/// <summary> /// Returns true if user is valid in the database /// </summary> /// <param name="userName"></param> /// <param name="password"></param> /// <returns></returns> public bool AuthenticateUser(string userName, string password) { bool ValidUser = false; DataSet ds = this.GetActiveUsersForUserName(userName); if (ds.Tables[0].Rows.Count > 0) { // Instantiate the Decryptor object KeyDecryptor Dec = new KeyDecryptor(this.Algorithm); // Get the password key string StoredKey = this.GetPasswordKey(); byte[] Key = Convert.FromBase64String(StoredKey); // Decrypt the password stored in the database and compare it to the given password string Base64IV = ds.Tables[0].Rows[0]["IV"].ToString(); string Base64Password = ds.Tables[0].Rows[0]["Password"].ToString(); Dec.IV = Convert.FromBase64String(Base64IV); byte[] CipherText = Convert.FromBase64String(Base64Password); byte[] PlainText = Dec.Decrypt(CipherText, Key); if (Encoding.ASCII.GetString(PlainText) == password) { ValidUser = true; } } return(ValidUser); }
/// <summary> /// Decrypt the given password with the given initialization vector /// </summary> /// <param name="password"></param> /// <param name="iv"></param> /// <returns></returns> public string DecryptPassword(string password, string iv) { // Instantiate the Decryptor object KeyDecryptor Dec = new KeyDecryptor(this.Algorithm); // Get the password key string StoredKey = this.GetPasswordKey(); byte[] Key = Convert.FromBase64String(StoredKey); // Decrypt the password Dec.IV = Convert.FromBase64String(iv); byte[] CipherText = Convert.FromBase64String(password); byte[] PlainText = Dec.Decrypt(CipherText, Key); return(Encoding.ASCII.GetString(PlainText)); }