public AppConfiguration() { AccountManagementCheckFailedLogonAttempts = Convert.ToBoolean(ConfigurationManager.AppSettings["AccountManagementCheckFailedLogonAttempts"].ToString()); AccountManagementMaximumFailedLogonAttempts = Convert.ToInt32(ConfigurationManager.AppSettings["AccountManagementMaximumFailedLogonAttempts"].ToString()); AccountManagementRegisterAutoApprove = Convert.ToBoolean(ConfigurationManager.AppSettings["AccountManagementRegisterAutoApprove"]); ApplicationName = ConfigurationManager.AppSettings["ApplicationName"]; DefaultFromEmailAddress = ConfigurationManager.AppSettings["DefaultFromEmailAddress"]; DefaultHashStrategy = (HashStrategyKind)Convert.ToInt32(ConfigurationManager.AppSettings["DefaultHashStrategy"]); EncryptionPassword = ConfigurationManager.AppSettings["EncryptionPassword"]; EncryptionIterationCount = Convert.ToInt32(ConfigurationManager.AppSettings["EncryptionIterationCount"]); HasRecaptcha = Convert.ToBoolean(ConfigurationManager.AppSettings["HasRecaptcha"]); HasEmailConfigured = Convert.ToBoolean(ConfigurationManager.AppSettings["HasEmailConfigured"]); WebsiteBaseUrl = ConfigurationManager.AppSettings["WebsiteBaseUrl"]; }
/// <summary> /// Given a password, salt and hash strategy, calculate the hash /// </summary> /// <param name="plainPassword"></param> /// <param name="salt"></param> /// <param name="hashStrategy"></param> public SecuredPassword(string plainPassword, byte[] salt, HashStrategyKind hashStrategy) { _salt = salt; SetHashStrategy(hashStrategy); switch (hashStrategy) { case HashStrategyKind.Pbkdf25009Iterations: case HashStrategyKind.Pbkdf28000Iterations: using (var deriveBytes = new Rfc2898DeriveBytes(plainPassword, salt, (int)_hashingParameter)) { _hash = deriveBytes.GetBytes(_saltSize); } break; case HashStrategyKind.Argon248KWorkCost: var argon2Hasher = new PasswordHasher(memoryCost: _hashingParameter); _hash = Encoding.ASCII.GetBytes(argon2Hasher.Hash(Encoding.ASCII.GetBytes(plainPassword), salt)); break; } IsValid = true; }