// https://github.com/shawnmclean/SimpleCrypto.net
public static bool IsPasswordValid(string password, string storedPasswordHash, string salt)
{
ICryptoService cryptoService = new PBKDF2();
string hashedPassword2 = cryptoService.Compute(password, salt);
return(cryptoService.Compare(storedPasswordHash, hashedPassword2));
}
public override void Validate(string userName, string password)
{
using (var context = new AF_Context())
{
const string pepper = "50.L1`(f761OJdG6fc835M(5(+Ju2!P6,4330_N*/%xz<j7(N15KC'8l997'0c0CEg";
ICryptoService cryptoService = new PBKDF2();
try
{
User u = context.Users.FirstOrDefault(c => c.Login == userName);
if (u == null)
{
throw new SecurityTokenException("Wrong Username or Password");
}
bool verified = cryptoService.Compare(cryptoService.Compute(cryptoService.Compute(password, u.Salt), pepper), u.Password);
if (!verified)
{
throw new SecurityTokenException("Wrong Username or Password");
}
}
catch (Exception ex)
{
throw;
}
}
}
private void btnAuth_Click(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(PasswordUser))
{
MessageBox.Show("Пароль пустий.");
return;
}
var user = GetUserByEmail(EmailLogin);
if (user != null)
{
ICryptoService cryptoService = new PBKDF2();
// validate user
string password = PasswordUser;
string salt = user.PasswordHash;
string hashedPassword2 = cryptoService.Compute(password, salt);
bool isPasswordValid = cryptoService.Compare(user.Password, hashedPassword2);
if (isPasswordValid)
{
DialogResult = DialogResult.OK;
}
else
{
MessageBox.Show("Неправильний пароль або емейл, спробуйте ще раз.");
}
}
else
{
MessageBox.Show("Неправильний пароль або емейл, спробуйте ще раз.");
}
}
private static bool ValidatePassword(string password, string salt, string hashedPassword)
{
ICryptoService cryptoService = new PBKDF2();
string hashedPassword2 = cryptoService.Compute(password, salt);
return(cryptoService.Compare(hashedPassword, hashedPassword2));
}
protected bool IsValidNuGetApiKey(INancyModule module, IFeed feed)
{
if (!string.IsNullOrWhiteSpace(feed.ApiKeyHashed))
{
if (module.Request.Headers[NuGetHeaderApiKeyName].FirstOrDefault() == null)
{
return(false);
}
ICryptoService cryptoService = new PBKDF2();
var feedApiKeyHashed = feed.ApiKeyHashed;
var feedApiKeySalt = feed.ApiKeySalt;
var requestApiKey = module.Request.Headers[NuGetHeaderApiKeyName].FirstOrDefault();
if (string.IsNullOrWhiteSpace(requestApiKey))
{
return(false);
}
string requestApiKeyHashed = cryptoService.Compute(requestApiKey, feedApiKeySalt);
bool isValidApiKey = cryptoService.Compare(requestApiKeyHashed, feedApiKeyHashed);
if (!isValidApiKey)
{
return(false);
}
}
return(true);
}
protected void btnIniciar_Click(object sender, EventArgs e)
{
string user = txtUser.Text.Trim();
string pas = txtPass.Text.Trim();
if (user != "" && pas != "")
{
var persona = instaciaBD.tbl_persona.Where(x => x.usuarioPersona == user).FirstOrDefault();
if (persona != null)
{
ICryptoService encripto = new PBKDF2();//INSTANCIO EL ALGORITMO
string pasEncriptada = encripto.Compute(pas, persona.salt);
if (encripto.Compare(persona.contrasenaPersona, pasEncriptada))
{
FormsAuthentication.SetAuthCookie(persona.nombrePersona + " " + persona.apellidoPersona, true);
Response.Redirect("Inicio.aspx");
}
else
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "aletarLoginFail", "window.onload = function(){ alert ('Contraseña incorrecta');};", true);
}
}
else
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "aletarLoginFail", "window.onload = function(){ alert ('no existe ');};", true);
}
}
else
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "aletarLoginFail", "window.onload = function(){ alert ('debe ingresar datos');};", true);
}
}
// GET: Moviles
