edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Änderungen dass Async-Funktionen wieder synchron laufen. Das ändert nichts an geschwidnigkeit da es eh schon lanes in argon2 gibt, welche mehr Kerne oder threads zur Hasung benutzen.

Browse Source
This commit is contained in:
ja
2021-12-17 10:55:54 +01:00
parent e0a200ecdd
commit 0815ba086d
8 changed files with 122 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
App_Code/TestPerformance.vb
View File

@@ -139,7 +139,7 @@ Public Class TestPerformance
Dim pw As String = "q~^Vd$fS§§nS4!q" Dim pw As String = "q~^Vd$fS§§nS4!q"
For zahl As Integer = 0 To zahlint For zahl As Integer = 0 To zahlint
sw2.Start() sw2.Start()
hashbytes.Add(Await VERAG_VARIABLES.HashPassword(pw, arrkeys(zahl), arrzahl_iterats(zahl), arrzahl(zahl))) hashbytes.Add(VERAG_VARIABLES.HashPassword(pw, arrkeys(zahl), arrzahl_iterats(zahl), arrzahl(zahl)))
sw2.Stop() sw2.Stop()
arrzeitp2.Add(sw2.ElapsedMilliseconds) arrzeitp2.Add(sw2.ElapsedMilliseconds)
sw2.Reset() sw2.Reset()

16
App_Code/VERAG_VARIABLES.vb
View File

@@ -27,7 +27,7 @@ Public Class VERAG_VARIABLES
Return saltBytes Return saltBytes
'Convert.ToBase64String(saltBytes) 'Convert.ToBase64String(saltBytes)
End Function End Function
Public Shared Async Function HashPassword(password As String, salt As Byte(), nIterations As Integer, nHash As Integer) As Threading.Tasks.Task(Of Byte()) Public Shared Function HashPassword(password As String, salt As Byte(), nIterations As Integer, nHash As Integer) As Byte()
'Dim Argon As Argon2id = New Argon2id(Encoding.UTF8.GetBytes(password)) 'Dim Argon As Argon2id = New Argon2id(Encoding.UTF8.GetBytes(password))
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
@@ -35,27 +35,27 @@ Public Class VERAG_VARIABLES
Argon.Salt = salt Argon.Salt = salt
Argon.DegreeOfParallelism = 24 Argon.DegreeOfParallelism = 24
Argon.Iterations = nIterations Argon.Iterations = nIterations
Argon.MemorySize = (((nIterations * 1 - (nIterations * 1.23) / 4 * 2) / 1.05) + 1 * 160) Argon.MemorySize = (((nIterations * 1 - (nIterations * 1.23) / 4 * 2) / 1.05) + 1 * 270)
'Return Convert.ToBase64String(Argon.GetBytes(nHash)) 'Return Convert.ToBase64String(Argon.GetBytes(nHash))
'Return Argon.GetBytes(nHash) 'Return Argon.GetBytes(nHash)
'Dim saltBytes = Convert.FromBase64String(salt) 'Dim saltBytes = Convert.FromBase64String(salt)
'Using rfc2898DeriveBytes = New Rfc2898DeriveBytes(password, saltBytes, nIterations) 'Using rfc2898DeriveBytes = New Rfc2898DeriveBytes(password, saltBytes, nIterations)
'End Using 'End Using
Return Await Argon.GetBytesAsync(nHash) Return Argon.GetBytes(nHash)
Else Else
Dim Argon As Argon2d = New Argon2d(Encoding.UTF8.GetBytes(VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(password))) Dim Argon As Argon2d = New Argon2d(Encoding.UTF8.GetBytes(VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(password)))
Argon.Salt = salt Argon.Salt = salt
Argon.DegreeOfParallelism = 48 Argon.DegreeOfParallelism = 48
Argon.Iterations = nIterations * 1.375 Argon.Iterations = nIterations * 2
Argon.MemorySize = (((nIterations * 1.375 - (nIterations * 1.2) / 1.95 * 2.28) / 0.08) + 1 * 256) / 2 Argon.MemorySize = (((nIterations * 1.385 - (nIterations * 0.72) / 1.95 * 2.28) / 0.08) + 1 * 316)
Return Await Argon.GetBytesAsync(nHash) Return Argon.GetBytes(nHash)
End If End If
End Function End Function
Public Shared Async Function Verifyhash(ByVal passw As String, ByVal salt As Byte(), ByVal hash As Byte(), ByVal nIterations As Integer, ByVal nHash As Integer) As Threading.Tasks.Task(Of Boolean) Public Shared Function Verifyhash(ByVal passw As String, ByVal salt As Byte(), ByVal hash As Byte(), ByVal nIterations As Integer, ByVal nHash As Integer) As Boolean
Dim newHash As Byte() = Await HashPassword(passw, salt, nIterations, nHash) Dim newHash As Byte() = HashPassword(passw, salt, nIterations, nHash)
Return hash.SequenceEqual(newHash) Return hash.SequenceEqual(newHash)
End Function End Function
Public Shared Function RandomInteger(ByVal min As Integer, ByVal max As Integer) As Integer Public Shared Function RandomInteger(ByVal min As Integer, ByVal max As Integer) As Integer

