private object OnDeletePassword(object message) { var packet = ( DeletePasswordMessage )message; var ret = new OperationResult(); if (!this.CheckSession(packet.SessionKey)) { ret.Value = false; return(ret); } PasswordManager passwordManager = new PasswordManager(); string password = HashManager.Sha256(packet.Password); bool result = passwordManager.CheckPassword(password); if (result) { result = passwordManager.DeletePassword(password); this.DeleteSession(packet.SessionKey); } ret.Value = result; return(ret); }
public void CheckPassword_PasswordHasNotBeenGenerated_Test() { var userId = "user1"; var passwordRepository = new Mock<IRepository<Password>>(); var passwordGenerator = new PasswordManager(passwordRepository.Object); var isPasswordCorrect = passwordGenerator.CheckPassword(userId, "monkey"); Assert.IsFalse(isPasswordCorrect); }
/// <summary> /// Internal method to validate the credentials included in the request, /// returning an IPrincipal for the resulting authenticated entity. /// </summary> private async Task <IPrincipal> ValidateCredentialsAsync(string credentials, CancellationToken cancellationToken) { // TODO: your credential validation logic here, hopefully async!! // crack open the basic auth credentials var subject = ParseBasicAuthCredential(credentials); PasswordManager passwordManager = new PasswordManager(); User user = await passwordManager.CheckPassword(subject.Item1, subject.Item2); // in your system you would probably do an async database lookup... //if (String.IsNullOrEmpty(subject.Item2) || subject.Item2 != "abc123") // return null; if (user == null) { return(null); } // TODO: Create an IPrincipal (generic or custom), holding an IIdentity (generic or custom) // Note a very useful IPrincipal/IIdentity is ClaimsPrincipal/ClaimsIdentity if // you need both subject identifier (ex. user name), plus a set of attributes (claims) // about the subject. IList <Claim> claimCollection = new List <Claim> { new Claim("Id", user.UserId.ToString()), new Claim(type: "UserName", user.UserName), new Claim(type: ClaimTypes.Role, user.Role), new Claim(type: "Email", user.Email), new Claim(type: "PhoneNumber", user.PhoneNumber), new Claim(type: "FullAddress", user.FullAddress), // you can add other standard or custom claims here based on your username/password lookup... new Claim(type: ClaimTypes.AuthenticationInstant, DateTime.UtcNow.ToString("o")), new Claim(type: "FullName", user.FullAddress), new Claim(type: "Issuer", "Ashish Khatiwada"), new Claim(type: "Audience", user.UserName), new Claim(type: "PublicToken", user.PublicToken), new Claim(type: "PrivateToken", user.PrivateToken), new Claim(type: "PasswordSalt", user.PasswordSalt), new Claim(type: "PasswordHash", user.PasswordHash) // etc. }; // we'll include the specific token scheme as "authentication type" that was successful // in authenticating the user so downstream code can verify it was a token type // sufficient for the activity the code is attempting. var identity = new ClaimsIdentity(claimCollection, SupportedTokenScheme); var principal = new ClaimsPrincipal(identity); return(await Task.FromResult(principal)); }
public void CheckPassword_WrongPassword_Test() { var userId = "user1"; var password = "******"; var passwordHash = String.Concat(password, HardcodedSalt).GetHashCode().ToString(); var passwordFromRepo = new Password() { UserId = userId, ExpiryTime = DateTime.UtcNow.AddSeconds(30), PasswordHash = passwordHash, PasswordSalt = HardcodedSalt }; var passwordRepository = new Mock<IRepository<Password>>(); passwordRepository.Setup(u => u.Load(userId)).Returns(passwordFromRepo); var passwordGenerator = new PasswordManager(passwordRepository.Object); var isPasswordCorrect = passwordGenerator.CheckPassword(userId, "chicken"); Assert.IsFalse(isPasswordCorrect); }
private object OnCreateAuthSessionKey(object message) { var packet = ( CreateAuthSessionKeyMessage )message; var ret = new CreateAuthSessionKeyResult(); PasswordManager passwordManager = new PasswordManager(); string password = HashManager.Sha256(packet.Password); bool result = passwordManager.CheckPassword(password); ret.SessionKey = Guid.NewGuid().ToString(); this.sessions.Add(ret.SessionKey); ret.Value = result; return(ret); }
private object OnChangePassword(object message) { var packet = ( ChangePasswordMessage )message; var ret = new OperationResult(); if (!this.CheckSession(packet.SessionKey)) { ret.Value = false; return(ret); } if (!this.IsPasswordCorrect(packet.OldPassword)) { ret.Value = false; return(ret); } if (!this.IsPasswordCorrect(packet.NewPassword)) { ret.Value = false; return(ret); } PasswordManager passwordManager = new PasswordManager(); string oldPassword = HashManager.Sha256(packet.OldPassword); bool result = passwordManager.CheckPassword(oldPassword); if (result) { string newPassword = HashManager.Sha256(packet.NewPassword); result = passwordManager.ChangePassword(oldPassword, newPassword); } ret.Value = result; return(ret); }
internal bool UpdateUserPassword(string loginname, string oldPassword, string newPassword, CommonParam commonParam) { bool result = false; try { if (String.IsNullOrWhiteSpace(loginname)) { throw new ArgumentNullException("loginname"); } if (String.IsNullOrWhiteSpace(oldPassword)) { throw new ArgumentNullException("oldPassword"); } if (String.IsNullOrWhiteSpace(newPassword)) { throw new ArgumentNullException("newPassword"); } if (oldPassword.Length < Constant.MIN_LENGTH_PASSWORD) { MessageUtil.SetMessage(commonParam, LibraryMessage.Message.Enum.Common__MatKhauKhongDuocNhoHon6KyTu); throw new Exception("Mat khau khong duoc nho hon 6 ky tu"); } PasswordManager passwordManager = new PasswordManager(); AasUser.AasUserUpdate aasUserUpdate = new AasUser.AasUserUpdate(commonParam); User user = new UserManagerGet().GetByLoginname(loginname); if (user == null) { MessageUtil.SetMessage(commonParam, LibraryMessage.Message.Enum.Common_TaiKhoanKhongChinhXac); throw new Exception("Loginname invalid: " + loginname); } if (!passwordManager.CheckPassword(user.Password, oldPassword, user.Salt, loginname)) { MessageUtil.SetMessage(commonParam, LibraryMessage.Message.Enum.Common_TaiKhoanHoacMatKhauKhongChinhXac); throw new Exception("Tai khoan hoac mat khau khong chinh xac"); } string newHashPassword = passwordManager.HashPassword(newPassword, user.Salt, loginname); Mapper.CreateMap <User, User>(); User before = Mapper.Map <User>(user); user.Password = newHashPassword; if (!aasUserUpdate.Update(user, before)) { throw new Exception("Update mat khau cho tai khoan that bai"); } result = true; user.Password = ""; } catch (ArgumentNullException ex) { BugUtil.SetBugCode(commonParam, LibraryBug.Bug.Enum.Common__ThieuThongTinBatBuoc); DungLH.Util.CommonLogging.LogSystem.Error(ex); result = false; } catch (Exception ex) { DungLH.Util.CommonLogging.LogSystem.Error(ex); result = false; } return(result); }