private bool PasswordMeetsPolicy(String Password, PWDTK.PasswordPolicy PassPolicy)
{
if (PWDTK.TryPasswordPolicyCompliance(Password, PassPolicy))
{
return(true);
}
else
{
return(false);
}
}
private bool PasswordMeetsPolicy(String Password, PWDTK.PasswordPolicy PassPolicy)
{
PasswordPolicyException pwdEx = new PasswordPolicyException("");
if (PWDTK.TryPasswordPolicyCompliance(Password, PassPolicy, ref pwdEx))
{
return(true);
}
else
{
//Password does not comply with PasswordPolicy so we get the error message from the PasswordPolicyException to display to the user
MessageBox.Show(pwdEx.Message);
return(false);
}
}
private bool PasswordMeetsPolicy(String Password, PWDTK.PasswordPolicy PassPolicy)
{
PasswordPolicyException pwdEx = new PasswordPolicyException("");
if (PWDTK.TryPasswordPolicyCompliance(Password, PassPolicy, ref pwdEx))
{
return(true);
}
else
{
//Password does not comply with PasswordPolicy so we get the error message from the PasswordPolicyException to display to the user
//errorPasswd.SetError(txtPassword, pwdEx.Message);
throw new Exception(pwdEx.Message);
//return false;
}
}
/*
* protected void btnLogin_Click(object sender, EventArgs e) {
* if (Membership.ValidateUser(tbUserName.Text, tbPassword.Text)) {
* if(string.IsNullOrEmpty(Request.QueryString["ReturnUrl"])) {
* FormsAuthentication.SetAuthCookie(tbUserName.Text, false);
* Response.Redirect("~/");
* }
* else
* FormsAuthentication.RedirectFromLoginPage(tbUserName.Text, false);
* }
* else {
* tbUserName.ErrorText = "Invalid user";
* tbUserName.IsValid = false;
* }
* }
*/
protected void ASPxButtonLogin_Click(object sender, EventArgs e)
{
Page.Validate();
if (!Page.IsValid)
{
return;
}
if (string.IsNullOrEmpty(recaptchaUserValue.Value))
{
Msg.Visible = true;
Msg.InnerHtml = "Error en los datos de seguridad, vuelva a recargar la página.";
return;
}
var Recaptchav3 = new RecaptchaVerificationHelper();
// If your site is behind CloudFlare, be sure you're suing the CF-Connecting-IP header value instead:
// https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers
RecaptchaVerificationResult recaptchaResult = Recaptchav3.VerifyRecaptchav3Response(
Global.Configuration.Security.Google.Recaptcha.v3.GetGoogleRecaptchaSecretKey()
, Global.Configuration.Security.Google.Recaptcha.v3.GetGoogleRecaptchaWebsiteKey()
, Request.UserHostAddress
, recaptchaUserValue.Value
);
if (recaptchaResult == RecaptchaVerificationResult.Success)
{
//divMessage.InnerHtml = "Score: " + Recaptchav3.Score;
decimal?minScore = new decimal(0.6);
if (Recaptchav3.Score < minScore)
{
Response.Redirect("~/Captcha.aspx", true);
}
//create session
// Global.Sessions.UserCreateSession();
// Go main menu.
if (ValidateLogin())
{
HttpCookie userid = new HttpCookie("User.Email", Email.Value.ToString())
{
Expires = DateTime.Now.AddYears(1)
};
Response.Cookies.Add(userid);
Response.Redirect("~/recursos/");
}
else
{
Msg.Visible = true;
}
Msg.InnerHtml = "Login fallido. Por favor revise sus datos e intente de nuevo.";
}
else
{
Msg.Visible = true;
Msg.InnerHtml = "Existe un problema para validar la seguridad, intente mas tarde o por favor contacte a soporte técnico.";
}
bool ValidateLogin()
{
bool loginOK = false;
string salt = string.Empty, encrypass = string.Empty, dbpassword = string.Empty;
SqlParameter[] parameters =
{
new SqlParameter {
ParameterName = "Email", DbType = DbType.AnsiString, Size = 50, Value = Email.Value.ToString()
}
};
string tsql = @"
SELECT TOP 1
[UserRegisterID]
,[Names]
,[LastName]
,[Email]
,[Password]
,[PasswordSalt]
FROM [CMSUserRegister]
WHERE
Email = @Email
ORDER BY [UserRegisterID] DESC
;";
var sqlserver = new SqlApiSqlClient();
using (sqlserver.Connection = new SqlConnection(Global.Configuration.DB.GetConnectionStringDBMain()))
{
using (var dr = sqlserver.DataReaderSqlString(tsql, parameters))
{
if (dr.Read())
{
salt = dr["PasswordSalt"].ToString();;
dbpassword = dr["Password"].ToString();;
Byte[] _salt;
Byte[] _hash;
//This is the password policy that all passwords must adhere to, if the password doesn't meet the policy we save CPU processing time by not even bothering to calculate hash of a clearly incorrect password
