From 4ca812adcf86589e7921388a737f1139fae731c2 Mon Sep 17 00:00:00 2001 From: Tudor Stanciu Date: Fri, 11 Feb 2022 10:56:52 +0200 Subject: [PATCH] Store and compare passwords as hash to improve system security --- Directory.Build.props | 2 +- .../DependencyInjectionExtensions.cs | 1 + .../Services/Abstractions/IHashingService.cs | 11 ++++ .../Services/HashingService.cs | 59 +++++++++++++++++++ .../Services/UserService.cs | 18 +++--- ReleaseNotes.xml | 7 +++ 6 files changed, 90 insertions(+), 8 deletions(-) create mode 100644 IdentityServer.Application/Services/Abstractions/IHashingService.cs create mode 100644 IdentityServer.Application/Services/HashingService.cs diff --git a/Directory.Build.props b/Directory.Build.props index 7ab4e07..ffe6f24 100644 --- a/Directory.Build.props +++ b/Directory.Build.props @@ -1,7 +1,7 @@ - 1.1.1 + 1.1.2 Tudor Stanciu STA IdentityServer diff --git a/IdentityServer.Application/DependencyInjectionExtensions.cs b/IdentityServer.Application/DependencyInjectionExtensions.cs index 548e741..02e5320 100644 --- a/IdentityServer.Application/DependencyInjectionExtensions.cs +++ b/IdentityServer.Application/DependencyInjectionExtensions.cs @@ -12,6 +12,7 @@ namespace IdentityServer.Application { services.AddStores(); services.AddSingleton(); + services.AddSingleton(); services.AddSingleton(); services.AddScoped(); services.AddSingleton(); diff --git a/IdentityServer.Application/Services/Abstractions/IHashingService.cs b/IdentityServer.Application/Services/Abstractions/IHashingService.cs new file mode 100644 index 0000000..627de1e --- /dev/null +++ b/IdentityServer.Application/Services/Abstractions/IHashingService.cs @@ -0,0 +1,11 @@ +namespace IdentityServer.Application.Services.Abstractions +{ + internal interface IHashingService + { + string HashMd5(string text); + string HashSha1(string text); + string HashSha256(string text); + string HashSha384(string text); + string HashSha512(string text); + } +} diff --git a/IdentityServer.Application/Services/HashingService.cs b/IdentityServer.Application/Services/HashingService.cs new file mode 100644 index 0000000..a0f7b53 --- /dev/null +++ b/IdentityServer.Application/Services/HashingService.cs @@ -0,0 +1,59 @@ +using IdentityServer.Application.Services.Abstractions; +using System; +using System.Security.Authentication; +using System.Security.Cryptography; + +namespace IdentityServer.Application.Services +{ + internal class HashingService : IHashingService + { + public string HashMd5(string text) => Hash(text, HashAlgorithmType.Md5); + public string HashSha1(string text) => Hash(text, HashAlgorithmType.Sha1); + public string HashSha256(string text) => Hash(text, HashAlgorithmType.Sha256); + public string HashSha384(string text) => Hash(text, HashAlgorithmType.Sha384); + public string HashSha512(string text) => Hash(text, HashAlgorithmType.Sha512); + + private string Hash(string text, HashAlgorithmType algorithm) + { + if (string.IsNullOrEmpty(text)) + throw new ArgumentException("Cannot hash null value.", nameof(text)); + + using (var sha = GetHashAlgorithm(algorithm)) + { + byte[] textData = System.Text.Encoding.UTF8.GetBytes(text); + byte[] hash = sha.ComputeHash(textData); + + var str = BitConverter.ToString(hash); + + return str.Replace("-", String.Empty); + } + } + + private HashAlgorithm GetHashAlgorithm(HashAlgorithmType algorithmType) + { + switch (algorithmType) + { + case HashAlgorithmType.None: + throw new ArgumentException("Do not use this method with HashAlgorithmType.None.", nameof(algorithmType)); + + case HashAlgorithmType.Md5: + return MD5.Create(); + + case HashAlgorithmType.Sha1: + return SHA1.Create(); + + case HashAlgorithmType.Sha256: + return SHA256.Create(); + + case HashAlgorithmType.Sha384: + return SHA384.Create(); + + case HashAlgorithmType.Sha512: + return SHA512.Create(); + + default: + throw new NotImplementedException($"HashAlgorithmType {algorithmType} is not implemented."); + } + } + } +} diff --git a/IdentityServer.Application/Services/UserService.cs b/IdentityServer.Application/Services/UserService.cs index 49f9a40..956d05b 100644 --- a/IdentityServer.Application/Services/UserService.cs +++ b/IdentityServer.Application/Services/UserService.cs @@ -1,4 +1,5 @@ -using IdentityServer.Application.Stores; +using IdentityServer.Application.Services.Abstractions; +using IdentityServer.Application.Stores; using IdentityServer.Domain.Abstractions; using IdentityServer.Domain.Entities; using IdentityServer.Domain.Models; @@ -14,18 +15,21 @@ namespace IdentityServer.Application.Services private readonly IIdentityRepository _identityRepository; private readonly ITokenService _tokenService; private readonly IConfigProvider _configProvider; + private readonly IHashingService _hashingService; - public UserService(ITokenStore securityStore, IIdentityRepository identityRepository, ITokenService tokenService, IConfigProvider configProvider) + public UserService(ITokenStore securityStore, IIdentityRepository identityRepository, ITokenService tokenService, IConfigProvider configProvider, IHashingService hashingService) { - _securityStore = securityStore; - _identityRepository = identityRepository; - _tokenService = tokenService; - _configProvider = configProvider; + _securityStore=securityStore; + _identityRepository=identityRepository; + _tokenService=tokenService; + _configProvider=configProvider; + _hashingService=hashingService; } public async Task Authenticate(string userName, string password) { - var user = await _identityRepository.GetUser(userName, password); + var passwordHash = _hashingService.HashSha256(password); + var user = await _identityRepository.GetUser(userName, passwordHash); var valid = ValidateUser(user); if (!valid) return null; diff --git a/ReleaseNotes.xml b/ReleaseNotes.xml index 9a36a5a..3d6ba39 100644 --- a/ReleaseNotes.xml +++ b/ReleaseNotes.xml @@ -34,6 +34,13 @@ 1.1.1 ◾ Added NDB.Infrastructure.DatabaseMigration + ◾ Organized sql scripts to meet database migrator requirements + + + + 1.1.2 + + ◾ Store and compare passwords as hash to improve system security \ No newline at end of file