//[ScriptMethod(ResponseFormat = System.Web.Script.Services.ResponseFormat.Xml, XmlSerializeString = true)]
public Apq.STReturn UserEditLoginPwd(string LoginPwd_C, string LoginPwd)
{
Apq.STReturn stReturn = new Apq.STReturn();
DinnerSession ApqSession = new DinnerSession(Session);
if (!CheckLoginPage.CheckLogin(ref stReturn, ApqSession))
{
return(stReturn);
}
// 检测旧密码
System.Security.Cryptography.SHA512 SHA512 = System.Security.Cryptography.SHA512.Create();
byte[] binLoginPwd_C = SHA512.ComputeHash(System.Text.Encoding.Unicode.GetBytes(LoginPwd_C));
string SqlLoginPwd_C = Apq.Data.SqlClient.Common.ConvertToSqlON(binLoginPwd_C);
string SqlLoginPwd_DB = Apq.Data.SqlClient.Common.ConvertToSqlON(ApqSession.ApqLogin.LoginPwd);
if (SqlLoginPwd_C != SqlLoginPwd_DB)
{
stReturn.NReturn = -1;
stReturn.ExMsg = "原密码输入错误";
return(stReturn);
}
byte[] binLoginPwd = SHA512.ComputeHash(System.Text.Encoding.Unicode.GetBytes(LoginPwd));
DbConnection SqlConn = null;
using (SqlConn = Apq.DBC.Common.CreateDBConnection("Dinner", ref SqlConn))
{
Apq.Data.Common.DbConnectionHelper dbch = new Apq.Data.Common.DbConnectionHelper(SqlConn);
DbCommand sc = SqlConn.CreateCommand();
sc.CommandText = "dbo.Dinner_User_UpdateLoginPwd";
sc.CommandType = CommandType.StoredProcedure;
Apq.Data.Common.DbCommandHelper dch = new Apq.Data.Common.DbCommandHelper(sc);
dch.AddParameter("rtn", 0, DbType.Int32);
dch.AddParameter("ExMsg", stReturn.ExMsg, DbType.String, -1);
dch.AddParameter("LoginID", ApqSession.ApqLogin.LoginID);
dch.AddParameter("LoginPwd", binLoginPwd);
sc.Parameters["rtn"].Direction = ParameterDirection.ReturnValue;
sc.Parameters["ExMsg"].Direction = ParameterDirection.InputOutput;
SqlConn.Open();
sc.ExecuteNonQuery();
stReturn.NReturn = System.Convert.ToInt32(sc.Parameters["rtn"].Value);
stReturn.ExMsg = sc.Parameters["ExMsg"].Value.ToString();
sc.Dispose();
SqlConn.Close();
}
// 更新Session中的密码信息
ApqSession.ApqLogin.LoginPwd = binLoginPwd;
// 返回客户端
stReturn.FNReturn = Apq.Data.SqlClient.Common.ConvertToSqlON(binLoginPwd);
return(stReturn);
}
static void Main(string[] args)
{
Console.Write("Password: "******"{0} ", asciiCode[i]);
//}
System.Security.Cryptography.SHA512 converter = System.Security.Cryptography.SHA512.Create();
//encrypt = 1 way
//encode = 2 ways
Console.WriteLine("Without salt");
string encryptedValue = Convert.ToBase64String(converter.ComputeHash(asciiCode));
Console.WriteLine("Encrypted Value:\n{0}", encryptedValue);
Console.WriteLine("\n\n");
Console.WriteLine("With salt");
asciiCode = Encoding.Unicode.GetBytes(password + "1");
encryptedValue = Convert.ToBase64String(converter.ComputeHash(asciiCode));
Console.WriteLine("Encrypted Value:\n{0}", encryptedValue);
Console.ReadKey();
}
/// <summary>
/// Hash SHA-512 de um Conteúdo em Array de Bytes
/// </summary>
/// <param name="input"></param>
/// <returns>Retorna o Hash em string Hexadecimal</returns>
public static string SHA512(byte[] input)
{
using System.Security.Cryptography.SHA512 hash =
System.Security.Cryptography.SHA512.Create();
return(BitConverter.ToString(hash.ComputeHash(input))
.Replace("-", "").ToLower());
}
/// <summary>
/// Gets the sh a512 hash as hexadecimal string.