public ActionResult Acceso(string correo, string password)
{
string constr = conexion;
string constr1 = conexion1;
vista = "../Login/Login";
System.Web.HttpContext.Current.Session["acceso"] = "Usuario no encontrado";
using (MySqlConnection con = new MySqlConnection(constr))
{
string query = "select * from web_usuarios_login WHERE Cod_Usuario = '" + correo + "'";
using (MySqlCommand cmd = new MySqlCommand(query))
{
cmd.Connection = con;
con.Open();
using (MySqlDataReader sdr = cmd.ExecuteReader())
{
while (sdr.Read())
{
ICryptoService cryptoService = new PBKDF2();
string PasswordEncriptada = cryptoService.Compute(password, sdr["Salt"].ToString());
if (sdr.HasRows)
{
System.Web.HttpContext.Current.Session["sessionClosed"] = null;
if (cryptoService.Compare(sdr["Password"].ToString(), PasswordEncriptada))
{
System.Web.HttpContext.Current.Session["sessionString"] = sdr["Nombre"].ToString() + " " + sdr["Apellido"].ToString();
System.Web.HttpContext.Current.Session["perfil"] = sdr["Cod_Perfil"].ToString();
System.Web.HttpContext.Current.Session["correo"] = sdr["Cod_Usuario"].ToString();
vista = "../Principal/Principal";
}
}
}
}
con.Close();
}
}
using (MySqlConnection con1 = new MySqlConnection(constr1))
{
string querypararm = "select * from web_vparam_sys";
using (MySqlCommand cmd1 = new MySqlCommand(querypararm))
{
cmd1.Connection = con1;
con1.Open();
using (MySqlDataReader sdr1 = cmd1.ExecuteReader())
{
while (sdr1.Read())
{
System.Web.HttpContext.Current.Session["conductoresConf"] = sdr1["Varios_Conductores"].ToString();
}
}
con1.Close();
}
}
return(RedirectToAction(vista));
}
protected void btnIniciar_Click1(object sender, EventArgs e)
{
//Se pasan los valor de los textbox a integer y string
int cedulaAsociado = int.Parse(txtUsuario.Text.Trim());
string contrasenna = txtPassword.Text.Trim();
//Cuando la contrasena no es nula
if (contrasenna != "")
{
//Se busca el usuario que coincida con la cedula digitada
var usuario = db.Usuarios.Where(x => x.cedulaAsociado == cedulaAsociado).FirstOrDefault();
//Si el usuario existe
if (usuario != null)
{
//se llama a la liberia de encriptacion
ICryptoService cryptoService = new PBKDF2();
//se le da la llave de encriptacion
string contraseniaEncriptada = cryptoService.Compute(contrasenna, usuario.salt);
//si la contrasena encriptada es igual a la contrasenna guardada en el sistema
if (cryptoService.Compare(usuario.contrasenna, contraseniaEncriptada))
{
//se guarda en la bitacora un inicio exitoso con los datos de usuario utilizados para ingresar
logger.Info("Inicio de sesion exitoso: " + cedulaAsociado + ", " + contraseniaEncriptada);
//Crea una cookie permanente con el nombre de usuario
string correoAsociado = usuario.cedulaAsociado + " " + usuario.correoElectronico;
FormsAuthentication.RedirectFromLoginPage(correoAsociado, false);
// Se hace la sesion con el id del rol del usuarios
Session["UserRole"] = usuario.idRol.ToString();
}
else
{
//se guarda en la bitacora un inicio fallido con los datos de usuario utilizados para ingresar
logger.Info("Inicio de sesion fallido, usuario ingresado: " + cedulaAsociado + ", contrasenna ingresada:" + contraseniaEncriptada);
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "AlertaLoginContrasenia", "window.onload = function(){ alert('La contraseña es incorrecta.'); };", true);
}
}
else
{
//se guarda en la bitacora un fallido exitoso con los datos de usuario utilizados para ingresar
logger.Info("Inicio de sesion fallido, usuario ingresado: " + cedulaAsociado);
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "AlertaLoginUsuario", "window.onload = function(){ alert('El usuario no existe.'); };", true);
}
}
}
public static bool Validate(string savedPasswordHash, string savedPasswordSalt, string plainTextPassword)