88
Customers/LKWs.aspx
View File

@@ -1,6 +1,6 @@
<%@ Page Title="" Language="VB" MasterPageFile="~/Customers/Customers.master" AutoEventWireup="false" CodeFile="LKWs.aspx.vb" Inherits="LKWS" %> <%@ Page Title="" Language="VB" MasterPageFile="~/Customers/Customers.master" AutoEventWireup="false" CodeFile="LKWs.aspx.vb" Inherits="LKWS" %>
<asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server"> <asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server" >
<!-- Bootstrap --> <!-- Bootstrap -->
<html lang="en"></html> <html lang="en"></html>
<!-- Required meta tags --> <!-- Required meta tags -->
@@ -133,29 +133,95 @@
<asp:Table ID="tbl_mainpage_M" runat="server" Width="100%" CssClass="table table-striped col-12"> <asp:Table ID="tbl_mainpage_M" runat="server" Width="100%" CssClass="table table-striped col-12">
<asp:TableHeaderRow runat="server" ID="headrow_M" style="background-color:#043381;color:#fff"><asp:TableHeaderCell ID="tblhc_SDLNr_M">SDL_Nr</asp:TableHeaderCell><asp:TableHeaderCell ID="tblhc_Bez_M">Bezeichnung</asp:TableHeaderCell><asp:TableHeaderCell ID="tbl_gueltig_M">Gültig Bis</asp:TableHeaderCell><asp:TableHeaderCell ID="tblhc_KarteNr_M">Karten-Nummer</asp:TableHeaderCell></asp:TableHeaderRow> <asp:TableHeaderRow runat="server" ID="headrow_M" style="background-color:#043381;color:#fff"><asp:TableHeaderCell ID="tblhc_SDLNr_M">SDL_Nr</asp:TableHeaderCell><asp:TableHeaderCell ID="tblhc_Bez_M">Bezeichnung</asp:TableHeaderCell><asp:TableHeaderCell ID="tbl_gueltig_M">Gültig Bis</asp:TableHeaderCell><asp:TableHeaderCell ID="tblhc_KarteNr_M">Karten-Nummer</asp:TableHeaderCell></asp:TableHeaderRow>
</asp:Table> </asp:Table>
</div> </div>
</div> </div>
</div>
</div>
</div>
</ContentTemplate></asp:UpdatePanel> </ContentTemplate></asp:UpdatePanel>
<!-- jQuery CDN - Slim version (=without AJAX) --> <!-- jQuery CDN - Slim version (=without AJAX) -->
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script> <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
<!-- Popper.JS --> <!-- Popper.JS -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js" integrity="sha384-cs/chFZiN24E4KMATLdqdvsezGxaGsi4hLGOzlXwp5UZB1LY//20VyM2taTB4QvJ" crossorigin="anonymous"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js" integrity="sha384-cs/chFZiN24E4KMATLdqdvsezGxaGsi4hLGOzlXwp5UZB1LY//20VyM2taTB4QvJ" crossorigin="anonymous"></script>
<script type="text/javascript"> <script type="text/javascript">
function TableRow_Click(Nat,Kennzeichen) { function TableRow_Click(Nat,Kennzeichen) {
let Speditionslabel = document.getElementById("<%=lbl_sped_Placeholder.ClientID%>") let Speditionslabel = document.getElementById("<%=lbl_sped_Placeholder.ClientID%>")
let natplaceholder = document.getElementById("<%=lbl_Placeholder.ClientID%>") let natplaceholder = document.getElementById("<%=lbl_Placeholder.ClientID%>")
let table = document.getElementById("<%=tbl_mainpage.ClientID%>")
Speditionslabel.textContent = Kennzeichen Speditionslabel.textContent = Kennzeichen
natplaceholder.textContent = Nat } natplaceholder.textContent = Nat
addHeader()
addNewRow()
}
function TableRow_Click_M(Nat,Kennzeichen) { function TableRow_Click_M(Nat,Kennzeichen) {
let Speditionslabel = document.getElementById("<%=lbl_sped_Placeholder_M.ClientID%>") let Speditionslabel = document.getElementById("<%=lbl_sped_Placeholder_M.ClientID%>")
let natplaceholder = document.getElementById("<%=lbl_Placeholder_M.ClientID%>") let natplaceholder = document.getElementById("<%=lbl_Placeholder_M.ClientID%>")
Speditionslabel.textContent = Kennzeichen Speditionslabel.textContent = Kennzeichen
natplaceholder.textContent = Nat natplaceholder.textContent = Nat
addheader_M()
addNewRow_M()
} }
</script> function addheader() {
let table = document.getElementById("<%=tbl_mainpage.ClientID%>");
var tr = table.insertRow(-1);
var td = tr.insertCell();
td.innerHTML.textContent = "SDL-Nr";
td = tr.insertCell();
td.innerHTML.textContent = "Bezeichnung";
td = tr.insertCell();
td.innerHTML = "Gültig Bis";
td = tr.insertCell();
td.innerHTML = "Karten-Nummer";
}
function addheader_m() {
let table = document.getElementById("<%=tbl_mainpage_M.ClientID%>");
let tr = table.insertRow(-1);
let td = tr.insertCell();
td.innerHTML.textContent = "SDL-Nr";
td = tr.insertCell();
td.innerHTML.textContent = "Bezeichnung";
td = tr.insertCell();
td.innerHTML = "Gültig Bis";
td = tr.insertCell();
td.innerHTML = "Karten-Nummer";
}
function addNewRow() {
let table = document.getElementById("<%=tbl_mainpage.ClientID%>");
let tr = table.insertRow();
let td = tr.insertCell();
td.innerHTML = SDLNr;
td = tr.insertCell();
td.innerHTML = bez;
td = tr.insertCell();
td.innerHTML = GueltigBis;
td = tr.insertCell();
td.innerHTML = Kartnr;
}
function addNewRow_M() {
let table = document.getElementById("<%=tbl_mainpage_M.ClientID%>");
let tr = table.insertRow(-1);
let td = tr.insertCell();
td.innerHTML = "a";
td = tr.insertCell();
td.innerHTML = "b";
td = tr.insertCell();
td.innerHTML = "c";
td = tr.insertCell();
td.innerHTML = "d";
}
</script>
</asp:Content> </asp:Content>

