// https://github.com/shawnmclean/SimpleCrypto.net public static bool IsPasswordValid(string password, string storedPasswordHash, string salt) { ICryptoService cryptoService = new PBKDF2(); string hashedPassword2 = cryptoService.Compute(password, salt); return(cryptoService.Compare(storedPasswordHash, hashedPassword2)); }
public override void Validate(string userName, string password) { using (var context = new AF_Context()) { const string pepper = "50.L1`(f761OJdG6fc835M(5(+Ju2!P6,4330_N*/%xz<j7(N15KC'8l997'0c0CEg"; ICryptoService cryptoService = new PBKDF2(); try { User u = context.Users.FirstOrDefault(c => c.Login == userName); if (u == null) { throw new SecurityTokenException("Wrong Username or Password"); } bool verified = cryptoService.Compare(cryptoService.Compute(cryptoService.Compute(password, u.Salt), pepper), u.Password); if (!verified) { throw new SecurityTokenException("Wrong Username or Password"); } } catch (Exception ex) { throw; } } }
private void btnAuth_Click(object sender, EventArgs e) { if (string.IsNullOrEmpty(PasswordUser)) { MessageBox.Show("Пароль пустий."); return; } var user = GetUserByEmail(EmailLogin); if (user != null) { ICryptoService cryptoService = new PBKDF2(); // validate user string password = PasswordUser; string salt = user.PasswordHash; string hashedPassword2 = cryptoService.Compute(password, salt); bool isPasswordValid = cryptoService.Compare(user.Password, hashedPassword2); if (isPasswordValid) { DialogResult = DialogResult.OK; } else { MessageBox.Show("Неправильний пароль або емейл, спробуйте ще раз."); } } else { MessageBox.Show("Неправильний пароль або емейл, спробуйте ще раз."); } }
private static bool ValidatePassword(string password, string salt, string hashedPassword) { ICryptoService cryptoService = new PBKDF2(); string hashedPassword2 = cryptoService.Compute(password, salt); return(cryptoService.Compare(hashedPassword, hashedPassword2)); }
protected bool IsValidNuGetApiKey(INancyModule module, IFeed feed) { if (!string.IsNullOrWhiteSpace(feed.ApiKeyHashed)) { if (module.Request.Headers[NuGetHeaderApiKeyName].FirstOrDefault() == null) { return(false); } ICryptoService cryptoService = new PBKDF2(); var feedApiKeyHashed = feed.ApiKeyHashed; var feedApiKeySalt = feed.ApiKeySalt; var requestApiKey = module.Request.Headers[NuGetHeaderApiKeyName].FirstOrDefault(); if (string.IsNullOrWhiteSpace(requestApiKey)) { return(false); } string requestApiKeyHashed = cryptoService.Compute(requestApiKey, feedApiKeySalt); bool isValidApiKey = cryptoService.Compare(requestApiKeyHashed, feedApiKeyHashed); if (!isValidApiKey) { return(false); } } return(true); }
protected void btnIniciar_Click(object sender, EventArgs e) { string user = txtUser.Text.Trim(); string pas = txtPass.Text.Trim(); if (user != "" && pas != "") { var persona = instaciaBD.tbl_persona.Where(x => x.usuarioPersona == user).FirstOrDefault(); if (persona != null) { ICryptoService encripto = new PBKDF2();//INSTANCIO EL ALGORITMO string pasEncriptada = encripto.Compute(pas, persona.salt); if (encripto.Compare(persona.contrasenaPersona, pasEncriptada)) { FormsAuthentication.SetAuthCookie(persona.nombrePersona + " " + persona.apellidoPersona, true); Response.Redirect("Inicio.aspx"); } else { ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "aletarLoginFail", "window.onload = function(){ alert ('Contraseña incorrecta');};", true); } } else { ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "aletarLoginFail", "window.onload = function(){ alert ('no existe ');};", true); } } else { ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "aletarLoginFail", "window.onload = function(){ alert ('debe ingresar datos');};", true); } }