/// </summary>
/// <param name="data">The data.</param>
/// <returns></returns>
public static string GetSHA512HashAsHexString(byte[] data)
{
System.Security.Cryptography.SHA512 sha512Implementation = System.Security.Cryptography.SHA512.Create();
var hashData = sha512Implementation.ComputeHash(data);
return(GeneralConverters.ByteArrayToHexString(hashData));
}
public static string GetSHA512(this byte[] input, int offset, int count)
{
using (System.Security.Cryptography.SHA512 sha512 = System.Security.Cryptography.SHA512.Create())
{
return(Convert.ToHexString(sha512.ComputeHash(input, offset, count)).ToLower());
}
}
//[ScriptMethod(ResponseFormat = System.Web.Script.Services.ResponseFormat.Xml)]
public Apq.STReturn Login_LoginName(string LoginName, string LoginPwd)
{
// 先清除已登录数据
Session.Clear();
Apq.STReturn stReturn = new Apq.STReturn();
DinnerSession ApqSession = new DinnerSession(Session);
if (LoginPwd.Length < 1)
{
stReturn.NReturn = -1;
stReturn.ExMsg = "密码不允许为空";
return(stReturn);
}
System.Security.Cryptography.SHA512 SHA512 = System.Security.Cryptography.SHA512.Create();
byte[] binLoginPwd = SHA512.ComputeHash(System.Text.Encoding.Unicode.GetBytes(LoginPwd));
stReturn = DBLogin(LoginName, binLoginPwd);
// Session操作
if (stReturn.NReturn > 0)
{ // 登录成功
DataTable dt = stReturn.FNReturn as DataTable;
Login_Session(ApqSession, dt);
}
return(stReturn);
}
//[ScriptMethod(ResponseFormat = System.Web.Script.Services.ResponseFormat.Xml)]
public STReturn Login_UserName(string UserName, string LoginPwd)
{
// 先清除已登录数据
Session.Clear();
STReturn stReturn = new STReturn();
Apq.Web.SessionState.HttpSessionState ApqSession = new Apq.Web.SessionState.HttpSessionState(Session);
if (LoginPwd.Length < 1)
{
stReturn.NReturn = -1;
stReturn.ExMsg = "密码不允许为空";
return(stReturn);
}
System.Security.Cryptography.SHA512 SHA512 = System.Security.Cryptography.SHA512.Create();
byte[] binLoginPwd = SHA512.ComputeHash(System.Text.Encoding.Unicode.GetBytes(LoginPwd));
stReturn = DBLogin(UserName, binLoginPwd);
// Session操作
if (stReturn.NReturn > 0)
{
ApqSession.User = stReturn.FNReturn as DataTable;
}
ApqSession.LoginTime = DateTime.Now;
return(stReturn);
}
public async override Task <byte[]> HashAsync(string value)
{
using (System.Security.Cryptography.SHA512 hasher = System.Security.Cryptography.SHA512.Create()) {
// await is necessary here to avoid disposing of the hasher object
// ReSharper disable once AccessToDisposedClosure
return(await Task.Run(() => hasher.ComputeHash(Encoding.UTF8.GetBytes(value))).ConfigureAwait(false));
}
}
public string HashPassword(string password)
{
if (String.IsNullOrEmpty(password))
{
throw new ArgumentNullException("password");
}
// Keep your Password Salt in User/Environment specific config settings!