4
Customers/LKWs.aspx.vb
View File

@@ -148,7 +148,7 @@ Partial Class LKWS
tr.Cells.Add(tc_gueltigbis) tr.Cells.Add(tc_gueltigbis)
tr.Cells.Add(tc_Karten_Nr) tr.Cells.Add(tc_Karten_Nr)
strtemparr = "<tr><td>" + tc_SDL.Text + "</td><td>" + tc_Bez.Text + "</td><td>" + tc_gueltigbis.Text + "</td><td>" + tc_Karten_Nr.Text + "</td></tr>" strtemparr = "<tr><td>" + tc_SDL.Text + "</td><td>" + tc_Bez.Text + "</td><td>" + tc_gueltigbis.Text + "</td><td>" + tc_Karten_Nr.Text + "</td></tr>"
tbl_mainpage.Rows.Add(tr) 'tbl_mainpage.Rows.Add(tr)
TableRows.Add(tr) TableRows.Add(tr)
End If End If
'MsgBox(TableRows.Count.ToString) 'MsgBox(TableRows.Count.ToString)
@@ -387,7 +387,7 @@ Partial Class LKWS
tr.Cells.Add(tc_GueltigBis) tr.Cells.Add(tc_GueltigBis)
tr.Cells.Add(tc_Kartennr) tr.Cells.Add(tc_Kartennr)
tbl_mainpage_M.Rows.Add(tr) 'tbl_mainpage_M.Rows.Add(tr)
TableRows_M.Add(tr) TableRows_M.Add(tr)
Next Next
Dim strtemp2 As String = String.Empty Dim strtemp2 As String = String.Empty

