A salt and settings for a specific user used for generating the password hash.
Exemplo n.º 1
0
        /// <summary>
        /// Base logic to register a full user, or a guest user.  Creates the appropriate records and the proper validation.
        /// </summary>
        /// <param name="user">A user with a raw password which is turned into a password hash as part of registration.</param>
        /// <param name="result">A ExecutionResults instance to add applicable
        /// warning and error messages to.</param>
        /// <returns>A boolean indicating success (true) or failure (false).</returns>
        protected virtual bool RegisterBase(User user, ExecutionResults result)
        {
            var password = user.PasswordHash;

            if (!ValidateName(user.Name, result) || !ValidatePassword(password, result))
            {
                return(false);
            }

            var existing = GetUserByName(user.Name);

            if (existing != null)
            {   //seed user table with deleted users with names you don't want users to have
                result.AppendError("The name you specified cannot be used.");
                return(false);
            }
            if (user.UserID.Equals(Guid.Empty))
            {
                user.UserID = Guid.NewGuid();
            }

            var hasher = HashManager.SelectProvider();
            var salt   = new UserSalt
            {
                PasswordSalt = hasher.GetSalt(),
                UserID       = user.UserID,
                HashGroup    = new Random(DateTime.Now.Second).Next(HashGroupMinimum, HashGroupMaximum),
                HashName     = hasher.Name
            };

            user.PasswordHash = hasher.Hash(salt.PasswordSalt, password,
                                            salt.HashGroup + BaseHashIterations);
            using (var scope = new System.Transactions.TransactionScope())
            {
                //starts as a lightweight transaction
                SaveUser(user);
                //enlists in a full distributed transaction if users and salts have different connection strings
                SaveUserSalt(salt);
                scope.Complete();
            }
            return(true);
        }
Exemplo n.º 2
0
 protected override void SaveUserSalt(UserSalt salt)
 {
     throw new NotImplementedException();
 }
Exemplo n.º 3
0
 /// <summary>
 /// Saves a user salt, insert or update.
 /// </summary>
 /// <param name="salt"></param>
 protected abstract void SaveUserSalt(UserSalt salt);
Exemplo n.º 4
0
        /// <summary>
        /// Base logic to register a full user, or a guest user.  Creates the appropriate records and the proper validation.
        /// </summary>
        /// <param name="user">A user with a raw password which is turned into a password hash as part of registration.</param>
        /// <param name="result">A ExecutionResults instance to add applicable
        /// warning and error messages to.</param>
        /// <returns>A boolean indicating success (true) or failure (false).</returns>
        protected virtual bool RegisterBase(User user, ExecutionResults result)
        {
            var password = user.PasswordHash;
            if (!ValidateName(user.Name, result) || !ValidatePassword(password, result))
                return false;

            var existing = GetUserByName(user.Name);
            if (existing != null)
            {   //seed user table with deleted users with names you don't want users to have
                result.AppendError("The name you specified cannot be used.");
                return false;
            }
            if (user.UserID.Equals(Guid.Empty))
                user.UserID = Guid.NewGuid();

            var hasher = HashManager.SelectProvider();
            var salt = new UserSalt
            {
                PasswordSalt = hasher.GetSalt(),
                UserID = user.UserID,
                HashGroup = new Random(DateTime.Now.Second).Next(HashGroupMinimum, HashGroupMaximum),
                HashName = hasher.Name
            };
            user.PasswordHash = hasher.Hash(salt.PasswordSalt, password,
                                                   salt.HashGroup + BaseHashIterations);
            using (var scope = new System.Transactions.TransactionScope())
            {
                //starts as a lightweight transaction
                SaveUser(user);
                //enlists in a full distributed transaction if users and salts have different connection strings
                SaveUserSalt(salt);
                scope.Complete();
            }
            return true;
        }
Exemplo n.º 5
0
 /// <summary>
 /// Saves a user salt, insert or update depending if RecordId is non-zero.
 /// </summary>
 /// <param name="salt"></param>
 protected override void SaveUserSalt(UserSalt salt)
 {
     using (var cn = new SqlConnection(ConnectionStringUserSalt))
     {
         cn.Open();
         using (var cmd = new SqlCommand())
         {
             cmd.Connection = cn;
             cmd.CommandType = System.Data.CommandType.Text;
             if (salt.RecordID == 0)
             {
                 cmd.CommandText = @"insert into Security.UserSalt
      (UserID, PasswordSalt, HashGroup, HashName)
      Values (@UserID, @PasswordSalt, @HashGroup, @HashName)";
                 cmd.Parameters.AddWithValue("UserID", salt.UserID);
                 cmd.Parameters.AddWithValue("PasswordSalt", salt.PasswordSalt);
                 cmd.Parameters.AddWithValue("HashGroup", salt.HashGroup);
                 cmd.Parameters.AddWithValue("HashName", salt.HashName);
             }
             else
             {
                 cmd.CommandText = @"update Security.UserSalt
      set PasswordSalt = @PasswordSalt,
      ResetCode = @ResetCode,
      ResetCodeExpiration = @ResetCodeExpiration,
      HashGroup = @HashGroup,
      HashName = @HashName
      where UserID = @UserID";
                 cmd.Parameters.AddWithValue("PasswordSalt", salt.PasswordSalt);
                 cmd.Parameters.AddWithValue("ResetCode", salt.ResetCode);
                 cmd.Parameters.AddWithValue("ResetCodeExpiration", salt.ResetCodeExpiration);
                 cmd.Parameters.AddWithValue("HashGroup", salt.HashGroup);
                 cmd.Parameters.AddWithValue("HashName", salt.HashName);
                 cmd.Parameters.AddWithValue("UserID", salt.UserID);
             }
             cmd.ExecuteNonQuery();
         }
     }
 }
Exemplo n.º 6
0
 /// <summary>
 /// Saves a user salt, insert or update.
 /// </summary>
 /// <param name="salt"></param>
 protected abstract void SaveUserSalt(UserSalt salt);