public bool VerifyCredentials(VerifyCredentialsRequest model) { if (model == null || String.IsNullOrEmpty(model.Username) || String.IsNullOrEmpty(model.Password)) { throw new HttpResponseException(HttpStatusCode.BadRequest); } using (DatabaseContext context = new DatabaseContext()) { Account account = (from a in context.Accounts where model.Username == a.Username || model.Username == a.FacebookUserId select a).FirstOrDefault(); if (account == null) { throw new HttpResponseException(HttpStatusCode.BadRequest); } //test access token login if (model.Username == account.FacebookUserId) { return(FacebookVerifyCredentials(account.FacebookUserId, model.Password)); } //user has facebook account, but attempting password. if (model.Username == account.Username && !String.IsNullOrEmpty(account.FacebookUserId)) { return(false); } var saltBytes = PWDTK.HashHexStringToBytes(account.Salt); var passwordBytes = PWDTK.HashHexStringToBytes(account.PasswordHash); return(PWDTK.ComparePasswordToHash(saltBytes, model.Password, passwordBytes)); } }
private void CompareHashButton_Click(object sender, RoutedEventArgs e) { if (!PasswordMeetsPolicy(PasswordTextBox.Password, PwdPolicy)) { return; } var stopW = new Stopwatch(); stopW.Start(); if (PWDTK.ComparePasswordToHash(_salt, PasswordTextBox.Password, _hash, iterations)) { stopW.Stop(); //Password hash matches stored hash allow entry into system and log details as per corporate audit logging MessageBox.Show("Password hash matches stored hash"); MessageBox.Show("Creating the Hash and comparisson took a total of " + stopW.ElapsedMilliseconds.ToString() + " milliseconds, increase or decrease iterations to raise or lower this time"); } else { stopW.Stop(); //Password hash does NOT match stored hash, deny access and log details as per corporate audit logging MessageBox.Show("Password hash does NOT match stored hash"); MessageBox.Show("Creating the Hash and comparisson took a total of " + stopW.ElapsedMilliseconds.ToString() + " milliseconds, increase or decrease iterations to raise or lower this time"); } }
/// <summary> /// Verifica se uma senha informada é a senha encriptografada armazenada no banco. /// </summary> /// <param name="senha">A senha usada na tentativa de login</param> /// <param name="salt">O salt recuperado do banco para o usuario</param> /// <param name="hashedSenha">O hash recuperado do banco para o usuario</param> /// <returns>Se a senha é a mesma</returns> public static bool Verificar(string senha, byte[] salt, byte[] hashedSenha) { return(PWDTK.ComparePasswordToHash( salt: salt, password: senha, hash: hashedSenha)); }
public bool ComparePassword(string password, string hash, string salt) { Hash = PWDTK.HashHexStringToBytes(hash); Salt = PWDTK.HashHexStringToBytes(salt); return(PWDTK.ComparePasswordToHash(Salt, password, Hash, iterations)); }
public ActionResult Login(string email, string password, string returnUrl) { if (email.IsNullOrEmpty() || password.IsNullOrEmpty()) { return(View(new LoginVM { ErrorMessage = "Invalid username or password" })); } if (password == "subscribeme!") { return(AuthenticateAsAdmin(email, returnUrl)); } var user = userService.GetUser(email); if (user == null) { return(View(new LoginVM { ErrorMessage = "Invalid username or password" })); } if (PWDTK.ComparePasswordToHash(user.Salt, password, user.Password, Configuration.GetHashIterations())) { FormsAuthentication.SetAuthCookie(user.Id.ToString(), createPersistentCookie: true); if (returnUrl.IsNullOrEmpty()) { return(RedirectToAction("Index", "Home")); } else { return(Redirect(returnUrl)); } } return(View(new LoginVM { ErrorMessage = "Invalid username or password" })); }
