public void UpdatePassword(string unencryptedPassword) { SHA1HashUtility passwordHashUtility = new SHA1HashUtility(); this.PasswordHash = passwordHashUtility.HashPassword(unencryptedPassword); this.PasswordSalt = Convert.ToBase64String(passwordHashUtility.Salt); }
/// <summary> /// Logon a user by the username and password /// </summary> /// <param name="userName">The username</param> /// <param name="password">The unencrypted password</param> /// <returns>The user if one is found to match</returns> public AMFUserLogin LogonUser(string userName, string password, string loginSource) { AMFUserLogin retVal = null; AMFUserLogin targetUser = this.UserRepository.GetByEmail(userName); if (targetUser != null && targetUser.UserStatus == UserStatus.Active) { byte[] passwordSalt = Convert.FromBase64String(targetUser.PasswordSalt); if (SHA1HashUtility.ValidatePassword(password, targetUser.PasswordHash, passwordSalt, AMFUserLogin.SaltIterations) == true) { retVal = targetUser; } } if (retVal == null) { this.AddLoginAttempt(false, loginSource, userName, targetUser); } else { this.AddLoginAttempt(true, loginSource, userName, targetUser); } return(retVal); }