- Timestamp:
- 06/26/10 15:56:15 (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/HeuristicLab.Services.Authentication Prototype/Service/Provider/HeuristicLabMembershipProvider.cs
r3962 r3965 3 3 using System.Configuration; 4 4 using System.Configuration.Provider; 5 using System.IO; 5 6 using System.Linq; 6 7 using System.Security.Cryptography; … … 22 23 private int pMinRequiredPasswordLength; 23 24 private MembershipPasswordFormat pPasswordFormat = MembershipPasswordFormat.Clear; 24 private MachineKeySection machineKey;25 26 25 27 26 public override void Initialize(string name, NameValueCollection config) { … … 71 70 throw new ProviderException("Password format not supported."); 72 71 } 73 74 // Get encryption and decryption key information from the configuration.75 Configuration cfg =76 WebConfigurationManager.OpenWebConfiguration(System.Web.Hosting.HostingEnvironment.ApplicationVirtualPath);77 machineKey = (MachineKeySection)cfg.GetSection("system.web/machineKey");78 79 if (machineKey.ValidationKey.Contains("AutoGenerate"))80 if (PasswordFormat != MembershipPasswordFormat.Clear)81 throw new ProviderException("Hashed or Encrypted passwords " +82 "are not supported with auto-generated keys.");83 72 } 84 73 … … 154 143 // create new user 155 144 HeuristicLabUser u = new HeuristicLabUser(username, email, passwordQuestion, ""); 145 password = EncodePassword(password); 156 146 u.ChangePassword("INIT", password); 157 147 u.ChangePasswordQuestionAndAnswer(password, passwordQuestion, passwordAnswer); … … 346 336 break; 347 337 case MembershipPasswordFormat.Hashed: 348 HMACSHA1 hash = new HMACSHA1(); 349 hash.Key = HexToByte(machineKey.ValidationKey); 350 encodedPassword = 351 Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password))); 338 SHA512 sha512 = SHA512.Create(); 339 ASCIIEncoding encoder = new ASCIIEncoding(); 340 byte[] combined = encoder.GetBytes(password); 341 sha512.ComputeHash(combined); 342 encodedPassword = Convert.ToBase64String(sha512.Hash); 352 343 break; 353 344 default: … … 358 349 } 359 350 351 private readonly byte[] _rgbKey = new byte[] 352 { 353 182, 140, 37, 101, 52, 157, 80, 17, 65, 35, 130, 208, 101, 68, 161, 45, 197, 102, 112, 190, 354 187, 177, 37, 76, 63, 38, 190, 117, 247, 122, 94, 17 355 }; 356 private readonly byte[] _rgbIv = new byte[] { 60, 121, 178, 142, 50, 160, 226, 84, 41, 66, 158, 180, 26, 232, 42, 113 }; 357 358 protected override byte[] EncryptPassword(byte[] password) { 359 SymmetricAlgorithm sa = Aes.Create(); 360 MemoryStream msEncrypt = new MemoryStream(); 361 CryptoStream csEncrypt = new CryptoStream(msEncrypt, sa.CreateEncryptor(_rgbKey, _rgbIv), CryptoStreamMode.Write); 362 csEncrypt.Write(password, 0, password.Length); 363 csEncrypt.Close(); 364 byte[] encryptedTextBytes = msEncrypt.ToArray(); 365 msEncrypt.Close(); 366 return encryptedTextBytes; 367 } 368 369 protected override byte[] DecryptPassword(byte[] encodedPassword) { 370 SymmetricAlgorithm sa = Aes.Create(); 371 MemoryStream msDecrypt = new MemoryStream(encodedPassword); 372 CryptoStream csDecrypt = new CryptoStream(msDecrypt, sa.CreateDecryptor(_rgbKey, _rgbIv), CryptoStreamMode.Read); 373 byte[] decryptedTextBytes = new Byte[encodedPassword.Length]; 374 csDecrypt.Read(decryptedTextBytes, 0, encodedPassword.Length); 375 csDecrypt.Close(); 376 msDecrypt.Close(); 377 return decryptedTextBytes; 378 } 360 379 361 380 /// <summary> … … 372 391 case MembershipPasswordFormat.Encrypted: 373 392 password = 374 Encoding.Unicode.GetString(DecryptPassword(Convert.FromBase64String(password))); 393 Encoding.Unicode.GetString(DecryptPassword(Convert.FromBase64String(password))).TrimEnd('\0'); 394 395 375 396 break; 376 397 case MembershipPasswordFormat.Hashed: … … 381 402 382 403 return password; 383 }384 385 /// <summary>386 /// returns byte array of an HexString387 /// </summary>388 /// <param name="hexString"></param>389 /// <returns></returns>390 private static byte[] HexToByte(string hexString) {391 byte[] returnBytes = new byte[hexString.Length / 2];392 for (int i = 0; i < returnBytes.Length; i++)393 returnBytes[i] = Convert.ToByte(hexString.Substring(i * 2, 2), 16);394 return returnBytes;395 404 } 396 405
Note: See TracChangeset
for help on using the changeset viewer.