28
login/Change_PW.aspx.vb
View File

@@ -129,7 +129,7 @@ Partial Class login_Change_PW
MsgBox("") MsgBox("")
End Sub End Sub
Protected Async Sub btn_submitpw_Click(sender As Object, e As EventArgs) Protected Sub btn_submitpw_Click(sender As Object, e As EventArgs)
Dim tempstr As String = "" Dim tempstr As String = ""
Dim UsernameDB As String = String.Empty Dim UsernameDB As String = String.Empty
Dim pwDB As String = String.Empty Dim pwDB As String = String.Empty
@@ -240,10 +240,10 @@ Partial Class login_Change_PW
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;" ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;" 'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
End If End If
Dim isPasswhash As Byte() = Await gensaltPasswAsync(usrname, tempstr, salt, intzahliterats, intzahl, Email, Session.IsNewSession) Dim isPasswhash As Byte() = gensaltPassw(usrname, tempstr, salt, intzahliterats, intzahl, Email, Session.IsNewSession)
Dim isPasswDBhash As Byte() = Await gensaltPasswAsync(UsernameDB, pwDB, salt, intzahliterats, intzahl, EmailDB, Session.IsNewSession) Dim isPasswDBhash As Byte() = gensaltPassw(UsernameDB, pwDB, salt, intzahliterats, intzahl, EmailDB, Session.IsNewSession)
If regexval_txt_Pw.IsValid = True Then If regexval_txt_Pw.IsValid = True Then
If Await VERAG_VARIABLES.Verifyhash(txt_Pw.Text, salt, isPasswhash, intzahliterats, intzahl) = True And Await VERAG_VARIABLES.Verifyhash(txt_Pw_WH.Text, salt, Await VERAG_VARIABLES.HashPassword(txt_Pw.Text, salt, intzahliterats, intzahl), intzahliterats, intzahl) = True Then If VERAG_VARIABLES.Verifyhash(txt_Pw.Text, salt, isPasswhash, intzahliterats, intzahl) = True And VERAG_VARIABLES.Verifyhash(txt_Pw_WH.Text, salt, VERAG_VARIABLES.HashPassword(txt_Pw.Text, salt, intzahliterats, intzahl), intzahliterats, intzahl) = True Then
Using con As New SqlConnection(ConnectionString) Using con As New SqlConnection(ConnectionString)
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId") Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId")
' cmd.CommandType = CommandType.StoredProcedure ' cmd.CommandType = CommandType.StoredProcedure
@@ -356,7 +356,7 @@ Partial Class login_Change_PW
End If End If
End Sub End Sub
Protected Async Sub btn_submitpw_M_Click(sender As Object, e As EventArgs) Protected Sub btn_submitpw_M_Click(sender As Object, e As EventArgs)
Dim tempstr As String = "" Dim tempstr As String = ""
Dim pwDB As String = String.Empty Dim pwDB As String = String.Empty
Dim EmailDB As String = String.Empty Dim EmailDB As String = String.Empty
@@ -459,10 +459,10 @@ Partial Class login_Change_PW
End If End If
Using con As New SqlConnection(ConnectionString) Using con As New SqlConnection(ConnectionString)
Dim isPasswhash As Byte() = Await gensaltPasswAsync(usrname, tempstr, salt, intzahliterats, intzahl, Email, Session.IsNewSession) Dim isPasswhash As Byte() = gensaltPassw(usrname, tempstr, salt, intzahliterats, intzahl, Email, Session.IsNewSession)
Dim isPasswDBhash As Byte() = Await gensaltPasswAsync(usrnmDB, pwDB, salt, intzahliterats, intzahl, EmailDB, Session.IsNewSession) Dim isPasswDBhash As Byte() = gensaltPassw(usrnmDB, pwDB, salt, intzahliterats, intzahl, EmailDB, Session.IsNewSession)
If regexval_txt_Pw.IsValid = True Then If regexval_txt_Pw.IsValid = True Then
