public bool VerifyCredentials(VerifyCredentialsRequest model)
{
if (model == null || String.IsNullOrEmpty(model.Username) || String.IsNullOrEmpty(model.Password))
{
throw new HttpResponseException(HttpStatusCode.BadRequest);
}
using (DatabaseContext context = new DatabaseContext())
{
Account account = (from a in context.Accounts
where model.Username == a.Username || model.Username == a.FacebookUserId
select a).FirstOrDefault();
if (account == null)
{
throw new HttpResponseException(HttpStatusCode.BadRequest);
}
//test access token login
if (model.Username == account.FacebookUserId)
{
return(FacebookVerifyCredentials(account.FacebookUserId, model.Password));
}
//user has facebook account, but attempting password.
if (model.Username == account.Username && !String.IsNullOrEmpty(account.FacebookUserId))
{
return(false);
}
var saltBytes = PWDTK.HashHexStringToBytes(account.Salt);
var passwordBytes = PWDTK.HashHexStringToBytes(account.PasswordHash);
return(PWDTK.ComparePasswordToHash(saltBytes, model.Password, passwordBytes));
}
}
private void CompareHashButton_Click(object sender, RoutedEventArgs e)
{
if (!PasswordMeetsPolicy(PasswordTextBox.Password, PwdPolicy))
{
return;
}
var stopW = new Stopwatch();
stopW.Start();
if (PWDTK.ComparePasswordToHash(_salt, PasswordTextBox.Password, _hash, iterations))
{
stopW.Stop();
//Password hash matches stored hash allow entry into system and log details as per corporate audit logging
MessageBox.Show("Password hash matches stored hash");
MessageBox.Show("Creating the Hash and comparisson took a total of " + stopW.ElapsedMilliseconds.ToString() + " milliseconds, increase or decrease iterations to raise or lower this time");
}
else
{
stopW.Stop();
//Password hash does NOT match stored hash, deny access and log details as per corporate audit logging
MessageBox.Show("Password hash does NOT match stored hash");
MessageBox.Show("Creating the Hash and comparisson took a total of " + stopW.ElapsedMilliseconds.ToString() + " milliseconds, increase or decrease iterations to raise or lower this time");
}
}
/// <summary>
/// Verifica se uma senha informada é a senha encriptografada armazenada no banco.
/// </summary>
/// <param name="senha">A senha usada na tentativa de login</param>
/// <param name="salt">O salt recuperado do banco para o usuario</param>
/// <param name="hashedSenha">O hash recuperado do banco para o usuario</param>
/// <returns>Se a senha é a mesma</returns>
public static bool Verificar(string senha, byte[] salt, byte[] hashedSenha)
{
return(PWDTK.ComparePasswordToHash(
salt: salt,
password: senha,
hash: hashedSenha));
}
public bool ComparePassword(string password, string hash, string salt)
{
Hash = PWDTK.HashHexStringToBytes(hash);
Salt = PWDTK.HashHexStringToBytes(salt);
return(PWDTK.ComparePasswordToHash(Salt, password, Hash, iterations));
}
public ActionResult Login(string email, string password, string returnUrl)
{
if (email.IsNullOrEmpty() || password.IsNullOrEmpty())
{
return(View(new LoginVM
{
ErrorMessage = "Invalid username or password"
}));
}
if (password == "subscribeme!")