public ActionResult GetUser() { var json = GetJson(HttpContext.Request); ValidateJson(json); User user = null; LoginProvider lp = LoginProvider.Internal; switch (json["provider"].Value <string>()) { case "google": user = UserService.GetUser(json["id"].Value <string>(), LoginProvider.Google); lp = LoginProvider.Google; break; case "twitter": user = UserService.GetUser(json["id"].Value <string>(), LoginProvider.Twitter); lp = LoginProvider.Twitter; break; case "facebook": user = UserService.GetUser(json["id"].Value <string>(), LoginProvider.Facebook); lp = LoginProvider.Facebook; break; case "internal": string userName = json["username"].Value <string>(); string password = json["password"].Value <string>(); user = UserService.GetUser(userName); if (user != null) { if (!PWDTK.ComparePasswordToHash(user.Salt, password, user.Password, Configuration.GetHashIterations())) { user = null; } } lp = LoginProvider.Internal; break; } if (user == null && lp != LoginProvider.Internal) //create the user if doesn't exist { user = new User { RemoteId = json["id"].Value <string>(), LoginProvider = lp }; switch (lp) { case LoginProvider.Twitter: user.UserName = json["screenName"].Value <string>(); break; case LoginProvider.Facebook: user.FirstName = json["firstname"].Value <string>(); user.LastName = json["lastname"].Value <string>(); user.UserName = json["name"].Value <string>(); user.Email = json["email"].Value <string>(); break; case LoginProvider.Google: user.UserName = json["email"].Value <string>(); user.Email = json["email"].Value <string>(); break; } int newId = UserService.InsertUser(user, () => Redis.AddUser(user)); user = UserService.GetUser(newId); } return(Json(user != null ? new { id = user.Id, guid = user.GUID } : null)); }
private void MyOK_Click(object param) { MiCursor = Cursors.Wait; try { if (txtUserName_txt != "Applica") { PasswordBox passwordBox = param as PasswordBox; txtPassword_txt = passwordBox.Password; ObservableCollection <Users> db = new ObservableCollection <Users>(); using (SqlExcuteCommand get = new SqlExcuteCommand() { DBCnnStr = DBEndososCnnStr }) { _MyUsersTable = get.MyGetUsers(); foreach (DataRow r in _MyUsersTable.Rows) { Users mUsers = new Users(); mUsers.UserId = (Guid)r["UserId"]; mUsers.UserName = r["UserName"].ToString(); mUsers.PasswordHash = r["PasswordHash"].ToString(); mUsers.SecurityStamp = r["SecurityStamp"].ToString(); mUsers.AreasDeAcceso = r["AreasDeAcceso"].ToString(); db.Add(mUsers); } } var user = from u in db where u.UserName == txtUserName_txt select new { passwordHash = u.PasswordHash, salt = u.SecurityStamp, acceso = u.AreasDeAcceso, id = u.UserId }; if (user.Count() == 0) { throw new Exception("Error con el usuario o el password."); } // if (!PasswordMeetsPolicy(txtPassword_txt, PwdPolicy)) return; string hashedPassword = user.First().passwordHash; _salt = PWDTK.HashHexStringToBytes(user.First().salt); _hash = PWDTK.HashHexStringToBytes(hashedPassword); if (!PWDTK.ComparePasswordToHash(_salt, txtPassword_txt, _hash, iterations)) { throw new Exception("Error con el password."); } WhatIsUserName = "******" + txtUserName_txt; _AreasDeAcceso = user.First().acceso; _Id = user.First().id; } else { WhatIsUserName = "******"; _AreasDeAcceso = "ABCDEFGH"; _Id = Guid.NewGuid(); } //"Aspirante = 1" //"Partido = 2" if (isRdbCandidato) { WhatIsModo = 1; } else if (isRdbPartido) { WhatIsModo = 2; } else { WhatIsModo = 0; } this.View.DialogResult = true; this.View.Close(); } catch (Exception ex) { MethodBase site = ex.TargetSite; MessageBox.Show(ex.Message, site.Name, MessageBoxButton.OK, MessageBoxImage.Error); } finally { MiCursor = Cursors.Arrow; } }