{
if (string.IsNullOrEmpty(savedPasswordHash))
{
throw new ArgumentNullException("savedPasswordHash");
}
if (string.IsNullOrEmpty(savedPasswordHash))
{
throw new ArgumentNullException("savedPasswordSalt");
}
if (string.IsNullOrEmpty(savedPasswordHash))
{
throw new ArgumentNullException("plainTextPassword");
}
var cryptoService = new PBKDF2();
var passwordHash = cryptoService.Compute(plainTextPassword, savedPasswordSalt);
return(cryptoService.Compare(passwordHash, savedPasswordHash));
}
/// <summary>
/// Check if the password is valid
/// </summary>
/// <param name="username">Username</param>
/// <param name="password">Password</param>
/// <returns>If password matches</returns>
public bool IsPasswordValid(string username, string password)
{
var user = _userFactory.CreateNewUser(username, password);
Validate(user);
var foundUser = _userRepository.GetBy(x => x.UserName == user.UserName);
if (foundUser == null)
{
return(false);
}
var cryptoService = new PBKDF2();
string hashedPassword = cryptoService.Compute(password, foundUser.Salt);
bool isPasswordValid = cryptoService.Compare(foundUser.Password, hashedPassword);
return(isPasswordValid);
}
private void Btn_login_Click(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(txtBoxPassword.Text))
{
string loginUser = txtBoxUser.Text;
string passUser = txtBoxPassword.Text;
var user = GetUserByEmail(loginUser);
if (loginUser == "admin")
{
if (passUser == "admin")
{
AdminPanelForm adp = new AdminPanelForm();
adp.ShowDialog();
}
}
else if (user != null || loginUser == "noconnection")
{
if (loginUser == "noconnection")
{
ChangeAccSettingForm casf = new ChangeAccSettingForm();
if (casf.ShowDialog() == DialogResult.OK)
{
}
}
else if (user.Deleted == false)
{
ICryptoService cryptoService = new PBKDF2();
string salt = user.PasswordHash;
string hashPassword2 = cryptoService.Compute(passUser, salt);
bool isPasswordValid = cryptoService.Compare(user.Password, hashPassword2);
if (isPasswordValid)
{
MessageBox.Show("You login success", "Success!", MessageBoxButtons.OK, MessageBoxIcon.Information);
ChangeAccSettingForm casf = new ChangeAccSettingForm();
casf.FillForm(user);
casf.FillLoginUser(user);
if (casf.ShowDialog() == DialogResult.OK)
{
if (casf.IsDel)
{
user.Deleted = true;
}
if (casf.FirstName != null && casf.FirstName != user.FirstName)
{
user.FirstName = casf.FirstName;
}
if (casf.FileSelect != null && casf.FileSelect.ToString() != user.UserImage.ToString())
{
//string extension = Path.GetExtension(casf.FileSelect);
//string nameFile = Path.GetRandomFileName() + extension;
//var path = Path.Combine(Directory.GetCurrentDirectory(),
// "user_images", Path.GetFileName(casf.FileSelect));
//var bmp = ImageHelper.ComprressImage(Image.FromFile(casf.FileSelect), 120, 80);
//try
//{
// bmp.Save(path, ImageFormat.Jpeg);
//}
//catch (Exception ex)
//{
// MessageBox.Show(ex.Message);
//}
user.UserImage = casf.ImageToByteArray(Image.FromFile(casf.FileSelect));
}
if (casf.LastName != null && casf.LastName != user.LastName)
{
user.LastName = casf.LastName;
}
if (casf.MobilePhone != null && casf.MobilePhone != user.MobilePhoneNumber)
{
user.MobilePhoneNumber = casf.MobilePhone;
}
if (casf.Password != "")
{
ICryptoService new_cryptoService = new PBKDF2();
//New User
string new_password = casf.Password;
//save this salt to the database
string new_salt = cryptoService.GenerateSalt();
//save this hash to the database
string new_hashedPassword = cryptoService.Compute(new_password);
user.Password = new_hashedPassword;
user.PasswordHash = new_salt;
}
context.SaveChanges();
}
}
else
{
MessageBox.Show("Inccorect login or password!", "Please try again!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
else
{