PWDTK.PasswordPolicy PwdPolicy = new PWDTK.PasswordPolicy(numberUpper, numberNonAlphaNumeric, numberNumeric, minPwdLength, maxPwdLength);
//or we can just use the default password policy provided by the API like below
//PWDTK.PasswordPolicy PwdPolicy = PWDTK.cDefaultPasswordPolicy;
_salt = PWDTK.HashHexStringToBytes(salt); // reverse operation ;
//Generate the hash value
_hash = PWDTK.PasswordToHash(_salt, Password.Value.ToString(), iterations);
encrypass = PWDTK.HashBytesToHexString(_hash);
if (encrypass == dbpassword)
{
loginOK = true;
// Session["User.UserEmail"] = dr["UserEmail"].ToString();
}
else
{
loginOK = false;
}
}
else
{
loginOK = false;
}
dr.Close();
}
sqlserver.Connection.Close();
};
if (loginOK)
{
return(true);
}
else
{
return(false);
}
}
}
private bool PasswordMeetsPolicy(String Password, PWDTK.PasswordPolicy PassPolicy)
{
PasswordPolicyException pwdEx = new PasswordPolicyException("");
return(PWDTK.TryPasswordPolicyCompliance(Password, PassPolicy, ref pwdEx));
}
/*
* bool IsUserAlreadyExist()
* {
*
* SqlParameter[] parameters = {
* new SqlParameter { ParameterName="UserLogin", DbType= DbType.AnsiString, Size=128, Value= Email.Value.ToString()}
*
* };
*
* string email = SqlApiSqlClient.GetStringRecordValue("SELECT [UserLogin] FROM Users WHERE [UserLogin] = @UserLogin;", parameters, Global.Configuration.DB.GetConnectionStringDBMain());
*
* if (!string.IsNullOrEmpty(email)) return true;
* else return false;
*
* }
*/
//TODO: send confirmation email
bool CreateUser()
{
string salt, encrypass;
Byte[] _salt;
Byte[] _hash;
//This is the password policy that all passwords must adhere to, if the password doesn't meet the policy we save CPU processing time by not even bothering to calculate hash of a clearly incorrect password
PWDTK.PasswordPolicy PwdPolicy = new PWDTK.PasswordPolicy(numberUpper, numberNonAlphaNumeric, numberNumeric, minPwdLength, maxPwdLength);
//or we can just use the default password policy provided by the API like below
//PWDTK.PasswordPolicy PwdPolicy = PWDTK.cDefaultPasswordPolicy;
//Get a random salt
_salt = PWDTK.GetRandomSalt(saltSize);
//Generate the hash value
_hash = PWDTK.PasswordToHash(_salt, PasswordReg.Value.ToString(), iterations);
encrypass = PWDTK.HashBytesToHexString(_hash);
salt = PWDTK.HashBytesToHexString(_salt); // reverse operation PWDTK.HashHexStringToBytes();
SqlParameter[] parameters =
{
new SqlParameter {
ParameterName = "Names", DbType = DbType.AnsiString, Size = 50, Value = Names.Value.ToString()
}
, new SqlParameter{
ParameterName = "LastName", DbType = DbType.AnsiString, Size = 50, Value = LastName.Value.ToString()
}
, new SqlParameter{
ParameterName = "Mobile", DbType = DbType.AnsiString, Size = 50, Value = Mobile.Value.ToString()
}
, new SqlParameter{
ParameterName = "Email", DbType = DbType.AnsiString, Size = 50, Value = Email.Value.ToString()
}
, new SqlParameter{
ParameterName = "Business", DbType = DbType.AnsiString, Size = 50, Value = Business.Value.ToString()
}
, new SqlParameter{
ParameterName = "Position", DbType = DbType.AnsiString, Size = 50, Value = Position.Value.ToString()
}
, new SqlParameter{
ParameterName = "Country", DbType = DbType.AnsiString, Size = 50, Value = Country.Value.ToString()
}
, new SqlParameter{
ParameterName = "City", DbType = DbType.AnsiString, Size = 50, Value = City.Value.ToString()
}
, new SqlParameter{
ParameterName = "Telephone", DbType = DbType.AnsiString, Size = 50, Value = Telephone.Value.ToString()
}
, new SqlParameter{
ParameterName = "Password", DbType = DbType.AnsiString, Size = 1000, Value = encrypass
}
, new SqlParameter{
ParameterName = "PasswordSalt", DbType = DbType.AnsiString, Size = 1000, Value = salt
}
};
string tsql = @"
SET NOCOUNT OFF;
INSERT INTO [CMSUserRegister] ([Names], [LastName], [Mobile], [Email], [Business], [Position], [Country], [City], [Telephone], [RegisterDate], [Password], [PasswordSalt], [LastLogin]) VALUES (@Names, @LastName, @Mobile, @Email, @Business, @Position, @Country, @City, @Telephone, GETDATE(), @Password, @PasswordSalt, GETDATE());
; ";
var sqlserver = new SqlApiSqlClient();
int r = sqlserver.CommandExecuteSqlString(tsql, parameters, Global.Configuration.DB.GetConnectionStringDBMain());
if (r == 1)
{
return(true);
}
else
{
return(false);
}
}
