Пример #1
        //this method will get the user details from the database based on the basis of the given username.
        //The given password will be matched with the retrieved password to see if the credentials are valid or not.
        public bool ValidateLoginCredentials(string userName, string password, bool validate, out DataSet userDetails)
            bool valid = false;

            byte[] origHashedPasswordInBytes = new byte[1];
            string origDecryptedPassword     = string.Empty;
            string userId      = string.Empty;
            string createdDate = string.Empty;

            byte[] vector;
            byte[] iVector    = new byte[1];
            byte[] hashedPass = new byte[1];

            //get the user details
            Users user = new Users();

            userDetails = user.GetLoginUserDetails(userName);

            if (userDetails != null && userDetails.Tables.Count > 0 && userDetails.Tables[0].Rows.Count > 0)
                //get the original password.. only if need to validate
                if (validate)
                    origHashedPasswordInBytes = (byte[])userDetails.Tables[0].Rows[0]["PasswordBytes"];
                userId      = userDetails.Tables[0].Rows[0]["UserId"].ToString();
                createdDate = Convert.ToDateTime(userDetails.Tables[0].Rows[0]["CreatedDate"].ToString()).ToString("MMddyyyy");

            //create the Vector
            string[] vectorFiller = { "@", "A", "B", "2", "c", "i", "3", "E" };//this constant will be used to fill the vector if the length is less than 16
            string   vectorString = createdDate.Substring(0, 4) + userId + createdDate.Substring(4, 4);
            int      vectorLength = vectorString.Length;

            //making sure that the vector string is exactly of 16 characters
            if (vectorLength < 16)
                //if the length is less than 16, append the remaining characters from the constant
                for (int i = 0; i < (16 - vectorLength); i++)
                    vectorString = vectorString + vectorFiller[i];
            else if (vectorLength > 16)
                //if the length is more than 16, truncate the extra characters
                vectorString = vectorString.Substring(0, 16);

            //vector =  EncDecWithAES.GetBytes(createdDate.Substring(0, 4) + userId + createdDate.Substring(4, 4));
            vector = Encoding.ASCII.GetBytes(vectorString);
            //vector = createdDate.Substring(0, 4) + "@AB2cd3E" + createdDate.Substring(4, 4);
            iVector = vector;

            //validate only if needed, else return true by default. We use this method for various functionalities.
            if (validate)
                //validate the password
                //decrypt the original password
                origDecryptedPassword = EncDecWithAES.Decrypt(origHashedPasswordInBytes, vector);

                valid = PasswordHash.ValidatePassword(password, origDecryptedPassword);

                hashedPass = EncDecWithAES.Encrypt(PasswordHash.CreatePasswordHashFromOriginal(password, origDecryptedPassword), vector);
                valid = true;
