/// <summary> /// Returns IHashedUser object with password and salt hashed. /// The IHashedUser object must include Username, Password, and SaltByteArray. /// </summary> /// <param name="userToHash">User to hash</param> /// <returns></returns> public IHashedUser GetHashedUser(IHashedUser userToHash) { // Check if user input is valid. if (userToHash.Password == null || userToHash.Password == string.Empty) { throw new ArgumentNullException("Password"); } if (userToHash.Salt == null || userToHash.Salt == string.Empty) { throw new ArgumentNullException("Salt"); } // Convert password string to byte array byte[] passwordByteArray = Encoding.UTF8.GetBytes(userToHash.Password); byte[] saltByteArray = Convert.FromBase64String(userToHash.Salt); // Create hashed password with salt. byte[] passwordWithSalt = this.HashPasswordWithSalt(passwordByteArray, saltByteArray); // Set salt string - using Base64String userToHash.Password = Convert.ToBase64String(passwordWithSalt); userToHash.Salt = Convert.ToBase64String(saltByteArray); return(userToHash); }
public void VerifyPassword_ComparingWrongPassword_ShouldNotBeEqual() { // Arrange HashingSettings settings = new HashingSettings(HashingMethodType.SHA256); HashingService hashingService = new HashingService(settings); string username = "******"; string correctPassword = "******"; string wrongPassword = "******"; IHashedUser hashedUser = null; bool passwordMatched = false; // Act hashedUser = hashingService.CreateHashedUser(username, correctPassword); passwordMatched = hashingService.VerifyPassword(wrongPassword, hashedUser.Password, hashedUser.Salt); Console.WriteLine("Original Correct Password: "******"Original Wrong Password: "******"Hashed Password: "******"Hashed Salt: " + hashedUser.Salt); // Assert Assert.IsFalse(passwordMatched); }
public void CreateUser(IUser user) { IHashedUser hashedUser = HandlerFactory.GetLoginHandler().CreateHashedUserInfo(user.Username, user.UserPassword); user.UserPassword = hashedUser.Password; user.Salt = hashedUser.Salt; using (var conn = new SqlConnection(HandlerFactory.GetDBConnectionString())) { conn.Open(); var identity = conn.Insert(user); conn.Close(); } }
public void CreateHashedUser_WithValidSettings_ShouldCreateIHashedUser() { // Arrange HashingSettings settings = new HashingSettings(HashingMethodType.SHA256); HashingService hashingService = new HashingService(settings); string username = "******"; string password = "******"; IHashedUser hashedUser = null; // Act hashedUser = hashingService.CreateHashedUser(username, password); // Assert Assert.IsNotNull(hashedUser); }
/// <summary> /// Verify the integrity of the User Salt and password. /// Returns true if the password passes. /// Returns false if the hashed password and salt does not match. /// </summary> /// <param name="user1"></param> /// <param name="user2"></param> /// <returns></returns> public bool VerifyUserHash(IHashedUser userLogin, IHashedUser DBuser) { bool userHashIsVerified = false; // Make sure the Database Salt is set. if (DBuser.Salt == null || DBuser.Salt == string.Empty || DBuser.Salt == "") { throw new ArgumentException("User 1 salt is not set", "user1"); } // Converts 64ByteString to ByteArray - IHashedUser.SaltByteArray DBuser.SaltByteArray = Convert.FromBase64String(DBuser.Salt); // Hash logged in user. IHashedUser hashedUserLogin = this._hashingMethod.GetHashedUser(userLogin); if (hashedUserLogin.Password == DBuser.Password) { userHashIsVerified = true; } return(userHashIsVerified); }