string Salt = AppConfig.GetValue("PasswordSalt");
System.Security.Cryptography.SHA512 hasher = System.Security.Cryptography.SHA512.Create();
byte[] pwdHashed = hasher.ComputeHash(
hasher.ComputeHash(
hasher.ComputeHash(Encoding.UTF8.GetBytes(Salt + password))));
return(pwdHashed.ToHexString());
}
public BaoMat(string plaintext)
{
ptext = plaintext;
shaM = new System.Security.Cryptography.SHA512Managed();
byte[] input = Encoding.UTF8.GetBytes(ptext);
byte[] result = shaM.ComputeHash(input);
ctext = System.Convert.ToBase64String(result);
}
public static string GetCrypt(string text)
{
string hash = "";
System.Security.Cryptography.SHA512 alg = System.Security.Cryptography.SHA512.Create();
byte[] result = alg.ComputeHash(Encoding.UTF8.GetBytes(text));
hash = Encoding.UTF8.GetString(result);
return(hash);
}
public static string Sha512(string s)
{
byte[] bytes = System.Text.Encoding.ASCII.GetBytes(s);
System.Security.Cryptography.SHA512 sha = System.Security.Cryptography.SHA512.Create();
byte[] hash = sha.ComputeHash(bytes);
string result = System.Text.Encoding.ASCII.GetString(hash);
return(result);
}
/// <summary>
/// Get the hash for the SHA-512 algorithim.
/// </summary>
/// <param name="data">
/// </param>
/// <returns>
/// </returns>
public byte[] GetHash(byte[] data)
{
byte[] hash = null;
using (System.Security.Cryptography.SHA512 crypto = System.Security.Cryptography.SHA512.Create())
{
hash = crypto.ComputeHash(data);
}
return(hash);
}
public override string ComputeHashFromFile(string filePath)
{
try
{
System.Security.Cryptography.SHA512 sha512 = System.Security.Cryptography.SHA512.Create();
FileStream fs = File.OpenRead(filePath);
byte[] outputBytes = sha512.ComputeHash(fs);
return(BitConverter.ToString(outputBytes).Replace("-", "").ToLower());
}
catch (Exception e)
{
return("\nERROR: " + e.Message);
}
}
public string Generate(string text)
{
using (System.Security.Cryptography.SHA512 sha512 = System.Security.Cryptography.SHA512.Create())
{
byte[] hashBytes = sha512.ComputeHash(Encoding.ASCII.GetBytes(text));
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hashBytes.Length; i++)
{
sb.Append(hashBytes[i].ToString("X2"));
}
return(sb.ToString());
}
}
public override string ComputeHashFromText(string text)
{
try
{
System.Security.Cryptography.SHA512 sha512 = System.Security.Cryptography.SHA512.Create();
byte[] inputBytes = Encoding.UTF8.GetBytes(text);
byte[] outputBytes = sha512.ComputeHash(inputBytes);
return(BitConverter.ToString(outputBytes).Replace("-", "").ToLower());
}
catch (Exception e)
{
return("\nERROR: " + e.Message);
}
}
public static string SHA512(string toHash)
{
// Use input string to calculate MD5 hash
using (System.Security.Cryptography.SHA512 sha512 = System.Security.Cryptography.SHA512.Create())
{
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(toHash);
byte[] hashBytes = sha512.ComputeHash(inputBytes);
// Convert the byte array to hexadecimal string
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hashBytes.Length; i++)
{
sb.Append(hashBytes[i].ToString("X2"));
}
return(sb.ToString());
}
}
void GetBits()
{
if (getsalt != null)
{
getsalt(salt_data);
}
int total_bytes;
if (entropy != null)
{
total_bytes = entropy.Length;
}
else
{
total_bytes = 0;
}
foreach (byte[] data in salt_data.salt_data)
{
total_bytes += data.Length;
}
if (total_bytes > 0)
{
byte[] inbuf = new byte[total_bytes];
if (entropy != null)
{
total_bytes = entropy.Length;
System.Array.Copy(entropy, 0, inbuf, 0, entropy.Length);
}
else
{
total_bytes = 0;
}
foreach (byte[] data in salt_data.salt_data)
{
System.Array.Copy(data, 0, inbuf, total_bytes, data.Length);
}
entropy = bits.ComputeHash(inbuf);
bits_used = 0;
bits_avail = entropy.Length * 8;
}
}
/// <summary>
/// Codifica una cadena (texto plano) usando el algoritmo SHA512.