// GET: Moviles public ActionResult Acceso(string correo, string password) { string constr = conexion; string constr1 = conexion1; vista = "../Login/Login"; System.Web.HttpContext.Current.Session["acceso"] = "Usuario no encontrado"; using (MySqlConnection con = new MySqlConnection(constr)) { string query = "select * from web_usuarios_login WHERE Cod_Usuario = '" + correo + "'"; using (MySqlCommand cmd = new MySqlCommand(query)) { cmd.Connection = con; con.Open(); using (MySqlDataReader sdr = cmd.ExecuteReader()) { while (sdr.Read()) { ICryptoService cryptoService = new PBKDF2(); string PasswordEncriptada = cryptoService.Compute(password, sdr["Salt"].ToString()); if (sdr.HasRows) { System.Web.HttpContext.Current.Session["sessionClosed"] = null; if (cryptoService.Compare(sdr["Password"].ToString(), PasswordEncriptada)) { System.Web.HttpContext.Current.Session["sessionString"] = sdr["Nombre"].ToString() + " " + sdr["Apellido"].ToString(); System.Web.HttpContext.Current.Session["perfil"] = sdr["Cod_Perfil"].ToString(); System.Web.HttpContext.Current.Session["correo"] = sdr["Cod_Usuario"].ToString(); vista = "../Principal/Principal"; } } } } con.Close(); } } using (MySqlConnection con1 = new MySqlConnection(constr1)) { string querypararm = "select * from web_vparam_sys"; using (MySqlCommand cmd1 = new MySqlCommand(querypararm)) { cmd1.Connection = con1; con1.Open(); using (MySqlDataReader sdr1 = cmd1.ExecuteReader()) { while (sdr1.Read()) { System.Web.HttpContext.Current.Session["conductoresConf"] = sdr1["Varios_Conductores"].ToString(); } } con1.Close(); } } return(RedirectToAction(vista)); }
protected void btnIniciar_Click1(object sender, EventArgs e) { //Se pasan los valor de los textbox a integer y string int cedulaAsociado = int.Parse(txtUsuario.Text.Trim()); string contrasenna = txtPassword.Text.Trim(); //Cuando la contrasena no es nula if (contrasenna != "") { //Se busca el usuario que coincida con la cedula digitada var usuario = db.Usuarios.Where(x => x.cedulaAsociado == cedulaAsociado).FirstOrDefault(); //Si el usuario existe if (usuario != null) { //se llama a la liberia de encriptacion ICryptoService cryptoService = new PBKDF2(); //se le da la llave de encriptacion string contraseniaEncriptada = cryptoService.Compute(contrasenna, usuario.salt); //si la contrasena encriptada es igual a la contrasenna guardada en el sistema if (cryptoService.Compare(usuario.contrasenna, contraseniaEncriptada)) { //se guarda en la bitacora un inicio exitoso con los datos de usuario utilizados para ingresar logger.Info("Inicio de sesion exitoso: " + cedulaAsociado + ", " + contraseniaEncriptada); //Crea una cookie permanente con el nombre de usuario string correoAsociado = usuario.cedulaAsociado + " " + usuario.correoElectronico; FormsAuthentication.RedirectFromLoginPage(correoAsociado, false); // Se hace la sesion con el id del rol del usuarios Session["UserRole"] = usuario.idRol.ToString(); } else { //se guarda en la bitacora un inicio fallido con los datos de usuario utilizados para ingresar logger.Info("Inicio de sesion fallido, usuario ingresado: " + cedulaAsociado + ", contrasenna ingresada:" + contraseniaEncriptada); ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "AlertaLoginContrasenia", "window.onload = function(){ alert('La contraseña es incorrecta.'); };", true); } } else { //se guarda en la bitacora un fallido exitoso con los datos de usuario utilizados para ingresar logger.Info("Inicio de sesion fallido, usuario ingresado: " + cedulaAsociado); ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "AlertaLoginUsuario", "window.onload = function(){ alert('El usuario no existe.'); };", true); } } }
