public async Task <Guid> AuthenticateUser(AuthModel authModel) { try { var users = await _context.Users.ToArrayAsync(); var user = users.Single(u => u.Username == authModel.Username); if (!PasswordTool.ValidatePassword(authModel.Password, user.Password)) { throw new HttpStatusCodeException(StatusCodes.Status401Unauthorized, "Invalid password"); } return(user.Id); } catch (HttpStatusCodeException) { throw; } catch (ArgumentNullException) { throw new HttpStatusCodeException(StatusCodes.Status401Unauthorized, "User not found"); } catch (InvalidOperationException) { throw new HttpStatusCodeException(StatusCodes.Status401Unauthorized, "User not found"); } catch (Exception e) { throw new HttpStatusCodeException(StatusCodes.Status500InternalServerError, e.Message); } }
public async Task <User> CreateUser(User user) { try { user.Id = Guid.NewGuid().ToString("D"); user.Password = PasswordTool.HashPassword(user.Password); await _context.Users.AddAsync(user); await _context.SaveChangesAsync(); user.Password = null; return(user); } catch (DbUpdateException e) { if (e.InnerException != null && e.InnerException.Message.Contains("uplicate")) { throw new HttpStatusCodeException(StatusCodes.Status409Conflict, e.InnerException.Message); } throw new HttpStatusCodeException(StatusCodes.Status400BadRequest, e.Message); } catch (Exception e) { throw new HttpStatusCodeException(StatusCodes.Status500InternalServerError, e.Message); } }
static void Main(string[] args) { PasswordTool.SetHashToolPath("d:\\OpenLDAP\\slappasswd.exe"); var input = "123456"; var result = PasswordTool.HashPasswrod(input, "sha512"); Console.WriteLine(result); Console.ReadKey(); }
private async Task <bool> TryAuthenticate() { //Read form LoginForm data = new LoginForm(); await form.ProcessResponse(data, e); //Authenticate Framework.Config.DeltaAdminAccount authenticatedUser = null; foreach (var u in Program.cfg.admin_credentials) { if (u.username == data.username) { //Check password bool ok = PasswordTool.AuthenticateHashedPassword(data.password, Convert.FromBase64String(u.passwordHash), Convert.FromBase64String(u.passwordSalt)); if (ok) { authenticatedUser = u; } } } //Check if passed if (authenticatedUser != null) { //Correct creds! Create a session AdminSession session = new AdminSession { expiry = DateTime.UtcNow.AddMinutes(Program.cfg.general.admin_session_expire_time), token = SecureStringTool.GenerateSecureString(24), username = authenticatedUser.username }; //Set session cookie e.Response.Cookies.Append(ACCESS_TOKEN_COOKIE, session.token); //Add to sessions Program.admin_sessions.Add(session); //Redirect back string returnTo = "/"; if (e.Request.Query.ContainsKey("return")) { returnTo = e.Request.Query["return"]; } Redirect(returnTo, false); return(true); } else { //Failed return(false); } }
private void CmdSuperuserAdd() { //Ensure session if (!EnsureSessionExists()) { return; } //Prompt username + password string username = CLITools.PromptFormTextInput("Add Superuser - Username", "Superusers have full access to the admin control panel. Type the username."); string password = CLITools.PromptFormTextInput("Add Superuser - Password", "Type the password to the account. This will be salted+hashed and stored locally."); //Make sure we don't already have a user with this foreach (var u in cfg.admin_credentials) { if (u.username == username) { CLITools.PrintText("ERROR: A user already exists with that username.", ConsoleColor.Red); return; } } //Generate CLITools.PrintText("Generating..."); byte[] hash = PasswordTool.HashPassword(password, out byte[] salt); //Add cfg.admin_credentials.Add(new DeltaAdminAccount { username = username, passwordSalt = Convert.ToBase64String(salt), passwordHash = Convert.ToBase64String(hash), addedAt = DateTime.UtcNow }); unsaved = true; //Ack CLITools.PrintText($"Added user \"{username}\"!", ConsoleColor.Green); }
private string GeneratePassword() { var generatedPassword = PasswordTool.Generate(PasswordConfiguration.LengthOfPassword, PasswordConfiguration.NumberOfNonAlphanumericCharacters); return(generatedPassword); }