If Await VERAG_VARIABLES.Verifyhash(tempstr, salt, isPasswhash, intzahliterats, intzahl) = True AndAlso Await VERAG_VARIABLES.Verifyhash(pwDB, salt, isPasswDBhash, intzahliterats, intzahl) = True Then If VERAG_VARIABLES.Verifyhash(tempstr, salt, isPasswhash, intzahliterats, intzahl) = True AndAlso VERAG_VARIABLES.Verifyhash(pwDB, salt, isPasswDBhash, intzahliterats, intzahl) = True Then
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId") Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId")
' cmd.CommandType = CommandType.StoredProcedure ' cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@Username", usrname) cmd.Parameters.AddWithValue("@Username", usrname)
@@ -528,17 +528,17 @@ Partial Class login_Change_PW
End If End If
End Sub End Sub
Async Function gensaltPasswAsync(username As String, password As String, salt As Byte(), intzahliterats As Integer, intzahl As Integer, email As String, isnewSession As Boolean) As Task(Of Byte()) Function gensaltPassw(username As String, password As String, salt As Byte(), intzahliterats As Integer, intzahl As Integer, email As String, isnewSession As Boolean) As Byte()
If isnewSession = False Then If isnewSession = False Then
Dim token As Byte() Dim token As Byte()
'Dim tok As Byte = Convert.ToBase64String(time.Concat(Key).ToArray()) 'Dim tok As Byte = Convert.ToBase64String(time.Concat(Key).ToArray())
Dim tok As String = password Dim tok As String = password
token = Await VERAG_VARIABLES.HashPassword(password, salt, intzahliterats, intzahl) token = VERAG_VARIABLES.HashPassword(password, salt, intzahliterats, intzahl)
Return token Return token
End If End If
End Function End Function
Async Function gennewsaltToken(username As String, password As String, email As String, salt As Byte(), CustomerID As String, intzahlits As Integer, intzahl As Integer, isnewSession As Boolean, theUserID As String) As Task(Of String) Function gennewsaltToken(username As String, password As String, email As String, salt As Byte(), CustomerID As String, intzahlits As Integer, intzahl As Integer, isnewSession As Boolean, theUserID As String) As String
If isnewSession = False Then If isnewSession = False Then
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray() Dim Key() As Byte = Guid.NewGuid().ToByteArray()
@@ -547,7 +547,7 @@ Partial Class login_Change_PW
If String.IsNullOrEmpty(theUserID) = False Then If String.IsNullOrEmpty(theUserID) = False Then
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray()) Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
token = Await VERAG_VARIABLES.HashPassword(tok, salt, intzahlits, intzahl) token = VERAG_VARIABLES.HashPassword(tok, salt, intzahlits, intzahl)
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token)) Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
Else Else
@@ -558,13 +558,13 @@ Partial Class login_Change_PW
End If End If
End Function End Function
Async Function gensaltTokenAsync(STrings As String) As Task(Of String) Function gensaltTokenAsync(STrings As String) As String
If String.IsNullOrEmpty(STrings) = False Then If String.IsNullOrEmpty(STrings) = False Then
Dim token As Byte() Dim token As Byte()
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl) Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
Dim tok As String = STrings Dim tok As String = STrings
token = Await VERAG_VARIABLES.HashPassword(tok, salt, intzahliterats, intzahl) token = VERAG_VARIABLES.HashPassword(tok, salt, intzahliterats, intzahl)
Return Convert.ToBase64String(token) Return Convert.ToBase64String(token)

