private string UnEncodePassword(string pass, System.Web.Security.MembershipPasswordFormat passwordFormat) { switch (passwordFormat) { case System.Web.Security.MembershipPasswordFormat.Clear: return(pass); case System.Web.Security.MembershipPasswordFormat.Hashed: throw new ProviderException("Provider 不能解密哈希加密的密码。"); } byte[] buffer = this.DecryptPassword(Convert.FromBase64String(pass)); if (buffer == null) { return(null); } return(System.Text.Encoding.Unicode.GetString(buffer, 16, buffer.Length - 16)); }
private void GetPasswordWithFormat(string username, bool updateLastLoginActivityDate, out int status, out string password, out string passwordSalt, out int failedPasswordAttemptCount, out int failedPasswordAnswerAttemptCount, out DateTime lastActivityDate, out DateTime lastLoginDate) { User user = new UserService().GetUser(username); if (user != null && user.MemberShip != null) { if (updateLastLoginActivityDate) { user.MemberShip.LastActivityDate = DateTime.UtcNow; user.MemberShip.LastLoginDate = DateTime.UtcNow; new UserService().UpdateUser(user); } password = user.MemberShip.Password; passwordSalt = user.MemberShip.PasswordSalt; failedPasswordAttemptCount = user.MemberShip.PasswordFailuresSinceLastSuccess; failedPasswordAnswerAttemptCount = user.MemberShip.AnswerFailureCount; lastLoginDate = user.MemberShip.LastLoginDate; lastActivityDate = user.MemberShip.LastActivityDate; status = 0; } else { password = null; passwordFormat = System.Web.Security.MembershipPasswordFormat.Clear; passwordSalt = null; failedPasswordAttemptCount = 0; failedPasswordAnswerAttemptCount = 0; lastLoginDate = DateTime.UtcNow; lastActivityDate = DateTime.UtcNow; status = 1; } }
/// <summary> /// 使用 ASP.NET 应用程序配置文件中指定的属性值初始化成员资格提供程序。 /// 此方法不应从代码直接使用。 /// </summary> /// <param name="name">要初始化的 ExtendedMembershipProvider 实例的名称。</param> /// <param name="config"> /// 一个 NameValueCollection,其中包含成员资格提供程序配置选项的值和名称。 /// </param> public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config) { if (config == null) { throw new ArgumentNullException("config"); } if (String.IsNullOrEmpty(name)) { name = "AHMembershipProvider"; } if (String.IsNullOrEmpty(config["description"])) { config.Remove("description"); config.Add("description", "AHCMS.Framework.Security Membership Provider"); } base.Initialize(name, config); this.enablePasswordRetrieval = SecUtility.GetBooleanValue( config, "enablePasswordRetrieval", false); this.enablePasswordReset = SecUtility.GetBooleanValue( config, "enablePasswordReset", true); this.requiresQuestionAndAnswer = SecUtility.GetBooleanValue( config, "requiresQuestionAndAnswer", true); this.requiresUniqueEmail = SecUtility.GetBooleanValue( config, "requiresUniqueEmail", true); this.maxInvalidPasswordAttempts = SecUtility.GetIntValue( config, "maxInvalidPasswordAttempts", 5, false, 0); this.passwordAttemptWindow = SecUtility.GetIntValue( config, "passwordAttemptWindow", 10, false, 0); this.minRequiredPasswordLength = SecUtility.GetIntValue( config, "minRequiredPasswordLength", 7, false, 128); this.minRequiredNonAlphanumericCharacters = SecUtility.GetIntValue( config, "minRequiredNonalphanumericCharacters", 1, true, 128); this.passwordStrengthRegularExpression = config["passwordStrengthRegularExpression"]; if (this.passwordStrengthRegularExpression != null) { this.passwordStrengthRegularExpression = this.passwordStrengthRegularExpression.Trim(); if (this.passwordStrengthRegularExpression.Length != 0) { try { new Regex(this.passwordStrengthRegularExpression); } catch (ArgumentException e) { throw new ProviderException(e.Message, e); } } } else { this.passwordStrengthRegularExpression = String.Empty; } string strTemp = config["passwordFormat"]; if (strTemp == null) { strTemp = "Hashed"; } switch (strTemp) { case "Clear": this.passwordFormat = System.Web.Security.MembershipPasswordFormat.Clear; break; case "Encrypted": this.passwordFormat = System.Web.Security.MembershipPasswordFormat.Encrypted; break; case "Hashed": this.passwordFormat = System.Web.Security.MembershipPasswordFormat.Hashed; break; default: throw new ProviderException("Bad password