protected void Page_Load(object sender, EventArgs e) { if (!this.IsPostBack) { bool defaultPassword = this.IsDefaultFormsAuthPassword(); if (defaultPassword) { this.Login1.Visible = false; this.changePassword.Focus(); } else { this.changePassword.Visible = false; AuthenticationSection authenticationSection = this.GetFormsAuthConfig(); FormsAuthenticationUserCollection users = authenticationSection.Forms.Credentials.Users; if (users.Count > 0) { this.Login1.UserName = users[0].Name; } this.Login1.Focus(); } } }
protected FormsAuthenticationUserCollection getUsers() { if (_users == null) { AuthenticationSection section = getAuthenticationSection(); FormsAuthenticationCredentials creds = section.Forms.Credentials; _users = section.Forms.Credentials.Users; } return(_users); }
private static bool InternalAuthenticate(string name, string password) { AuthenticationSection authentication; string str; string str2; if ((name != null) && (password != null)) { Initialize(); authentication = RuntimeConfig.GetAppConfig().Authentication; authentication.ValidateAuthenticationMode(); FormsAuthenticationUserCollection users = authentication.Forms.Credentials.Users; if (users == null) { return(false); } FormsAuthenticationUser user = users[name.ToLower(CultureInfo.InvariantCulture)]; if (user == null) { return(false); } str = user.Password; if (str == null) { return(false); } switch (authentication.Forms.Credentials.PasswordFormat) { case FormsAuthPasswordFormat.Clear: str2 = password; goto Label_00A3; case FormsAuthPasswordFormat.SHA1: str2 = HashPasswordForStoringInConfigFile(password, "sha1"); goto Label_00A3; case FormsAuthPasswordFormat.MD5: str2 = HashPasswordForStoringInConfigFile(password, "md5"); goto Label_00A3; } } return(false); Label_00A3: return(string.Compare(str2, str, (authentication.Forms.Credentials.PasswordFormat != FormsAuthPasswordFormat.Clear) ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal) == 0); }
private bool IsDefaultFormsAuthPassword() { AuthenticationSection authenticationSection = this.GetFormsAuthConfig(); if (authenticationSection.Forms.Credentials.PasswordFormat != FormsAuthPasswordFormat.Clear) { return(false); } FormsAuthenticationUserCollection users = authenticationSection.Forms.Credentials.Users; if (users.Count != 1 || users[0].Name != "admin") { return(false); } string password = users[0].Password; return(password == "1234567"); }
public static void Main() { // <Snippet1> // Get the Web application configuration. System.Configuration.Configuration configuration = WebConfigurationManager.OpenWebConfiguration( "/aspnet"); // Get the section. AuthenticationSection authenticationSection = (AuthenticationSection)configuration.GetSection( "system.web/authentication"); // Get the users collection. FormsAuthenticationUserCollection formsAuthenticationUsers = authenticationSection.Forms.Credentials.Users; // </Snippet1> // <Snippet2> // </Snippet2> // <Snippet3> // Define the user name. string name = "userName"; // Define the encrypted password. string password = "******"; // Create a new FormsAuthenticationUser object. FormsAuthenticationUser newformsAuthenticationUser = new FormsAuthenticationUser(name, password); // </Snippet3> // <Snippet4> // Using the Password property. // Get current password. string currentPassword = formsAuthenticationUsers[0].Password; // Set a SHA1 encrypted password. // This example uses the SHA1 algorithm. // Due to collision problems with SHA1, Microsoft recommends SHA256 or better. formsAuthenticationUsers[0].Password = "******"; // </Snippet4> // <Snippet5> // Using the Name property. // Get current name. string currentName = formsAuthenticationUsers[0].Name; // Set a new name. formsAuthenticationUsers[0].Name = "userName"; // </Snippet5> }
public static void Main() { // <Snippet1> // Get the Web application configuration. System.Configuration.Configuration configuration = WebConfigurationManager.OpenWebConfiguration("/aspnetTest"); // Get the authentication section. AuthenticationSection authenticationSection = (AuthenticationSection)configuration.GetSection( "system.web/authentication"); // Get the forms credentials collection . FormsAuthenticationCredentials formsAuthenticationCredentials = authenticationSection.Forms.Credentials; // </Snippet1> // <Snippet2> // Create a new FormsAuthenticationCredentials object. FormsAuthenticationCredentials newformsAuthenticationCredentials = new FormsAuthenticationCredentials(); // </Snippet2> // <Snippet3> // Get the current PasswordFormat property value. FormsAuthPasswordFormat currentPasswordFormat = formsAuthenticationCredentials.PasswordFormat; // Set the PasswordFormat property value. formsAuthenticationCredentials.PasswordFormat = FormsAuthPasswordFormat.SHA1; // </Snippet3> // <Snippet4> // Create a new FormsAuthenticationUserCollection object. FormsAuthenticationUserCollection newformsAuthenticationUser = new FormsAuthenticationUserCollection(); // </Snippet4> // <Snippet5> // Display all credentials collection elements. StringBuilder credentials = new StringBuilder(); for (System.Int32 i = 0; i < formsAuthenticationCredentials.Users.Count; i++) { credentials.Append("User: "******"Password: "******"5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8"; // Define the user name. string userName = "******"; // Create the new user. FormsAuthenticationUser currentUser = new FormsAuthenticationUser(userName, password); // Execute the Add method. formsAuthenticationCredentials.Users.Add(currentUser); // Update if not locked if (!authenticationSection.SectionInformation.IsLocked) { configuration.Save(); } // </Snippet6> // <Snippet7> // Using method Clear. formsAuthenticationCredentials.Users.Clear(); // Update if not locked if (!authenticationSection.SectionInformation.IsLocked) { configuration.Save(); } // </Snippet7> // <Snippet9> // Using method Remove. // Execute the Remove method. formsAuthenticationCredentials.Users.Remove("userName"); // Update if not locked if (!authenticationSection.SectionInformation.IsLocked) { configuration.Save(); } // </Snippet9> // <Snippet10> // Using method RemoveAt. formsAuthenticationCredentials.Users.RemoveAt(0); if (!authenticationSection.SectionInformation.IsLocked) { configuration.Save(); } // </Snippet10> // <Snippet11> // Using method Set. // Define the SHA1 encrypted password. string newPassword = "******"; // Define the user name. string currentUserName = "******"; // Create the new user. FormsAuthenticationUser theUser = new FormsAuthenticationUser(currentUserName, newPassword); formsAuthenticationCredentials.Users.Set(theUser); if (!authenticationSection.SectionInformation.IsLocked) { configuration.Save(); } // </Snippet11> // <Snippet12> // Get the user with the specified name. FormsAuthenticationUser storedUser = formsAuthenticationCredentials.Users.Get("userName"); // </Snippet12> // <Snippet13> // Get the user at the specified index. FormsAuthenticationUser storedUser2 = formsAuthenticationCredentials.Users.Get(0); // </Snippet13> // <Snippet14> // Get the key at the specified index. string thisKey = formsAuthenticationCredentials.Users.GetKey(0).ToString(); // </Snippet14> // <Snippet15> // Get the user element at the specified index. FormsAuthenticationUser storedUser3 = formsAuthenticationCredentials.Users[0]; // </Snippet15> // <Snippet16> // Get the user element with the specified name. FormsAuthenticationUser storedUser4 = formsAuthenticationCredentials.Users["userName"]; // </Snippet16> // <Snippet17> // Get the collection keys. object [] keys = formsAuthenticationCredentials.Users.AllKeys; // </Snippet17> }
private static bool InternalAuthenticate(String name, String password) { ////////////////////////////////////////////////////////////////////// // Step 1: Make sure we are initialized if (name == null || password == null) { return(false); } Initialize(); ////////////////////////////////////////////////////////////////////// // Step 2: Get the user database AuthenticationSection settings = RuntimeConfig.GetAppConfig().Authentication; settings.ValidateAuthenticationMode(); FormsAuthenticationUserCollection Users = settings.Forms.Credentials.Users; // Hashtable hTable = settings.Credentials; if (Users == null) { return(false); } ////////////////////////////////////////////////////////////////////// // Step 3: Get the (hashed) password for this user FormsAuthenticationUser u = Users[name.ToLower(CultureInfo.InvariantCulture)]; if (u == null) { return(false); } String pass = (String)u.Password; if (pass == null) { return(false); } ////////////////////////////////////////////////////////////////////// // Step 4: Hash the given password String encPassword; #pragma warning disable 618 // HashPasswordForStorignInConfigFile is now obsolete switch (settings.Forms.Credentials.PasswordFormat) { case FormsAuthPasswordFormat.SHA256: encPassword = HashPasswordForStoringInConfigFile(password, "sha256"); break; case FormsAuthPasswordFormat.SHA384: encPassword = HashPasswordForStoringInConfigFile(password, "sha384"); break; case FormsAuthPasswordFormat.SHA512: encPassword = HashPasswordForStoringInConfigFile(password, "sha512"); break; case FormsAuthPasswordFormat.SHA1: encPassword = HashPasswordForStoringInConfigFile(password, "sha1"); break; case FormsAuthPasswordFormat.MD5: encPassword = HashPasswordForStoringInConfigFile(password, "md5"); break; case FormsAuthPasswordFormat.Clear: encPassword = password; break; default: return(false); } #pragma warning restore 618 ////////////////////////////////////////////////////////////////////// // Step 5: Compare the hashes return(String.Compare(encPassword, pass, ((settings.Forms.Credentials.PasswordFormat != FormsAuthPasswordFormat.Clear) ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal)) == 0); }