4
login/CreateUser.aspx.vb
View File

@@ -40,7 +40,7 @@ Partial Class login_CreateUser
End If End If
End Sub End Sub
Protected Async Sub btn_Save_Changes_Click(sender As Object, e As EventArgs) Protected Sub btn_Save_Changes_Click(sender As Object, e As EventArgs)
Dim validFileTypes As String() = {"bmp", "gif", "png", "jpg", "jpeg"} Dim validFileTypes As String() = {"bmp", "gif", "png", "jpg", "jpeg"}
Dim ext As String = System.IO.Path.GetExtension(FileUpload_Desktop.PostedFile.FileName) Dim ext As String = System.IO.Path.GetExtension(FileUpload_Desktop.PostedFile.FileName)
Dim isValidFile As Boolean = False Dim isValidFile As Boolean = False
@@ -62,7 +62,7 @@ Partial Class login_CreateUser
lbl_message_desktop.Text = "File uploaded successfully." lbl_message_desktop.Text = "File uploaded successfully."
End If End If
If String.IsNullOrEmpty(txt_PW.Text) = False AndAlso String.IsNullOrEmpty(txt_PW_WH.Text) = False Then If String.IsNullOrEmpty(txt_PW.Text) = False AndAlso String.IsNullOrEmpty(txt_PW_WH.Text) = False Then
Dim hashpw As Byte() = Await VERAG_VARIABLES.HashPassword(txt_PW_WH.Text, salt, initrandzahl, VERAG_VARIABLES.RandomInteger(0, Math.Pow(2, 7))) Dim hashpw As Byte() = VERAG_VARIABLES.HashPassword(txt_PW_WH.Text, salt, initrandzahl, VERAG_VARIABLES.RandomInteger(0, Math.Pow(2, 7)))
End If End If
End Sub End Sub

