public static bool ControlToPasswordIsUsed(VeriBranchDataEntities entities, string password, long userID, short channelID) { short usedPasswordControl = ConfigurationParametersPresenter.GetParameter(ConfigurationParameterKeys.UsedPasswordControlType).ToShort(0); UsedPasswordControlTypeEnum passwordControlType = (UsedPasswordControlTypeEnum)usedPasswordControl; int usedPasswordControlValue = ConfigurationParametersPresenter.GetParameter(ConfigurationParameterKeys.UsedPasswordControlValue).ToInteger(); if (usedPasswordControlValue != 0 && passwordControlType != UsedPasswordControlTypeEnum.Undefined) { List <string> passwordHistory = new List <string>(); if (passwordControlType == UsedPasswordControlTypeEnum.Day) { DateTime oldPinControlDate = DateTime.Now.AddDays(-1 * usedPasswordControlValue); passwordHistory = entities.VpPasswordHistory.Where (q => q.UserID == userID && q.ChannelID == channelID && q.CreateDate > oldPinControlDate ).OrderByDescending(q => q.CreateDate).Select(q => q.Password).ToList(); } else { int usedControlCount = usedPasswordControlValue; passwordHistory = (entities.VpPasswordHistory.Where (q => q.UserID == userID && q.ChannelID == channelID).OrderByDescending(q => q.CreateDate).Select(q => q.Password).ToList().Take(usedControlCount).ToList()); } if (passwordHistory != null && passwordHistory.Count > 0) { return(passwordHistory.Contains(password)); } } return(false); }
private static string EncryptPassword(string password) { string k = Convert.ToString(ConfigurationParametersPresenter.GetParameter("RSA.PublicKey.Modulus")); //int e = Convert.ToInt32(ConfigurationParametersPresenter.GetParameter("RSA.PublicKey.Exponent")); return(Encryption.EncryptString(password, k)); }
public static bool VerifyUserIdPassword(string customerId, string password, TransactionHeader transactionHeader) { bool authenticationSuccess = false; //password = EncryptPassword(password); transactionHeader.Session.InitialSessionid = "SoftToken"; if (transactionHeader.Customer == null) { transactionHeader.Customer = new Customer(); } transactionHeader.Customer.CustomerType = CustomerTypeEnum.Retail; AuthenticationContext context = new AuthenticationContext(transactionHeader, AuthenticationFlowItemTypeEnum.FirstLevel, string.Empty); context.SetUserDetail(0, "", "", "", customerId); bool isPasswordEncryptionEnabled = Convert.ToBoolean(ConfigurationParametersPresenter.GetParameter("RSA.PasswordEncryptionEnabled")); //string password = (string)request.Password; // if encryption is enabled, decrypt the pin if (isPasswordEncryptionEnabled) { // these must be replaced by fetching certificate from store string privateKey = Convert.ToString(ConfigurationParametersPresenter.GetParameter("RSA.PrivateKey")); int keySize = Convert.ToInt32(ConfigurationParametersPresenter.GetParameter("RSA.KeySize")); password = Encryption.RSADecryptString(password, keySize, privateKey); } context.SetPassword(password, null); context.SetDiscardPasswordHashCheck(false); //context.ExternalCheckMethod = CheckPassword; AuthenticationResult result = AuthenticationService.GetResult(context); if (result.Result == LoginResultEnum.FirstLevelSuccess) { authenticationSuccess = true; } return(authenticationSuccess); }
public void Execute(object requestMessage, ref object responseMessage, TransactionHeader transactionHeader) { long userID = transactionHeader.Customer.UserId; SoftTokenSelectAuthenticationRequest request = requestMessage as SoftTokenSelectAuthenticationRequest; SoftTokenSelectAuthenticationResponse response = responseMessage as SoftTokenSelectAuthenticationResponse; VpOtpHistory otpHistory = null; string password = request.Password; try { using (VeriBranchDataEntities context = new VeriBranchDataEntities()) { otpHistory = context.VpOtpHistory.Where(obj => obj.UserID == userID).OrderByDescending(obj => obj.ID).FirstOrDefault(); if (otpHistory != null) { string decryptedOTP = string.Empty; if (ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.OTPEncryptionEnabledKey) != null) { // these must be replaced by fetching certificate from store string privateKey = Convert.ToString(ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.EncryptionPrivateKey)); int keySize = Convert.ToInt32(ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.EncryptionKeySizeKey)); decryptedOTP = Encryption.DecryptString(otpHistory.EncryptedOTP, privateKey); } if (decryptedOTP == password) { response.Status = true; } } } } catch (Exception ex) { response.Status = false; } }
public void Execute(object requestMessage, ref object responseMessage, TransactionHeader transactionHeader) { GenerateSoftTokenRequest request = requestMessage as GenerateSoftTokenRequest; GenerateSoftTokenResponse response = responseMessage as GenerateSoftTokenResponse; VpOtpHistory otpHistory = null; string hashedPassword = string.Empty; using (VeriBranchDataEntities context = new VeriBranchDataEntities()) { var device = context.VpOtpDevice.Where(obj => obj.SerialNumber == request.DeviceId).FirstOrDefault(); if (device == null) { throw new VPBusinessException("DeviceNotExistException"); } long userId = Convert.ToInt32(device.CreateBy); if (!string.IsNullOrEmpty(request.Password)) { hashedPassword = HashHelper.Hash(request.Password, string.Empty, HashTypeEnum.Md5); if (context.VPSoftTokenRegistration.Where(obj => obj.UserId == userId && obj.Password == hashedPassword).FirstOrDefault() != null) { otpHistory = context.VpOtpHistory.Where(obj => obj.UserID == userId && obj.ExpireTime >= DateTime.Now).OrderByDescending(obj => obj.ID).FirstOrDefault(); } else { throw new VPBusinessException("WrongPassword"); } } else if (string.IsNullOrEmpty(request.Password) && request.IsAuthenticatedWithFingerPrint) { string autoPass = request.DeviceId + "true" + request.DeviceId; // 1 because AutoPassword should have set IsAuthenticatedWithFingerPrint if (autoPass.Equals(request.AutoPassword)) { otpHistory = context.VpOtpHistory.Where(obj => obj.UserID == userId && obj.ExpireTime >= DateTime.Now).OrderByDescending(obj => obj.ID).FirstOrDefault(); } else { throw new VPBusinessException("WrongPassword"); } } else { throw new VPBusinessException("WrongPassword"); } } if (otpHistory != null || string.IsNullOrEmpty(otpHistory.EncryptedOTP)) { string decryptedOTP = string.Empty; if (ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.OTPEncryptionEnabledKey) != null) { // these must be replaced by fetching certificate from store string privateKey = Convert.ToString(ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.EncryptionPrivateKey)); int keySize = Convert.ToInt32(ConfigurationParametersPresenter.GetParameter(LoginConstants.FlowItemType.EncryptionKeySizeKey)); decryptedOTP = Encryption.DecryptString(otpHistory.EncryptedOTP, privateKey); } response.OTP = decryptedOTP; } else { response.OTP = VeriBranch.Utilities.ConfigurationUtilities.ResourceHelper.GetGeneralMessage("NoOTPAvailable"); } }