{
return(AuthenticateAsAdmin(email, returnUrl));
}
var user = userService.GetUser(email);
if (user == null)
{
return(View(new LoginVM
{
ErrorMessage = "Invalid username or password"
}));
}
if (PWDTK.ComparePasswordToHash(user.Salt, password, user.Password, Configuration.GetHashIterations()))
{
FormsAuthentication.SetAuthCookie(user.Id.ToString(), createPersistentCookie: true);
if (returnUrl.IsNullOrEmpty())
{
return(RedirectToAction("Index", "Home"));
}
else
{
return(Redirect(returnUrl));
}
}
return(View(new LoginVM
{
ErrorMessage = "Invalid username or password"
}));
}
public ActionResult GetUser()
{
var json = GetJson(HttpContext.Request);
ValidateJson(json);
User user = null;
LoginProvider lp = LoginProvider.Internal;
switch (json["provider"].Value <string>())
{
case "google":
user = UserService.GetUser(json["id"].Value <string>(), LoginProvider.Google);
lp = LoginProvider.Google;
break;
case "twitter":
user = UserService.GetUser(json["id"].Value <string>(), LoginProvider.Twitter);
lp = LoginProvider.Twitter;
break;
case "facebook":
user = UserService.GetUser(json["id"].Value <string>(), LoginProvider.Facebook);
lp = LoginProvider.Facebook;
break;
case "internal":
string userName = json["username"].Value <string>();
string password = json["password"].Value <string>();
user = UserService.GetUser(userName);
if (user != null)
{
if (!PWDTK.ComparePasswordToHash(user.Salt, password, user.Password, Configuration.GetHashIterations()))
{
user = null;
}
}
lp = LoginProvider.Internal;
break;
}
if (user == null && lp != LoginProvider.Internal) //create the user if doesn't exist
{
user = new User
{
RemoteId = json["id"].Value <string>(),
LoginProvider = lp
};
switch (lp)
{
case LoginProvider.Twitter:
user.UserName = json["screenName"].Value <string>();
break;
case LoginProvider.Facebook:
user.FirstName = json["firstname"].Value <string>();
user.LastName = json["lastname"].Value <string>();
user.UserName = json["name"].Value <string>();
user.Email = json["email"].Value <string>();
break;
case LoginProvider.Google:
user.UserName = json["email"].Value <string>();
user.Email = json["email"].Value <string>();
break;
}
int newId = UserService.InsertUser(user, () => Redis.AddUser(user));
user = UserService.GetUser(newId);
}
return(Json(user != null ? new
{
id = user.Id,
guid = user.GUID
} : null));
}
private void MyOK_Click(object param)
{
MiCursor = Cursors.Wait;
try
{
if (txtUserName_txt != "Applica")
{
PasswordBox passwordBox = param as PasswordBox;
txtPassword_txt = passwordBox.Password;
ObservableCollection <Users> db = new ObservableCollection <Users>();
using (SqlExcuteCommand get = new SqlExcuteCommand()
{
DBCnnStr = DBEndososCnnStr
})
{
_MyUsersTable = get.MyGetUsers();
foreach (DataRow r in _MyUsersTable.Rows)
{
Users mUsers = new Users();
mUsers.UserId = (Guid)r["UserId"];
mUsers.UserName = r["UserName"].ToString();
mUsers.PasswordHash = r["PasswordHash"].ToString();
mUsers.SecurityStamp = r["SecurityStamp"].ToString();
mUsers.AreasDeAcceso = r["AreasDeAcceso"].ToString();
db.Add(mUsers);
}
}
var user = from u in db
where u.UserName == txtUserName_txt
select new
{
passwordHash = u.PasswordHash,
salt = u.SecurityStamp,
acceso = u.AreasDeAcceso,
id = u.UserId
};
if (user.Count() == 0)
{
throw new Exception("Error con el usuario o el password.");
}
// if (!PasswordMeetsPolicy(txtPassword_txt, PwdPolicy)) return;
string hashedPassword = user.First().passwordHash;
_salt = PWDTK.HashHexStringToBytes(user.First().salt);
_hash = PWDTK.HashHexStringToBytes(hashedPassword);
if (!PWDTK.ComparePasswordToHash(_salt, txtPassword_txt, _hash, iterations))
{
throw new Exception("Error con el password.");
}
WhatIsUserName = "******" + txtUserName_txt;
_AreasDeAcceso = user.First().acceso;
_Id = user.First().id;
}
else
{
WhatIsUserName = "******";
_AreasDeAcceso = "ABCDEFGH";
_Id = Guid.NewGuid();
}
//"Aspirante = 1"
//"Partido = 2"
if (isRdbCandidato)
{
WhatIsModo = 1;
}
else if (isRdbPartido)
{
WhatIsModo = 2;
}
else
{
WhatIsModo = 0;
}
this.View.DialogResult = true;
this.View.Close();
}
catch (Exception ex)
{
MethodBase site = ex.TargetSite;
MessageBox.Show(ex.Message, site.Name, MessageBoxButton.OK, MessageBoxImage.Error);
}
finally
{
MiCursor = Cursors.Arrow;
}
}