/// </summary>
/// <see cref="http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha512.aspx"/>
/// <param name="plain">La cadena, en texto plano, que se desea codificar.</param>
/// <returns>Retorna un valor de tipo String del valor codificado en formato hexadecimal.</returns>
static string GetCryptedString(string plain)
{
string result = string.Empty;
try
{
plain = plain.Trim();
using (System.Security.Cryptography.SHA512 sha512 = System.Security.Cryptography.SHA512.Create())
{
byte[] data = sha512.ComputeHash(Encoding.UTF8.GetBytes(plain));
for (int i = 0; i < data.Length; i++)
{
result += data[i].ToString("x2");
}
}
}
catch { result = string.Empty; }
return(result);
}
public byte[] ComputeHash(Stream inputStream)
{
System.Security.Cryptography.SHA512 sha512Implementation = System.Security.Cryptography.SHA512.Create();
return(sha512Implementation.ComputeHash(inputStream));
}
//[ScriptMethod(ResponseFormat = System.Web.Script.Services.ResponseFormat.Xml, XmlSerializeString = true)]
public Apq.STReturn Dinner_RegEmployee(string EmName, string LoginName, string LoginPwd)
{
Apq.STReturn stReturn = new Apq.STReturn();
if (EmName.Length < 1)
{
stReturn.NReturn = -1;
stReturn.ExMsg = "姓名不允许为空";
return(stReturn);
}
if (LoginName.Length < 1)
{
stReturn.NReturn = -1;
stReturn.ExMsg = "登录不允许为空";
return(stReturn);
}
if (LoginPwd.Length < 1)
{
stReturn.NReturn = -1;
stReturn.ExMsg = "密码不允许为空";
return(stReturn);
}
System.Security.Cryptography.SHA512 SHA512 = System.Security.Cryptography.SHA512.Create();
byte[] binLoginPwd = SHA512.ComputeHash(System.Text.Encoding.Unicode.GetBytes(LoginPwd));
string SqlLoginPwd = Apq.Data.SqlClient.Common.ConvertToSqlON(binLoginPwd);
DbConnection SqlConn = null;
using (SqlConn = Apq.DBC.Common.CreateDBConnection("Dinner", ref SqlConn))
{
Apq.Data.Common.DbConnectionHelper dbch = new Apq.Data.Common.DbConnectionHelper(SqlConn);
DbCommand sc = SqlConn.CreateCommand();
sc.CommandText = "dbo.Dinner_RegEmployee";
sc.CommandType = CommandType.StoredProcedure;
Apq.Data.Common.DbCommandHelper dch = new Apq.Data.Common.DbCommandHelper(sc);
dch.AddParameter("rtn", 0, DbType.Int32);
dch.AddParameter("ExMsg", stReturn.ExMsg, DbType.String, -1);
//IPAddress ipa;
//if (IPAddress.TryParse(HttpContext.Current.Request.UserHostAddress, out ipa))
//{
// dch.AddParameter("RegIP", ipa.GetAddressBytes());
//}
dch.AddParameter("EmName", EmName);
dch.AddParameter("LoginName", LoginName);
dch.AddParameter("LoginPwd", binLoginPwd);
//dch.AddParameter("Sex", Sex);
//dch.AddParameter("PhotoUrl", PhotoUrl);
//dch.AddParameter("Birthday", Birthday.ToString("yyyy-MM-dd HH:mm:ss.fff"));
//dch.AddParameter("Alipay", Alipay);
//dch.AddParameter("IntroUserID", IntroUserID);
//dch.AddParameter("UserType", UserType);
//dch.AddParameter("Expire", DateTime.Now.AddYears(10).ToString("yyyy-MM-dd HH:mm:ss.fff"));
//dch.AddParameter("IDCard", IDCard);
//dch.AddParameter("IDCard_Name", IDCard_Name);
//dch.AddParameter("IDCard_Sex", IDCard_Sex);
//dch.AddParameter("IDCard_PhotoUrl", IDCard_PhotoUrl);
dch.AddParameter("EmID", 0, DbType.Int64);
dch.AddParameter("LoginID", 0, DbType.Int64);
sc.Parameters["rtn"].Direction = ParameterDirection.ReturnValue;
sc.Parameters["ExMsg"].Direction = ParameterDirection.InputOutput;
sc.Parameters["EmID"].Direction = ParameterDirection.InputOutput;
sc.Parameters["LoginID"].Direction = ParameterDirection.InputOutput;
SqlConn.Open();
sc.ExecuteNonQuery();
stReturn.NReturn = System.Convert.ToInt32(sc.Parameters["rtn"].Value);
