public async Task <UserData> GetUserWithPasswordAsync( string userName, string password, CancellationToken cancellationToken) { FileUserData user = await GetUserAsync(userName, cancellationToken); if (user == null) { return(null); } byte[] hash = CalculateHash(user.Salt, password, user.Algorithm, user.Iterations); if (hash.Length != user.Hash.Length) { return(null); } if (!ConstantTimeEquals(hash, 0, user.Hash, 0, hash.Length)) { return(null); } return(new UserData(userName)); }
private async Task <FileUserData> GetUserAsync(string username, CancellationToken token) { using (FileStream stream = File.Open(_settings.UserPasswordFile, FileMode.Open, FileAccess.Read, FileShare.Read)) using (var reader = new StreamReader(stream)) { string line = null; while (await reader.TryReadLineAsync(l => line = l, token)) { string[] parts = line.Split(':'); if (parts.Length != 2) { continue; } if (!parts[1].StartsWith('{')) { continue; } int endAlgIndex = parts[1].IndexOf('}'); if (endAlgIndex == -1) { continue; } if (parts[0] == username) { string alg = parts[1].Substring(1, endAlgIndex - 1); string pwdData = parts[1].Substring(endAlgIndex + 1); var fileUserData = new FileUserData { Name = username, Algorithm = alg, }; SplitHashAndSalt( fileUserData.Algorithm, pwdData, out fileUserData.Hash, out fileUserData.Salt, out fileUserData.Iterations); if (fileUserData.Hash == null) { return(null); } return(fileUserData); } } } return(null); }