Store and compare passwords as hash to improve system security
parent
bcb7bf342a
commit
4ca812adcf
|
@ -1,7 +1,7 @@
|
|||
<Project>
|
||||
<Import Project="dependencies.props" />
|
||||
<PropertyGroup>
|
||||
<Version>1.1.1</Version>
|
||||
<Version>1.1.2</Version>
|
||||
<Authors>Tudor Stanciu</Authors>
|
||||
<Company>STA</Company>
|
||||
<PackageTags>IdentityServer</PackageTags>
|
||||
|
|
|
@ -12,6 +12,7 @@ namespace IdentityServer.Application
|
|||
{
|
||||
services.AddStores();
|
||||
services.AddSingleton<IConfigProvider, ConfigProvider>();
|
||||
services.AddSingleton<IHashingService, HashingService>();
|
||||
services.AddSingleton<ITokenService, TokenService>();
|
||||
services.AddScoped<IUserService, UserService>();
|
||||
services.AddSingleton<IBehaviorService, BehaviorService>();
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
namespace IdentityServer.Application.Services.Abstractions
|
||||
{
|
||||
internal interface IHashingService
|
||||
{
|
||||
string HashMd5(string text);
|
||||
string HashSha1(string text);
|
||||
string HashSha256(string text);
|
||||
string HashSha384(string text);
|
||||
string HashSha512(string text);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,59 @@
|
|||
using IdentityServer.Application.Services.Abstractions;
|
||||
using System;
|
||||
using System.Security.Authentication;
|
||||
using System.Security.Cryptography;
|
||||
|
||||
namespace IdentityServer.Application.Services
|
||||
{
|
||||
internal class HashingService : IHashingService
|
||||
{
|
||||
public string HashMd5(string text) => Hash(text, HashAlgorithmType.Md5);
|
||||
public string HashSha1(string text) => Hash(text, HashAlgorithmType.Sha1);
|
||||
public string HashSha256(string text) => Hash(text, HashAlgorithmType.Sha256);
|
||||
public string HashSha384(string text) => Hash(text, HashAlgorithmType.Sha384);
|
||||
public string HashSha512(string text) => Hash(text, HashAlgorithmType.Sha512);
|
||||
|
||||
private string Hash(string text, HashAlgorithmType algorithm)
|
||||
{
|
||||
if (string.IsNullOrEmpty(text))
|
||||
throw new ArgumentException("Cannot hash null value.", nameof(text));
|
||||
|
||||
using (var sha = GetHashAlgorithm(algorithm))
|
||||
{
|
||||
byte[] textData = System.Text.Encoding.UTF8.GetBytes(text);
|
||||
byte[] hash = sha.ComputeHash(textData);
|
||||
|
||||
var str = BitConverter.ToString(hash);
|
||||
|
||||
return str.Replace("-", String.Empty);
|
||||
}
|
||||
}
|
||||
|
||||
private HashAlgorithm GetHashAlgorithm(HashAlgorithmType algorithmType)
|
||||
{
|
||||
switch (algorithmType)
|
||||
{
|
||||
case HashAlgorithmType.None:
|
||||
throw new ArgumentException("Do not use this method with HashAlgorithmType.None.", nameof(algorithmType));
|
||||
|
||||
case HashAlgorithmType.Md5:
|
||||
return MD5.Create();
|
||||
|
||||
case HashAlgorithmType.Sha1:
|
||||
return SHA1.Create();
|
||||
|
||||
case HashAlgorithmType.Sha256:
|
||||
return SHA256.Create();
|
||||
|
||||
case HashAlgorithmType.Sha384:
|
||||
return SHA384.Create();
|
||||
|
||||
case HashAlgorithmType.Sha512:
|
||||
return SHA512.Create();
|
||||
|
||||
default:
|
||||
throw new NotImplementedException($"HashAlgorithmType {algorithmType} is not implemented.");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,4 +1,5 @@
|
|||
using IdentityServer.Application.Stores;
|
||||
using IdentityServer.Application.Services.Abstractions;
|
||||
using IdentityServer.Application.Stores;
|
||||
using IdentityServer.Domain.Abstractions;
|
||||
using IdentityServer.Domain.Entities;
|
||||
using IdentityServer.Domain.Models;
|
||||
|
@ -14,18 +15,21 @@ namespace IdentityServer.Application.Services
|
|||
private readonly IIdentityRepository _identityRepository;
|
||||
private readonly ITokenService _tokenService;
|
||||
private readonly IConfigProvider _configProvider;
|
||||
private readonly IHashingService _hashingService;
|
||||
|
||||
public UserService(ITokenStore securityStore, IIdentityRepository identityRepository, ITokenService tokenService, IConfigProvider configProvider)
|
||||
public UserService(ITokenStore securityStore, IIdentityRepository identityRepository, ITokenService tokenService, IConfigProvider configProvider, IHashingService hashingService)
|
||||
{
|
||||
_securityStore=securityStore;
|
||||
_identityRepository=identityRepository;
|
||||
_tokenService=tokenService;
|
||||
_configProvider=configProvider;
|
||||
_hashingService=hashingService;
|
||||
}
|
||||
|
||||
public async Task<Token> Authenticate(string userName, string password)
|
||||
{
|
||||
var user = await _identityRepository.GetUser(userName, password);
|
||||
var passwordHash = _hashingService.HashSha256(password);
|
||||
var user = await _identityRepository.GetUser(userName, passwordHash);
|
||||
var valid = ValidateUser(user);
|
||||
if (!valid)
|
||||
return null;
|
||||
|
|
|
@ -34,6 +34,13 @@
|
|||
<Version>1.1.1</Version>
|
||||
<Content>
|
||||
◾ Added NDB.Infrastructure.DatabaseMigration
|
||||
◾ Organized sql scripts to meet database migrator requirements
|
||||
</Content>
|
||||
</Note>
|
||||
<Note>
|
||||
<Version>1.1.2</Version>
|
||||
<Content>
|
||||
◾ Store and compare passwords as hash to improve system security
|
||||
</Content>
|
||||
</Note>
|
||||
</ReleaseNotes>
|
Loading…
Reference in New Issue