stReturn.ExMsg = sc.Parameters["ExMsg"].Value.ToString();
stReturn.POuts.Add(sc.Parameters["EmID"].Value);
stReturn.POuts.Add(sc.Parameters["LoginID"].Value);
stReturn.POuts.Add(LoginName);
stReturn.POuts.Add(SqlLoginPwd);
sc.Dispose();
SqlConn.Close();
}
return(stReturn);
}
public static bool Login(string username, string password)
{
bool isOk = false;
byte[] saltBytes;
System.Security.Cryptography.HMAC hmac;
try
{
using (AuthorizeEntities ctx = new AuthorizeEntities())
{
var acc = ctx.Accounts.Where(x => x.Uname == username).FirstOrDefault();
if (acc != null)
{
switch (acc.HashTypeId)
{
case (int)Enums.HMAC.MD5:
using (System.Security.Cryptography.MD5 hasher = System.Security.Cryptography.MD5.Create())
{
isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password))));
}
break;
case (int)Enums.HMAC.RIPEMD160:
using (System.Security.Cryptography.RIPEMD160 hasher = System.Security.Cryptography.RIPEMD160.Create())
{
isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password))));
}
break;
case (int)Enums.HMAC.SHA1:
using (System.Security.Cryptography.SHA1 hasher = System.Security.Cryptography.SHA1.Create())
{
isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password))));
}
break;
case (int)Enums.HMAC.SHA256:
using (System.Security.Cryptography.SHA256 hasher = System.Security.Cryptography.SHA256.Create())
{
isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password))));
}
break;
case (int)Enums.HMAC.SHA384:
using (System.Security.Cryptography.SHA384 hasher = System.Security.Cryptography.SHA384.Create())
{
isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password))));
}
break;
case (int)Enums.HMAC.SHA512:
using (System.Security.Cryptography.SHA512 hasher = System.Security.Cryptography.SHA512.Create())
{
isOk = acc.PasswordHashBase64.Equals(Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(password))));
}
break;
case (int)Enums.HMAC.HMACMD5:
saltBytes = Convert.FromBase64String(acc.HashSaltBase64);
hmac = new System.Security.Cryptography.HMACMD5(saltBytes);
isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64);
break;
case (int)Enums.HMAC.HMACRIPEMD160:
saltBytes = Convert.FromBase64String(acc.HashSaltBase64);
hmac = new System.Security.Cryptography.HMACRIPEMD160(saltBytes);
isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64);
break;
case (int)Enums.HMAC.HMACSHA1:
saltBytes = Convert.FromBase64String(acc.HashSaltBase64);
hmac = new System.Security.Cryptography.HMACSHA1(saltBytes);
isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64);
break;
case (int)Enums.HMAC.HMACSHA256:
saltBytes = Convert.FromBase64String(acc.HashSaltBase64);
hmac = new System.Security.Cryptography.HMACSHA256(saltBytes);
isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64);
break;
case (int)Enums.HMAC.HMACSHA384:
saltBytes = Convert.FromBase64String(acc.HashSaltBase64);
hmac = new System.Security.Cryptography.HMACSHA384(saltBytes);
isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64);
break;
case (int)Enums.HMAC.HMACSHA512:
saltBytes = Convert.FromBase64String(acc.HashSaltBase64);
hmac = new System.Security.Cryptography.HMACSHA512(saltBytes);
isOk = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(password))).Equals(acc.PasswordHashBase64);
break;
default:
throw new NotImplementedException("Unspecified hash type.");
}
}
}
}
catch (Exception ex)
{
Log4netLogger.Error(MethodBase.GetCurrentMethod().DeclaringType, "Cannot login", ex);
isOk = false;
}
return(isOk);
}
/// <summary>
/// Register an account. Returns true if succeed, otherwise return false and write logs.