public static bool Validate(string savedPasswordHash, string savedPasswordSalt, string plainTextPassword) { if (string.IsNullOrEmpty(savedPasswordHash)) { throw new ArgumentNullException("savedPasswordHash"); } if (string.IsNullOrEmpty(savedPasswordHash)) { throw new ArgumentNullException("savedPasswordSalt"); } if (string.IsNullOrEmpty(savedPasswordHash)) { throw new ArgumentNullException("plainTextPassword"); } var cryptoService = new PBKDF2(); var passwordHash = cryptoService.Compute(plainTextPassword, savedPasswordSalt); return(cryptoService.Compare(passwordHash, savedPasswordHash)); }
/// <summary> /// Check if the password is valid /// </summary> /// <param name="username">Username</param> /// <param name="password">Password</param> /// <returns>If password matches</returns> public bool IsPasswordValid(string username, string password) { var user = _userFactory.CreateNewUser(username, password); Validate(user); var foundUser = _userRepository.GetBy(x => x.UserName == user.UserName); if (foundUser == null) { return(false); } var cryptoService = new PBKDF2(); string hashedPassword = cryptoService.Compute(password, foundUser.Salt); bool isPasswordValid = cryptoService.Compare(foundUser.Password, hashedPassword); return(isPasswordValid); }
private void Btn_login_Click(object sender, EventArgs e) { if (!string.IsNullOrEmpty(txtBoxPassword.Text)) { string loginUser = txtBoxUser.Text; string passUser = txtBoxPassword.Text; var user = GetUserByEmail(loginUser); if (loginUser == "admin") { if (passUser == "admin") { AdminPanelForm adp = new AdminPanelForm(); adp.ShowDialog(); } } else if (user != null || loginUser == "noconnection") { if (loginUser == "noconnection") { ChangeAccSettingForm casf = new ChangeAccSettingForm(); if (casf.ShowDialog() == DialogResult.OK) { } } else if (user.Deleted == false) { ICryptoService cryptoService = new PBKDF2(); string salt = user.PasswordHash; string hashPassword2 = cryptoService.Compute(passUser, salt); bool isPasswordValid = cryptoService.Compare(user.Password, hashPassword2); if (isPasswordValid) { MessageBox.Show("You login success", "Success!", MessageBoxButtons.OK, MessageBoxIcon.Information); ChangeAccSettingForm casf = new ChangeAccSettingForm(); casf.FillForm(user); casf.FillLoginUser(user); if (casf.ShowDialog() == DialogResult.OK) { if (casf.IsDel) { user.Deleted = true; } if (casf.FirstName != null && casf.FirstName != user.FirstName) { user.FirstName = casf.FirstName; } if (casf.FileSelect != null && casf.FileSelect.ToString() != user.UserImage.ToString()) { //string extension = Path.GetExtension(casf.FileSelect); //string nameFile = Path.GetRandomFileName() + extension; //var path = Path.Combine(Directory.GetCurrentDirectory(), // "user_images", Path.GetFileName(casf.FileSelect)); //var bmp = ImageHelper.ComprressImage(Image.FromFile(casf.FileSelect), 120, 80); //try //{ // bmp.Save(path, ImageFormat.Jpeg); //} //catch (Exception ex) //{ // MessageBox.Show(ex.Message); //} user.UserImage = casf.ImageToByteArray(Image.FromFile(casf.FileSelect)); } if (casf.LastName != null && casf.LastName != user.LastName) { user.LastName = casf.LastName; } if (casf.MobilePhone != null && casf.MobilePhone != user.MobilePhoneNumber) { user.MobilePhoneNumber = casf.MobilePhone; } if (casf.Password != "") { ICryptoService new_cryptoService = new PBKDF2(); //New User string new_password = casf.Password; //save this salt to the database string new_salt = cryptoService.GenerateSalt(); //save this hash to the database string new_hashedPassword = cryptoService.Compute(new_password); user.Password = new_hashedPassword; user.PasswordHash = new_salt; } context.SaveChanges(); } } else { MessageBox.Show("Inccorect login or password!", "Please try again!", MessageBoxButtons.OK, MessageBoxIcon.Error); } } else { MessageBox.Show("This account not exist or be deleted!"); } } else { MessageBox.Show("Inccorect login or password!", "Please try again!", MessageBoxButtons.OK, MessageBoxIcon.Error); } } this.Close(); }
