Store and compare passwords as hash to improve system security

master
Tudor Stanciu 2022-02-11 10:56:52 +02:00
parent bcb7bf342a
commit 4ca812adcf
6 changed files with 90 additions and 8 deletions

View File

@ -1,7 +1,7 @@
<Project>
<Import Project="dependencies.props" />
<PropertyGroup>
<Version>1.1.1</Version>
<Version>1.1.2</Version>
<Authors>Tudor Stanciu</Authors>
<Company>STA</Company>
<PackageTags>IdentityServer</PackageTags>

View File

@ -12,6 +12,7 @@ namespace IdentityServer.Application
{
services.AddStores();
services.AddSingleton<IConfigProvider, ConfigProvider>();
services.AddSingleton<IHashingService, HashingService>();
services.AddSingleton<ITokenService, TokenService>();
services.AddScoped<IUserService, UserService>();
services.AddSingleton<IBehaviorService, BehaviorService>();

View File

@ -0,0 +1,11 @@
namespace IdentityServer.Application.Services.Abstractions
{
internal interface IHashingService
{
string HashMd5(string text);
string HashSha1(string text);
string HashSha256(string text);
string HashSha384(string text);
string HashSha512(string text);
}
}

View File

@ -0,0 +1,59 @@
using IdentityServer.Application.Services.Abstractions;
using System;
using System.Security.Authentication;
using System.Security.Cryptography;
namespace IdentityServer.Application.Services
{
internal class HashingService : IHashingService
{
public string HashMd5(string text) => Hash(text, HashAlgorithmType.Md5);
public string HashSha1(string text) => Hash(text, HashAlgorithmType.Sha1);
public string HashSha256(string text) => Hash(text, HashAlgorithmType.Sha256);
public string HashSha384(string text) => Hash(text, HashAlgorithmType.Sha384);
public string HashSha512(string text) => Hash(text, HashAlgorithmType.Sha512);
private string Hash(string text, HashAlgorithmType algorithm)
{
if (string.IsNullOrEmpty(text))
throw new ArgumentException("Cannot hash null value.", nameof(text));
using (var sha = GetHashAlgorithm(algorithm))
{
byte[] textData = System.Text.Encoding.UTF8.GetBytes(text);
byte[] hash = sha.ComputeHash(textData);
var str = BitConverter.ToString(hash);
return str.Replace("-", String.Empty);
}
}
private HashAlgorithm GetHashAlgorithm(HashAlgorithmType algorithmType)
{
switch (algorithmType)
{
case HashAlgorithmType.None:
throw new ArgumentException("Do not use this method with HashAlgorithmType.None.", nameof(algorithmType));
case HashAlgorithmType.Md5:
return MD5.Create();
case HashAlgorithmType.Sha1:
return SHA1.Create();
case HashAlgorithmType.Sha256:
return SHA256.Create();
case HashAlgorithmType.Sha384:
return SHA384.Create();
case HashAlgorithmType.Sha512:
return SHA512.Create();
default:
throw new NotImplementedException($"HashAlgorithmType {algorithmType} is not implemented.");
}
}
}
}

View File

@ -1,4 +1,5 @@
using IdentityServer.Application.Stores;
using IdentityServer.Application.Services.Abstractions;
using IdentityServer.Application.Stores;
using IdentityServer.Domain.Abstractions;
using IdentityServer.Domain.Entities;
using IdentityServer.Domain.Models;
@ -14,18 +15,21 @@ namespace IdentityServer.Application.Services
private readonly IIdentityRepository _identityRepository;
private readonly ITokenService _tokenService;
private readonly IConfigProvider _configProvider;
private readonly IHashingService _hashingService;
public UserService(ITokenStore securityStore, IIdentityRepository identityRepository, ITokenService tokenService, IConfigProvider configProvider)
public UserService(ITokenStore securityStore, IIdentityRepository identityRepository, ITokenService tokenService, IConfigProvider configProvider, IHashingService hashingService)
{
_securityStore = securityStore;
_identityRepository = identityRepository;
_tokenService = tokenService;
_configProvider = configProvider;
_securityStore=securityStore;
_identityRepository=identityRepository;
_tokenService=tokenService;
_configProvider=configProvider;
_hashingService=hashingService;
}
public async Task<Token> Authenticate(string userName, string password)
{
var user = await _identityRepository.GetUser(userName, password);
var passwordHash = _hashingService.HashSha256(password);
var user = await _identityRepository.GetUser(userName, passwordHash);
var valid = ValidateUser(user);
if (!valid)
return null;

View File

@ -34,6 +34,13 @@
<Version>1.1.1</Version>
<Content>
◾ Added NDB.Infrastructure.DatabaseMigration
◾ Organized sql scripts to meet database migrator requirements
</Content>
</Note>
<Note>
<Version>1.1.2</Version>
<Content>
◾ Store and compare passwords as hash to improve system security
</Content>
</Note>
</ReleaseNotes>