/// </summary>
/// <param name="username"></param>
/// <param name="rawPassword"></param>
/// <param name="hashType"></param>
/// <returns></returns>
public static bool RegisterUser(string username, string rawPassword, int hashType)
{
try
{
string hashSaltBase64 = null;
string passwordHashBase64 = null;
byte[] saltBytes;
System.Security.Cryptography.HMAC hmac;
switch (hashType)
{
case (int)Enums.HMAC.MD5:
hashSaltBase64 = null;
using (System.Security.Cryptography.MD5 hasher = System.Security.Cryptography.MD5.Create())
{
passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
}
break;
case (int)Enums.HMAC.RIPEMD160:
hashSaltBase64 = null;
using (System.Security.Cryptography.RIPEMD160 hasher = System.Security.Cryptography.RIPEMD160.Create())
{
passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
}
break;
case (int)Enums.HMAC.SHA1:
hashSaltBase64 = null;
using (System.Security.Cryptography.SHA1 hasher = System.Security.Cryptography.SHA1.Create())
{
passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
}
break;
case (int)Enums.HMAC.SHA256:
hashSaltBase64 = null;
using (System.Security.Cryptography.SHA256 hasher = System.Security.Cryptography.SHA256.Create())
{
passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
}
break;
case (int)Enums.HMAC.SHA384:
hashSaltBase64 = null;
using (System.Security.Cryptography.SHA384 hasher = System.Security.Cryptography.SHA384.Create())
{
passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
}
break;
case (int)Enums.HMAC.SHA512:
hashSaltBase64 = null;
using (System.Security.Cryptography.SHA512 hasher = System.Security.Cryptography.SHA512.Create())
{
passwordHashBase64 = Convert.ToBase64String(hasher.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
}
break;
case (int)Enums.HMAC.HMACMD5:
saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt];
new Random().NextBytes(saltBytes);
hashSaltBase64 = Convert.ToBase64String(saltBytes);
hmac = new System.Security.Cryptography.HMACMD5(saltBytes);
passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
break;
case (int)Enums.HMAC.HMACRIPEMD160:
saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt];
new Random().NextBytes(saltBytes);
hashSaltBase64 = Convert.ToBase64String(saltBytes);
hmac = new System.Security.Cryptography.HMACRIPEMD160(saltBytes);
passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
break;
case (int)Enums.HMAC.HMACSHA1:
saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt];
new Random().NextBytes(saltBytes);
hashSaltBase64 = Convert.ToBase64String(saltBytes);
hmac = new System.Security.Cryptography.HMACSHA1(saltBytes);
passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
break;
case (int)Enums.HMAC.HMACSHA256:
saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt];
new Random().NextBytes(saltBytes);
hashSaltBase64 = Convert.ToBase64String(saltBytes);
hmac = new System.Security.Cryptography.HMACSHA256(saltBytes);
passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
break;
case (int)Enums.HMAC.HMACSHA384:
saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt];
new Random().NextBytes(saltBytes);
hashSaltBase64 = Convert.ToBase64String(saltBytes);
hmac = new System.Security.Cryptography.HMACSHA384(saltBytes);
passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
break;
case (int)Enums.HMAC.HMACSHA512:
saltBytes = new byte[Settings.InitSetting.Instance.MaxNumberOfBytesInSalt];
new Random().NextBytes(saltBytes);
hashSaltBase64 = Convert.ToBase64String(saltBytes);
hmac = new System.Security.Cryptography.HMACSHA512(saltBytes);
passwordHashBase64 = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(rawPassword)));
break;
default:
throw new NotImplementedException("Unspecified hash type.");
}
var acc = new Account()
{
Uname = username,
HashSaltBase64 = hashSaltBase64,
HashTypeId = hashType,
PasswordHashBase64 = passwordHashBase64,
IsTwoFactor = false,
TwoFactorSecretBase32 = null
};
using (AuthorizeEntities ctx = new AuthorizeEntities())
{
ctx.Accounts.Add(acc);
ctx.SaveChanges();
}
}
catch (Exception ex)
{
Log4netLogger.Error(MethodBase.GetCurrentMethod().DeclaringType, "Cannot register user", ex);
return(false);
}
return(true);
}
/// <summary>
/// Gets the sh a512 hash as byte array.