protected void btnIngresar_Click(object sender, EventArgs e) { try { string usuario = txtUsuario.Text.Trim(); string contrasenna = txtContrasena.Text.Trim(); if (usuario != "" && contrasenna != "") { var persona = db.Persona.Where(x => x.usuario == usuario).FirstOrDefault(); ICryptoService cryptoService = new PBKDF2(); string contrasenaEncriptada = cryptoService.Compute(contrasenna, persona.salt); if (persona != null) { if (cryptoService.Compare(persona.contrasenna, contrasenaEncriptada)) { string nombreCompleto = persona.nombrePersona + " " + persona.apellidoPersona; Session["Persona"] = persona.idPersona; FormsAuthentication.RedirectFromLoginPage(nombreCompleto, true); Session["anything"] = txtUsuario.Text; Response.Redirect("inicio1.aspx"); } else { ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaPassFail", "window.onload = function(){alert('contraseña es incorrecta');};", true); } } var persona2 = db.Persona.Where(x => x.usuario == usuario).FirstOrDefault(); ICryptoService cryptoService2 = new PBKDF2(); string contrasenaEncriptada2 = cryptoService2.Compute(contrasenna, persona.salt); if (persona != null) { if (cryptoService.Compare(persona.contrasenna, contrasenaEncriptada)) { string nombreCompleto = persona.nombrePersona + " " + persona.apellidoPersona; Session["Persona"] = persona2.idPersona; FormsAuthentication.RedirectFromLoginPage(nombreCompleto, true); Session["anything"] = txtUsuario.Text; Response.Redirect("inicio1.aspx"); } else { ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaPassFail", "window.onload = function(){alert('contraseña es incorrecta');};", true); } } else { ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('usuario no existe');};", true); } } else { ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginFail", "window.onload = function(){alert('usuario o contraseña deben estar llenos');};", true); } } catch { ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('usuario no existe');};", true); } }
public LoginResponse LoginStudent(string login, string haslo) { ICryptoService cryptoService = new PBKDF2(); var st = new Models.Student(); var resp = new LoginResponse(); using (SqlConnection con = new SqlConnection(DataSQLCon)) using (SqlCommand com = new SqlCommand()) { com.Connection = con; com.CommandText = "select IndexNumber,Password,salt from Student WHERE IndexNumber=@Index"; com.Parameters.AddWithValue("Index", login); con.Open(); SqlDataReader sqlRead = com.ExecuteReader(); if (sqlRead.Read()) { st.IndexNumber = sqlRead["IndexNumber"].ToString(); string BaseSalt = sqlRead["salt"].ToString(); string password = sqlRead["Password"].ToString(); string hasloLocal = cryptoService.Compute(haslo, BaseSalt); bool isPasswordValid = cryptoService.Compare(password, hasloLocal); if (!isPasswordValid) { return(null); } } else { return(null); } con.Close(); var claims = new[] { new Claim(ClaimTypes.NameIdentifier, "1"), new Claim(ClaimTypes.Name, st.IndexNumber), new Claim(ClaimTypes.Role, "student") }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken ( issuer: "Gakko", audience: "Students", claims: claims, expires: DateTime.Now.AddMinutes(10), signingCredentials: creds ); resp.accessToken = new JwtSecurityTokenHandler().WriteToken(token); resp.refreshToken = Guid.NewGuid(); con.Open(); com.CommandText = "UPDATE Student SET refreshToken=@Refresh WHERE IndexNumber=@Index"; com.Parameters.AddWithValue("Refresh", resp.refreshToken); com.ExecuteNonQuery(); con.Close(); } return(resp); }