format."); } if (this.passwordFormat == System.Web.Security.MembershipPasswordFormat.Hashed && this.enablePasswordRetrieval) { throw new ProviderException("Provider cannot retrieve hashed password."); } config.Remove("repository"); config.Remove("applicationName"); config.Remove("enablePasswordRetrieval"); config.Remove("enablePasswordReset"); config.Remove("requiresQuestionAndAnswer"); config.Remove("requiresUniqueEmail"); config.Remove("maxInvalidPasswordAttempts"); config.Remove("passwordAttemptWindow"); config.Remove("passwordFormat"); config.Remove("name"); config.Remove("description"); config.Remove("minRequiredPasswordLength"); config.Remove("minRequiredNonalphanumericCharacters"); config.Remove("passwordStrengthRegularExpression"); if (config.Count > 0) { string attribUnrecognized = config.GetKey(0); if (!String.IsNullOrEmpty(attribUnrecognized)) { throw new ProviderException( "Provider unrecognized attribute: " + attribUnrecognized); } } }
public IUserMapper <TUser> PasswordFormat(TUser user, System.Web.Security.MembershipPasswordFormat value) { Set(user, UserColumnType.PasswordFormat, value); return(this); }
/// <summary> /// 加密密码 /// </summary> /// <param name="pass">密码</param> /// <param name="passwordFormat">加密方式</param> /// <param name="salt">加密字符串</param> /// <returns></returns> private string EncodePassword(string pass, System.Web.Security.MembershipPasswordFormat passwordFormat, string salt) { if (passwordFormat == System.Web.Security.MembershipPasswordFormat.Clear) { return(pass); } byte[] bIn = System.Text.Encoding.Unicode.GetBytes(pass); byte[] bSalt = Convert.FromBase64String(salt); byte[] bRet = null; if (passwordFormat == System.Web.Security.MembershipPasswordFormat.Hashed) { System.Security.Cryptography.HashAlgorithm hashAlgorithm = this.GetHashAlgorithm(); if (hashAlgorithm is System.Security.Cryptography.KeyedHashAlgorithm) { System.Security.Cryptography.KeyedHashAlgorithm keyedHashAlgorithm = (System.Security.Cryptography.KeyedHashAlgorithm)hashAlgorithm; if (keyedHashAlgorithm.Key.Length == bSalt.Length) { keyedHashAlgorithm.Key = bSalt; } else { if (keyedHashAlgorithm.Key.Length < bSalt.Length) { byte[] bKey = new byte[keyedHashAlgorithm.Key.Length]; Buffer.BlockCopy(bSalt, 0, bKey, 0, bKey.Length); keyedHashAlgorithm.Key = bKey; } else { byte[] bKey = new byte[keyedHashAlgorithm.Key.Length]; int num; for (int i = 0; i < bKey.Length; i += num) { num = Math.Min(bSalt.Length, bKey.Length - i); Buffer.BlockCopy(bSalt, 0, bKey, i, num); } keyedHashAlgorithm.Key = bKey; } } bRet = keyedHashAlgorithm.ComputeHash(bIn); } else { byte[] bAll = new byte[bSalt.Length + bIn.Length]; Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length); Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length); bRet = hashAlgorithm.ComputeHash(bAll); } } else //System.Web.Security.MembershipPasswordFormat.Encrypted { byte[] bAll = new byte[bSalt.Length + bIn.Length]; Buffer.BlockCopy(bSalt, 0, bAll, 0, bSalt.Length); Buffer.BlockCopy(bIn, 0, bAll, bSalt.Length, bIn.Length); bRet = this.EncryptPassword(bAll); } return(Convert.ToBase64String(bRet)); }
public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config) { if (config == null) throw new ArgumentNullException("config"); if (name == null || name.Length == 0) name = "EucalyptoMembershipProvider"; base.Initialize(name, config); this.mProviderName = name; this.mApplicationName = ExtractConfigValue(config, "applicationName", ConnectionParameters.DEFAULT_APP); //System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath this.mEnablePasswordReset = bool.Parse(ExtractConfigValue(config, "enablePasswordReset", "true")); this.mEnablePasswordRetrieval = false; //bool.Parse(GetConfigValue(config["enablePasswordRetrieval"], "false")); this.mMaxInvalidPasswordAttempts = int.Parse(ExtractConfigValue(config, "maxInvalidPasswordAttempts", "5")); this.mMinRequiredNonAlphanumericCharacters = int.Parse(ExtractConfigValue(config, "minRequiredNonAlphanumericCharacters", "1")); this.mMinRequiredPasswordLength = int.Parse(ExtractConfigValue(config, "minRequiredPasswordLength", "7")); this.mPasswordAttemptWindow = int.Parse(ExtractConfigValue(config, "passwordAttemptWindow", "10")); this.mPasswordFormat = MembershipPasswordFormat.Hashed; //Enum.Parse(typeof(MembershipPasswordFormat), GetConfigValue(config["passwordFormat"], "Hashed")); this.mPasswordStrengthRegularExpression = ExtractConfigValue(config, "passwordStrengthRegularExpression", ""); this.mRequiresQuestionAndAnswer = bool.Parse(ExtractConfigValue(config, "requiresQuestionAndAnswer", "false")); this.mRequiresUniqueEmail = bool.Parse(ExtractConfigValue(config, "requiresUniqueEmail", "true")); string connName = ExtractConfigValue(config, "connectionStringName", null); mConfiguration = ConfigurationHelper.Create(connName); // Throw an exception if unrecognized attributes remain if (config.Count > 0) { string attr = config.GetKey(0); if (!String.IsNullOrEmpty(attr)) throw new System.Configuration.Provider.ProviderException("Unrecognized attribute: " + attr); } }
/// <summary> /// Initializes the provider. /// </summary> /// <param name="config">A collection of the name/value pairs representing the provider-specific /// attributes specified in the configuration for this provider.</param> /// <param name="name">The friendly name of the provider.</param> /// <exception cref="ArgumentNullException">The name of the provider is null.</exception> /// <exception cref="InvalidOperationException">An attempt is made to call <see cref="Initialize(System.String,System.Collections.Specialized.NameValueCollection)"></see> on a provider after the provider has already been initialized.</exception> /// <exception cref="ArgumentException">The name of the provider has a length of zero.</exception> public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config) { // Initialize values from Web.config. if (null == config) { throw (new ArgumentNullException("config")); } if (string.IsNullOrEmpty(name)) { name = "NHibernateMembershipProvider"; } if (string.IsNullOrEmpty(config["description"])) { config.Remove("description"); config.Add("description", "NHibernate Membership Provider"); } // Call the base class implementation. base.Initialize(name, config); // Load configuration data. string appName = GetConfigValue(config["applicationName"], HostingEnvironment.ApplicationVirtualPath); Application = ApplicationManager.FetchApplication(appName, config["description"]); requiresQuestionAndAnswer = Convert.ToBoolean(GetConfigValue(config["requiresQuestionAndAnswer"], "False")); requiresUniqueEmail = Convert.ToBoolean(GetConfigValue(config["requiresUniqueEmail"], "True")); enablePasswordRetrieval = Convert.ToBoolean(GetConfigValue(config["enablePasswordRetrieval"], "True")); enablePasswordReset = Convert.ToBoolean(GetConfigValue(config["enablePasswordReset"], "True")); maxInvalidPasswordAttempts = Convert.ToInt32(GetConfigValue(config["maxInvalidPasswordAttempts"], "5")); passwordAttemptWindow = Convert.ToInt32(GetConfigValue(config["passwordAttemptWindow"], "10")); minRequiredPasswordLength = Convert.ToInt32(GetConfigValue(config["minRequiredPasswordLength"], "7")); minRequiredNonAlphanumericCharacters = Convert.ToInt32(GetConfigValue(config["minRequiredAlphaNumericCharacters"], "1")); passwordStrengthRegularExpression = Convert.ToString(GetConfigValue(config["passwordStrengthRegularExpression"], string.Empty)); // Initialize the password format. switch (GetConfigValue(config["passwordFormat"], "Hashed")) { case "Hashed": passwordFormat = SystemWeb.MembershipPasswordFormat.Hashed; break; case "Encrypted": passwordFormat = SystemWeb.MembershipPasswordFormat.Encrypted; break; case "Clear": passwordFormat = SystemWeb.MembershipPasswordFormat.Clear; break; default: throw new ProviderException("password format not supported"); } Configuration.Configuration cfg = WebConfigurationManager.OpenWebConfiguration(HostingEnvironment.ApplicationVirtualPath); machineKey = (MachineKeySection)cfg.GetSection("system.web/machineKey"); if ("Auto".Equals(machineKey.Decryption)) { // Create our own key if one has not been specified. machineKey.DecryptionKey = CreateKey(24); machineKey.ValidationKey = CreateKey(64); } }