MessageBox.Show("This account not exist or be deleted!");
}
}
else
{
MessageBox.Show("Inccorect login or password!", "Please try again!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
this.Close();
}
protected void btnIngresar_Click(object sender, EventArgs e)
{
try
{
string usuario = txtUsuario.Text.Trim();
string contrasenna = txtContrasena.Text.Trim();
if (usuario != "" && contrasenna != "")
{
var persona = db.Persona.Where(x => x.usuario == usuario).FirstOrDefault();
ICryptoService cryptoService = new PBKDF2();
string contrasenaEncriptada = cryptoService.Compute(contrasenna, persona.salt);
if (persona != null)
{
if (cryptoService.Compare(persona.contrasenna, contrasenaEncriptada))
{
string nombreCompleto = persona.nombrePersona + " " + persona.apellidoPersona;
Session["Persona"] = persona.idPersona;
FormsAuthentication.RedirectFromLoginPage(nombreCompleto, true);
Session["anything"] = txtUsuario.Text;
Response.Redirect("inicio1.aspx");
}
else
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaPassFail", "window.onload = function(){alert('contraseña es incorrecta');};", true);
}
}
var persona2 = db.Persona.Where(x => x.usuario == usuario).FirstOrDefault();
ICryptoService cryptoService2 = new PBKDF2();
string contrasenaEncriptada2 = cryptoService2.Compute(contrasenna, persona.salt);
if (persona != null)
{
if (cryptoService.Compare(persona.contrasenna, contrasenaEncriptada))
{
string nombreCompleto = persona.nombrePersona + " " + persona.apellidoPersona;
Session["Persona"] = persona2.idPersona;
FormsAuthentication.RedirectFromLoginPage(nombreCompleto, true);
Session["anything"] = txtUsuario.Text;
Response.Redirect("inicio1.aspx");
}
else
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaPassFail", "window.onload = function(){alert('contraseña es incorrecta');};", true);
}
}
else
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('usuario no existe');};", true);
}
}
else
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginFail", "window.onload = function(){alert('usuario o contraseña deben estar llenos');};", true);
}
}
catch {
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('usuario no existe');};", true);
}
}
public LoginResponse LoginStudent(string login, string haslo)
{
ICryptoService cryptoService = new PBKDF2();
var st = new Models.Student();
var resp = new LoginResponse();
using (SqlConnection con = new SqlConnection(DataSQLCon))
using (SqlCommand com = new SqlCommand())
{
com.Connection = con;
com.CommandText = "select IndexNumber,Password,salt from Student WHERE IndexNumber=@Index";
com.Parameters.AddWithValue("Index", login);
con.Open();
SqlDataReader sqlRead = com.ExecuteReader();
if (sqlRead.Read())
{
st.IndexNumber = sqlRead["IndexNumber"].ToString();
string BaseSalt = sqlRead["salt"].ToString();
string password = sqlRead["Password"].ToString();
string hasloLocal = cryptoService.Compute(haslo, BaseSalt);
bool isPasswordValid = cryptoService.Compare(password, hasloLocal);
if (!isPasswordValid)
{
return(null);
}
}
else
{
return(null);
}
con.Close();
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, "1"),
new Claim(ClaimTypes.Name, st.IndexNumber),
new Claim(ClaimTypes.Role, "student")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "Gakko",
audience: "Students",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
resp.accessToken = new JwtSecurityTokenHandler().WriteToken(token);
resp.refreshToken = Guid.NewGuid();
con.Open();
com.CommandText = "UPDATE Student SET refreshToken=@Refresh WHERE IndexNumber=@Index";
com.Parameters.AddWithValue("Refresh", resp.refreshToken);
com.ExecuteNonQuery();
con.Close();
}
return(resp);
}
protected void btnCambiarContrasena_Click(object sender, EventArgs e)
{
int idPersona = int.Parse(Session["Persona"].ToString());