protected void btnCambiarContrasena_Click(object sender, EventArgs e) { int idPersona = int.Parse(Session["Persona"].ToString()); string contrasenaAnterior = txtContrasenaAnterior.Text.Trim(); string contrasenaNueva = txtNuevaContrasena.Text.Trim(); var persona = db.Persona.Where(x => x.idPersona == idPersona).FirstOrDefault(); try { if (persona != null) { ICryptoService cryptoService = new PBKDF2(); string contrasenaEncriptada = cryptoService.Compute(contrasenaAnterior, persona.salt); if (cryptoService.Compare(persona.contrasenna, contrasenaEncriptada)) { string salt = cryptoService.GenerateSalt(); string contrasenaNuevaEncriptada = cryptoService.Compute(contrasenaNueva); persona.salt = salt; persona.contrasenna = contrasenaNuevaEncriptada; try { db.SubmitChanges(); ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaErrorCambio", "window.onload = function(){alert('La contraseña se cambio exitosamente');};", true); } catch (Exception ex) { ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaErrorCambio", "window.onload = function(){alert('La contraseña no se cambio');};", true); } } else { ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('La contraseña anterior no coincide');};", true); } } else { ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('El usuario no existe');};", true); } } catch { ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('Los campos no se llenaron correctamente');};", true); } //if (persona != null) //{ // ICryptoService cryptoService = new PBKDF2(); // string contrasenaEncriptada = cryptoService.Compute(contrasenaAnterior, persona.salt); // if (cryptoService.Compare(persona.contrasenna, contrasenaEncriptada)) // { // string salt = cryptoService.GenerateSalt(); // string contrasenaNuevaEncriptada = cryptoService.Compute(contrasenaNueva); // persona.salt = salt; // persona.contrasenna = contrasenaNuevaEncriptada; // try // { // db.SubmitChanges(); // } // catch(Exception ex) { // ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaErrorCambio", "window.onload = function(){alert('La contraseña no se cambio');};", true); // } // } // else // { // ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('La contraseña anterior no coincide');};", true); // } //} //else { // ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('El usuario no existe');};", true); //} }
public LoginResponse Login(string login, string haslo) { LoginResponse response = new LoginResponse(); Student student = new Student(); ICryptoService crypto = new PBKDF2(); using (SqlConnection con = new SqlConnection(ConString)) using (SqlCommand com = new SqlCommand()) { com.Connection = con; com.CommandText = "SELECT IndexNumber, Passwd, Salt FROM STUDENT WHERE IndexNumber=@index"; com.Parameters.AddWithValue("index", login); string passwd, dbPasswd, dbSalt; con.Open(); SqlDataReader loginRead = com.ExecuteReader(); if (loginRead.Read()) { student.IndexNumber = loginRead["IndexNumber"].ToString(); passwd = loginRead["Passwd"].ToString(); dbSalt = loginRead["Salt"].ToString(); dbPasswd = crypto.Compute(haslo, dbSalt); if (!crypto.Compare(passwd, dbPasswd)) { return(null); } } else { return(null); } con.Close(); var claims = new[] { new Claim(ClaimTypes.NameIdentifier, "1"), new Claim(ClaimTypes.Name, student.IndexNumber), new Claim(ClaimTypes.Role, "student"), }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken ( issuer: "Gakko", audience: "Students", claims: claims, expires: DateTime.Now.AddMinutes(10), signingCredentials: creds ); response.accessToken = new JwtSecurityTokenHandler().WriteToken(token); response.refreshToken = Guid.NewGuid(); con.Open(); com.CommandText = "UPDATE Student SET refToken=@refToken WHERE IndexNumber=@login"; com.Parameters.AddWithValue("login", login); com.Parameters.AddWithValue("refToken", response.refreshToken); com.ExecuteNonQuery(); con.Close(); } return(response); }