20
login/ForgotPW.aspx.vb
View File

@@ -27,7 +27,7 @@ Partial Class ForgotPW
End Sub End Sub
Protected Async Sub btn_Send_Click(sender As Object, e As EventArgs) Protected Sub btn_Send_Click(sender As Object, e As EventArgs)
Try Try
Dim username As String = String.Empty Dim username As String = String.Empty
Dim password As String = String.Empty Dim password As String = String.Empty
@@ -215,7 +215,7 @@ Partial Class ForgotPW
tokenname = Session.Item("TokenforEmail") tokenname = Session.Item("TokenforEmail")
End If End If
Dim intzahl As Integer = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 4), Math.Pow(2, 10)) Dim intzahl As Integer = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 4), Math.Pow(2, 10))
Dim hashdata As Byte() = Await VERAG_VARIABLES.HashPassword(tokenname, salt, VERAG_VARIABLES.getiterationnumber, intzahl) Dim hashdata As Byte() = VERAG_VARIABLES.HashPassword(tokenname, salt, VERAG_VARIABLES.getiterationnumber, intzahl)
Session.Add("TokenHashtokenized", VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(hashdata))) Session.Add("TokenHashtokenized", VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(hashdata)))
If SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession, UserID) = True Then If SendEmail(username, password, email, tokenname, customerID, isusrnmright, isCustomeridright, isemailright, Session.IsNewSession, UserID) = True Then
'password = RandomString(New Random, 10) 'password = RandomString(New Random, 10)
@@ -609,7 +609,7 @@ Partial Class ForgotPW
Async Function Findtokenhashsalt(username As String, password As String, email As String, customerID As String, isusernameright As Boolean, isuserIDright As Boolean, isuserEmailright As Boolean, isnewsess As Boolean, UserID As String) As Task(Of String) Async Function Findtokenhashsalt(username As String, password As String, email As String, customerID As String, isusernameright As Boolean, isuserIDright As Boolean, isuserEmailright As Boolean, isnewsess As Boolean, UserID As String) As Task(Of String)
Dim t As Task(Of String) Dim t As Task(Of String)
t = Task.Run(Async Function() As Task(Of String) t = Task.Run(Async Function() As Task(Of String)
Return Await gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, isnewsess, UserID) Return gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, isnewsess, UserID)
End Function) End Function)
Return Await t Return Await t
End Function End Function
@@ -758,7 +758,7 @@ Partial Class ForgotPW
Return min + (max - min) * (one_byte(0) / 255) Return min + (max - min) * (one_byte(0) / 255)
End Function End Function
Async Function gensaltToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean, theUserID As String) As Task(Of String) Function gensaltToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean, theUserID As String) As String
If isnewSession = False Then If isnewSession = False Then
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray() Dim Key() As Byte = Guid.NewGuid().ToByteArray()
@@ -771,9 +771,9 @@ Partial Class ForgotPW
If isusrnmright = True And iscstmIDright = True And isemailright = True AndAlso String.IsNullOrEmpty(theUserID) = False Then If isusrnmright = True And iscstmIDright = True And isemailright = True AndAlso String.IsNullOrEmpty(theUserID) = False Then
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl) Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
'Dim tok As Byte = Convert.ToBase64String(time.Concat(Key).ToArray()) 'Dim tok As Byte = Convert.ToBase64String(time.Concat(Key).ToArray())
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray()) Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
token = Await VERAG_VARIABLES.HashPassword(tok, salt, intzahliterats, intzahl) token = VERAG_VARIABLES.HashPassword(tok, salt, intzahliterats, intzahl)
Return Convert.ToBase64String(token) Return Convert.ToBase64String(token)
Else Else
@@ -834,7 +834,7 @@ Partial Class ForgotPW
Return sb.ToString() Return sb.ToString()
End Function End Function
Protected Async Sub btn_Testmail_Click(sender As Object, e As EventArgs) Protected Sub btn_Testmail_Click(sender As Object, e As EventArgs)
Dim username As String = "userwithlongername" Dim username As String = "userwithlongername"
Dim Passw As String = "Test1!W" Dim Passw As String = "Test1!W"
Dim email As String = "ja@verag.ag" Dim email As String = "ja@verag.ag"
@@ -853,8 +853,8 @@ Partial Class ForgotPW
Else Else
tokentest = Session.Item("TokenforEmail") tokentest = Session.Item("TokenforEmail")
End If End If
hashtoken = Await VERAG_VARIABLES.HashPassword(tokentest, salt, iterationnumb, nzahl) hashtoken = VERAG_VARIABLES.HashPassword(tokentest, salt, iterationnumb, nzahl)
If Await VERAG_VARIABLES.Verifyhash(tokentest, salt, hashtoken, iterationnumb, nzahl) = True Then If VERAG_VARIABLES.Verifyhash(tokentest, salt, hashtoken, iterationnumb, nzahl) = True Then
If SendEmail(username, Passw, email, tokentest, CustomerID, True, True, True, False, TheusrID) = True Then If SendEmail(username, Passw, email, tokentest, CustomerID, True, True, True, False, TheusrID) = True Then
'password = RandomString(New Random, 10) 'password = RandomString(New Random, 10)
If getDateoftoken(tokentest) = True Then If getDateoftoken(tokentest) = True Then

