public void PasswordHash_Encode()
{
var hashes = new[]
{
PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt1")),
PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt2")),
PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt1")),
PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt2")),
PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt1")),
PasswordHashProvider.EncodePassword("Password1", new TestPasswordSaltProvider("Salt2")),
PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt1")),
PasswordHashProvider.EncodePassword("Password2", new TestPasswordSaltProvider("Salt2")),
};
Assert.AreNotEqual(hashes[0], hashes[1]); // same password, different salt
Assert.AreNotEqual(hashes[0], hashes[2]); // different password, same salt
Assert.AreNotEqual(hashes[0], hashes[3]); // different password, different salt
for (int i = 0; i < 4; i++)
{
Assert.AreNotEqual(hashes[i], hashes[i + 4]); // not equal even if created by same params.
}
Assert.IsTrue(PasswordHashProvider.CheckPassword("Password1", hashes[0], new TestPasswordSaltProvider("Salt1")));
Assert.IsTrue(PasswordHashProvider.CheckPassword("Password1", hashes[1], new TestPasswordSaltProvider("Salt2")));
Assert.IsTrue(PasswordHashProvider.CheckPassword("Password2", hashes[2], new TestPasswordSaltProvider("Salt1")));
Assert.IsTrue(PasswordHashProvider.CheckPassword("Password2", hashes[3], new TestPasswordSaltProvider("Salt2")));
}
void link_Click(object sender, EventArgs e)
{
var link = sender as LinkButton;
if (link == null)
{
return;
}
var fullUserName = link.CommandArgument;
if (string.IsNullOrEmpty(fullUserName))
{
return;
}
var slashIndex = fullUserName.IndexOf('\\');
var domain = fullUserName.Substring(0, slashIndex);
var username = fullUserName.Substring(slashIndex + 1);
IUser user;
// Elevation: we need to have the user content in hand
// regardless of the current users permissions (she is
// a Visitor right now, before logging in).
using (new SystemAccount())
{
user = User.Load(domain, username);
}
if (user == null)
{
return;
}
var password = _demoPasswords[user.Name.ToLower()];
if (!PasswordHashProvider.CheckPassword(password, user.PasswordHash, (IPasswordSaltProvider)user))
{
return;
}
FormsAuthentication.SetAuthCookie(user.Username, false);
var originalUrl = PortalContext.GetLoginOriginalUrl();
if (String.IsNullOrEmpty(originalUrl))
{
originalUrl = Request.RawUrl;
}
Response.Redirect(originalUrl);
}
public bool CheckPasswordMatch(string passwordInClearText)
{
var match = false;
try
{
// Check with the configured provider.
match = PasswordHashProvider.CheckPassword(passwordInClearText, this.PasswordHash, this);
}
catch (SaltParseException)
{
// Keep 'match = false' and do not do other thing.
}
// If the migration is not enabled, shorting: return with the result.
if (!Configuration.Security.EnablePasswordHashMigration)
{
return(match);
}
// If password was matched the migration is not needed.
if (match)
{
return(true);
}
// Not match and migration is enabled.
// Check with the outdated provider
if (!PasswordHashProvider.CheckPasswordForMigration(passwordInClearText, this.PasswordHash, this))
{
// If does not match, game over.
return(false);
}
// Migration: generating a new hash with the configured provider and salt.
this.PasswordHash = PasswordHashProvider.EncodePassword(passwordInClearText, this);
using (new SystemAccount())
Save(SavingMode.KeepVersion);
return(true);
}