string contrasenaAnterior = txtContrasenaAnterior.Text.Trim();
string contrasenaNueva = txtNuevaContrasena.Text.Trim();
var persona = db.Persona.Where(x => x.idPersona == idPersona).FirstOrDefault();
try
{
if (persona != null)
{
ICryptoService cryptoService = new PBKDF2();
string contrasenaEncriptada = cryptoService.Compute(contrasenaAnterior, persona.salt);
if (cryptoService.Compare(persona.contrasenna, contrasenaEncriptada))
{
string salt = cryptoService.GenerateSalt();
string contrasenaNuevaEncriptada = cryptoService.Compute(contrasenaNueva);
persona.salt = salt;
persona.contrasenna = contrasenaNuevaEncriptada;
try
{
db.SubmitChanges();
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaErrorCambio", "window.onload = function(){alert('La contraseña se cambio exitosamente');};", true);
}
catch (Exception ex)
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaErrorCambio", "window.onload = function(){alert('La contraseña no se cambio');};", true);
}
}
else
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('La contraseña anterior no coincide');};", true);
}
}
else
{
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('El usuario no existe');};", true);
}
}
catch {
ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('Los campos no se llenaron correctamente');};", true);
}
//if (persona != null)
//{
// ICryptoService cryptoService = new PBKDF2();
// string contrasenaEncriptada = cryptoService.Compute(contrasenaAnterior, persona.salt);
// if (cryptoService.Compare(persona.contrasenna, contrasenaEncriptada))
// {
// string salt = cryptoService.GenerateSalt();
// string contrasenaNuevaEncriptada = cryptoService.Compute(contrasenaNueva);
// persona.salt = salt;
// persona.contrasenna = contrasenaNuevaEncriptada;
// try
// {
// db.SubmitChanges();
// }
// catch(Exception ex) {
// ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaErrorCambio", "window.onload = function(){alert('La contraseña no se cambio');};", true);
// }
// }
// else
// {
// ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('La contraseña anterior no coincide');};", true);
// }
//}
//else {
// ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('El usuario no existe');};", true);
//}
}
public LoginResponse Login(string login, string haslo)
{
LoginResponse response = new LoginResponse();
Student student = new Student();
ICryptoService crypto = new PBKDF2();
using (SqlConnection con = new SqlConnection(ConString))
using (SqlCommand com = new SqlCommand())
{
com.Connection = con;
com.CommandText = "SELECT IndexNumber, Passwd, Salt FROM STUDENT WHERE IndexNumber=@index";
com.Parameters.AddWithValue("index", login);
string passwd, dbPasswd, dbSalt;
con.Open();
SqlDataReader loginRead = com.ExecuteReader();
if (loginRead.Read())
{
student.IndexNumber = loginRead["IndexNumber"].ToString();
passwd = loginRead["Passwd"].ToString();
dbSalt = loginRead["Salt"].ToString();
dbPasswd = crypto.Compute(haslo, dbSalt);
if (!crypto.Compare(passwd, dbPasswd))
{
return(null);
}
}
else
{
return(null);
}
con.Close();
var claims = new[] {
new Claim(ClaimTypes.NameIdentifier, "1"),
new Claim(ClaimTypes.Name, student.IndexNumber),
new Claim(ClaimTypes.Role, "student"),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "Gakko",
audience: "Students",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
response.accessToken = new JwtSecurityTokenHandler().WriteToken(token);
response.refreshToken = Guid.NewGuid();
con.Open();
com.CommandText = "UPDATE Student SET refToken=@refToken WHERE IndexNumber=@login";
com.Parameters.AddWithValue("login", login);
com.Parameters.AddWithValue("refToken", response.refreshToken);
com.ExecuteNonQuery();
con.Close();
}
return(response);
}