nikcio

Umbraco HashPasswordForStorage

Oct 15th, 2020
78
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #region Hash
  2.  
  3.         public string HashPasswordForStorage(string password) {
  4.             string salt;
  5.             var hashed = EncryptOrHashNewPassword(password, out salt);
  6.             return FormatPasswordForStorage(hashed, salt);
  7.         }
  8.  
  9.         /// <summary>
  10.         /// Encrypt/hash a new password with a new salt
  11.         /// </summary>
  12.         /// <param name="newPassword"></param>
  13.         /// <param name="salt"></param>
  14.         /// <returns></returns>
  15.         protected internal string EncryptOrHashNewPassword(string newPassword, out string salt) {
  16.             salt = GenerateSalt();
  17.             return EncryptOrHashPassword(newPassword, salt);
  18.         }
  19.  
  20.         protected internal static string GenerateSalt() {
  21.             var numArray = new byte[16];
  22.             new RNGCryptoServiceProvider().GetBytes(numArray);
  23.             return Convert.ToBase64String(numArray);
  24.         }
  25.  
  26.         protected internal string EncryptOrHashPassword(string pass, string salt) {
  27.  
  28.             //This is the correct way to implement this (as per the sql membership provider)
  29.             var bytes = Encoding.Unicode.GetBytes(pass);
  30.             var saltBytes = Convert.FromBase64String(salt);
  31.             byte[] inArray;
  32.  
  33.             var hashAlgorithm = GetHashAlgorithm(pass);
  34.             var algorithm = hashAlgorithm as KeyedHashAlgorithm;
  35.             if (algorithm != null) {
  36.                 var keyedHashAlgorithm = algorithm;
  37.                 if (keyedHashAlgorithm.Key.Length == saltBytes.Length) {
  38.                     //if the salt bytes is the required key length for the algorithm, use it as-is
  39.                     keyedHashAlgorithm.Key = saltBytes;
  40.                 }
  41.                 else if (keyedHashAlgorithm.Key.Length < saltBytes.Length) {
  42.                     //if the salt bytes is too long for the required key length for the algorithm, reduce it
  43.                     var numArray2 = new byte[keyedHashAlgorithm.Key.Length];
  44.                     Buffer.BlockCopy(saltBytes, 0, numArray2, 0, numArray2.Length);
  45.                     keyedHashAlgorithm.Key = numArray2;
  46.                 }
  47.                 else {
  48.                     //if the salt bytes is too short for the required key length for the algorithm, extend it
  49.                     var numArray2 = new byte[keyedHashAlgorithm.Key.Length];
  50.                     var dstOffset = 0;
  51.                     while (dstOffset < numArray2.Length) {
  52.                         var count = Math.Min(saltBytes.Length, numArray2.Length - dstOffset);
  53.                         Buffer.BlockCopy(saltBytes, 0, numArray2, dstOffset, count);
  54.                         dstOffset += count;
  55.                     }
  56.                     keyedHashAlgorithm.Key = numArray2;
  57.                 }
  58.                 inArray = keyedHashAlgorithm.ComputeHash(bytes);
  59.             }
  60.             else {
  61.                 var buffer = new byte[saltBytes.Length + bytes.Length];
  62.                 Buffer.BlockCopy(saltBytes, 0, buffer, 0, saltBytes.Length);
  63.                 Buffer.BlockCopy(bytes, 0, buffer, saltBytes.Length, bytes.Length);
  64.                 inArray = hashAlgorithm.ComputeHash(buffer);
  65.             }
  66.  
  67.             return Convert.ToBase64String(inArray);
  68.         }
  69.  
  70.         protected internal string FormatPasswordForStorage(string pass, string salt) {
  71.             return salt + pass;
  72.         }
  73.  
  74.         protected internal HashAlgorithm GetHashAlgorithm(string password) {
  75.             var alg = HashAlgorithm.Create("HMACSHA256");
  76.             if (alg == null) {
  77.                 throw new InvalidOperationException("The hash algorithm specified " + Membership.HashAlgorithmType + " cannot be resolved");
  78.             }
  79.  
  80.             return alg;
  81.         }
  82.  
  83.         #endregion
RAW Paste Data