/// </summary>
/// <param name="data">The data.</param>
/// <returns></returns>
public static byte[] GetSHA512HashAsByteArray(byte[] data)
{
System.Security.Cryptography.SHA512 sha512Implementation = System.Security.Cryptography.SHA512.Create();
return(sha512Implementation.ComputeHash(data));
}
private static byte[] ComputeSingleSha(byte[] data)
{
using System.Security.Cryptography.SHA512 sysSha = System.Security.Cryptography.SHA512.Create();
return(sysSha.ComputeHash(data));
}
//[ScriptMethod(ResponseFormat = System.Web.Script.Services.ResponseFormat.Xml, XmlSerializeString = true)]
public Apq.STReturn UserEditLoginPwd(string LoginPwd_C, string LoginPwd)
{
Apq.STReturn stReturn = new Apq.STReturn();
Apq.Web.SessionState.HttpSessionState ApqSession = new Apq.Web.SessionState.HttpSessionState(Session);
if (!CheckLoginPage.CheckLogin(ref stReturn, ApqSession))
{
return(stReturn);
}
// 检测旧密码
System.Security.Cryptography.SHA512 SHA512 = System.Security.Cryptography.SHA512.Create();
byte[] binLoginPwd_C = SHA512.ComputeHash(System.Text.Encoding.Unicode.GetBytes(LoginPwd_C));
string SqlLoginPwd_C = Apq.Data.SqlClient.Common.ConvertToSqlON(binLoginPwd_C);
string SqlLoginPwd_DB = Apq.Data.SqlClient.Common.ConvertToSqlON(ApqSession.User.Rows[0]["LoginPwd"]);
if (SqlLoginPwd_C != SqlLoginPwd_DB)
{
stReturn.NReturn = -1;
stReturn.ExMsg = "原密码输入错误";
return(stReturn);
}
byte[] binLoginPwd = SHA512.ComputeHash(System.Text.Encoding.Unicode.GetBytes(LoginPwd));
using (SqlConnection SqlConn = new SqlConnection(Apq.DB.Common.GetSqlConnectionString("SqlConnectionString2")))
{
SqlCommand sc = new SqlCommand("dtxc.dtxc_User_UpdateLoginPwd", SqlConn);
sc.CommandType = CommandType.StoredProcedure;
Apq.Data.Common.DbCommandHelper dch = new Apq.Data.Common.DbCommandHelper(sc);
dch.AddParameter("rtn", 0, DbType.Int32);
dch.AddParameter("ExMsg", stReturn.ExMsg, DbType.String, -1);
dch.AddParameter("_OperID", ApqSession.UserID);
dch.AddParameter("_OpTime", DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss.fff"));
IPAddress ipa;
if (IPAddress.TryParse(HttpContext.Current.Request.UserHostAddress, out ipa))
{
dch.AddParameter("_OperIP", ipa.GetAddressBytes());
}
dch.AddParameter("UserID", ApqSession.UserID);
dch.AddParameter("LoginPwd", binLoginPwd);
sc.Parameters["rtn"].Direction = ParameterDirection.ReturnValue;
sc.Parameters["ExMsg"].Direction = ParameterDirection.InputOutput;
SqlConn.Open();
sc.ExecuteNonQuery();
stReturn.NReturn = System.Convert.ToInt32(sc.Parameters["rtn"].Value);
stReturn.ExMsg = sc.Parameters["ExMsg"].Value.ToString();
sc.Dispose();
SqlConn.Close();