19
login/login_FLEX.aspx.vb
View File

@@ -21,7 +21,7 @@ Partial Class login_FLEX
Page.MaintainScrollPositionOnPostBack = False Page.MaintainScrollPositionOnPostBack = False
End If End If
End Sub End Sub
Protected Async Function ValidateUser(sender As Object, e As EventArgs) As Threading.Tasks.Task Protected Sub ValidateUser(sender As Object, e As EventArgs)
Dim ConnectionString = "" Dim ConnectionString = ""
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True VERAG_PROG_ALLGEMEIN.cAllgemein.TESTSYSTEM = True
@@ -169,8 +169,8 @@ Partial Class login_FLEX
Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Username is not in the database!" Login1.FailureText = VERAG_VARIABLES.geterrornumb + "Username is not in the database!"
End If End If
If tb3.Text = dr("Password") Then If tb3.Text = dr("Password") Then
Dim hashpw As Byte() = Await VERAG_VARIABLES.HashPassword(passw, salt, intzahliterats, intzahl) Dim hashpw As Byte() = VERAG_VARIABLES.HashPassword(passw, salt, intzahliterats, intzahl)
If Await VERAG_VARIABLES.Verifyhash(dr("Password").ToString, salt, hashpw, intzahliterats, intzahl) = True Then If VERAG_VARIABLES.Verifyhash(dr("Password").ToString, salt, hashpw, intzahliterats, intzahl) = True Then
passw = dr("Password").ToString passw = dr("Password").ToString
Else Else
passw = String.Empty passw = String.Empty
@@ -203,9 +203,7 @@ Partial Class login_FLEX
'End If 'End If
FormsAuthentication.RedirectFromLoginPage(UserNaMe, True) FormsAuthentication.RedirectFromLoginPage(UserNaMe, True)
End Sub
End Function
Protected Sub LoginButton_Click(sender As Object, e As EventArgs) Protected Sub LoginButton_Click(sender As Object, e As EventArgs)
Validate("Login") Validate("Login")
@@ -219,13 +217,13 @@ Partial Class login_FLEX
Session.Add("CustomerID", Customer_ID) Session.Add("CustomerID", Customer_ID)
Session.Add("PW", passw) Session.Add("PW", passw)
End Sub End Sub
Async Function gensaltToken(username As String, password As String, CustomerID As String, salt As Byte(), intzahliterats As Integer, intzahl As Integer, isnewSession As Boolean) As Threading.Tasks.Task(Of String) Function gensaltToken(username As String, password As String, CustomerID As String, salt As Byte(), intzahliterats As Integer, intzahl As Integer, isnewSession As Boolean) As String
If isnewSession = False Then If isnewSession = False Then
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary()) Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray() Dim Key() As Byte = Guid.NewGuid().ToByteArray()
Dim token As Byte() Dim token As Byte()
token = Await VERAG_VARIABLES.HashPassword(Convert.ToBase64String(time.Concat(Key).ToArray()), salt, intzahliterats, intzahl) token = VERAG_VARIABLES.HashPassword(Convert.ToBase64String(time.Concat(Key).ToArray()), salt, intzahliterats, intzahl)
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token)) Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
'Dim Msg, Style, Title As String 'Dim Msg, Style, Title As String
@@ -235,7 +233,7 @@ Partial Class login_FLEX
'MsgBox(Msg, Style, Title) 'MsgBox(Msg, Style, Title)
'If MsgBox(Msg, Style, Title).Retry Then 'If MsgBox(Msg, Style, Title).Retry Then
'genToken(username, password, email) 'genToken(username, password, email)
token = Await VERAG_VARIABLES.HashPassword(Convert.ToBase64String(time.Concat(Key).ToArray()), salt, intzahliterats, intzahl) token = VERAG_VARIABLES.HashPassword(Convert.ToBase64String(time.Concat(Key).ToArray()), salt, intzahliterats, intzahl)
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token)) Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
'Else 'Else
@@ -246,11 +244,10 @@ Partial Class login_FLEX
If jetzt < wenn Then If jetzt < wenn Then
Return "NotYet" Return "NotYet"
Else Else
token = Await VERAG_VARIABLES.HashPassword(Convert.ToBase64String(time.Concat(Key).ToArray()), salt, intzahliterats, intzahl) token = VERAG_VARIABLES.HashPassword(Convert.ToBase64String(time.Concat(Key).ToArray()), salt, intzahliterats, intzahl)
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token)) Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
'End If 'End If
End If End If
End If End If
End Function End Function