ApiResult(); if (last.Count > 0) { var item = last.FirstOrDefault(); if (item != null) { var fileHttpUrl = _appConfigurationAccessor.GetConfiguration("FileHttpUrl"); item.DownloadUrl = fileHttpUrl + item.DownloadUrl; result.SetData(item); } } return(result); }
public bool IsValueEqual(HashedStringField field, string value) { // Preliminary checks. if (string.IsNullOrWhiteSpace(field.Salt)) { return(false); } if (string.IsNullOrWhiteSpace(field.HashAlgorithm)) { return(false); } bool isValid; var saltBytes = Convert.FromBase64String(field.Salt); if (field.HashAlgorithm == PBKDF2) { // We can't reuse ComputeHashBase64 as the internally generated salt repeated calls to Crypto.HashPassword() return different results. isValid = Crypto.VerifyHashedPassword(field.Value, Encoding.Unicode.GetString(CombineSaltAndPassword(saltBytes, value))); } else { isValid = SecureStringEquality(field.Value, ComputeHashBase64(field.HashAlgorithm, saltBytes, value)); } // Migrating older hashes to Default algorithm if necessary and enabled. if (isValid && field.HashAlgorithm != DefaultHashAlgorithm) { var keepOldConfiguration = _appConfigurationAccessor.GetConfiguration("Orchard.Users.KeepOldPasswordHash"); if (String.IsNullOrEmpty(keepOldConfiguration) || keepOldConfiguration.Equals("false", StringComparison.OrdinalIgnoreCase)) { field.HashAlgorithm = DefaultHashAlgorithm; field.Value = ComputeHashBase64(field.HashAlgorithm, saltBytes, value); } } return(isValid); }
/// <summary> /// Get list of comma separated paths from web.config appSettings /// Also return the default path /// </summary> static string[] GetConfigPaths(IAppConfigurationAccessor appConfigurationAccessor, string key, string defaultPath) { char[] delim = { ',' }; string configuration = appConfigurationAccessor.GetConfiguration(key) ?? ""; return configuration.Split(delim, StringSplitOptions.RemoveEmptyEntries).Concat(new string[] { defaultPath }).Select(s => s.Trim()).Distinct(StringComparer.OrdinalIgnoreCase).ToArray(); }