}
// 更新Session中的密码信息
ApqSession.User.Rows[0]["LoginPwd"] = binLoginPwd;
// 返回客户端
stReturn.FNReturn = Apq.Data.SqlClient.Common.ConvertToSqlON(binLoginPwd);
return(stReturn);
}
//[ScriptMethod(ResponseFormat = System.Web.Script.Services.ResponseFormat.Xml, XmlSerializeString = true)]
public STReturn dtxc_Reg_UserName(string Name, string UserName, string LoginPwd, short Sex, string PhotoUrl, long IntroUserID, string Alipay, int UserType
, DateTime Birthday, string IDCard, string IDCard_Name, short IDCard_Sex, string IDCard_PhotoUrl)
{
STReturn stReturn = new STReturn();
if (LoginPwd.Length < 1)
{
stReturn.NReturn = -1;
stReturn.ExMsg = "密码不允许为空";
return(stReturn);
}
System.Security.Cryptography.SHA512 SHA512 = System.Security.Cryptography.SHA512.Create();
byte[] binLoginPwd = SHA512.ComputeHash(System.Text.Encoding.Unicode.GetBytes(LoginPwd));
using (SqlConnection SqlConn = new SqlConnection(Apq.DB.Common.GetSqlConnectionString("SqlConnectionString2")))
{
SqlCommand sc = new SqlCommand("dtxc.dtxc_Reg_UserName", SqlConn);
sc.CommandType = CommandType.StoredProcedure;
Apq.Data.Common.DbCommandHelper dch = new Apq.Data.Common.DbCommandHelper(sc);
dch.AddParameter("rtn", 0, DbType.Int32);
dch.AddParameter("ExMsg", stReturn.ExMsg, DbType.String, -1);
IPAddress ipa;
if (IPAddress.TryParse(HttpContext.Current.Request.UserHostAddress, out ipa))
{
dch.AddParameter("RegIP", ipa.GetAddressBytes());
}
dch.AddParameter("Name", Name);
dch.AddParameter("UserName", UserName);
dch.AddParameter("LoginPwd", binLoginPwd);
dch.AddParameter("Sex", Sex);
dch.AddParameter("PhotoUrl", PhotoUrl);
dch.AddParameter("Birthday", Birthday.ToString("yyyy-MM-dd HH:mm:ss.fff"));
dch.AddParameter("Alipay", Alipay);
dch.AddParameter("IntroUserID", IntroUserID);
dch.AddParameter("UserType", UserType);
dch.AddParameter("Expire", DateTime.Now.AddYears(10).ToString("yyyy-MM-dd HH:mm:ss.fff"));
dch.AddParameter("IDCard", IDCard);
dch.AddParameter("IDCard_Name", IDCard_Name);
dch.AddParameter("IDCard_Sex", IDCard_Sex);
dch.AddParameter("IDCard_PhotoUrl", IDCard_PhotoUrl);
dch.AddParameter("UserID", 0, DbType.Int64);
sc.Parameters["rtn"].Direction = ParameterDirection.ReturnValue;
sc.Parameters["ExMsg"].Direction = ParameterDirection.InputOutput;
sc.Parameters["UserID"].Direction = ParameterDirection.InputOutput;
SqlConn.Open();
sc.ExecuteNonQuery();
stReturn.NReturn = System.Convert.ToInt32(sc.Parameters["rtn"].Value);
stReturn.ExMsg = sc.Parameters["ExMsg"].Value.ToString();
stReturn.POuts = new object[] {
sc.Parameters["UserID"].Value
};
sc.Dispose();
SqlConn.Close();
}
return(stReturn);
}