Implementierung einer besseren Radom und rechenintensiveren Hash-Aart
This commit is contained in:
ja
@@ -1,8 +1,12 @@
|
||||
Imports System.Security.Cryptography
|
||||
Imports Microsoft.VisualBasic
|
||||
|
||||
Imports Konscious.Security.Cryptography
|
||||
Public Class VERAG_VARIABLES
|
||||
Public Shared errornumb As Integer = 0
|
||||
Shared Function getiterationnumber() As Integer
|
||||
Return RandomInteger(Math.Pow(2, 2), Math.Pow(2, 8))
|
||||
End Function
|
||||
|
||||
Shared Sub initerrorcount()
|
||||
errornumb = 0
|
||||
End Sub
|
||||
@@ -15,20 +19,38 @@ Public Class VERAG_VARIABLES
|
||||
Shared Function getErrorcodeindez(Errorcode As String) As String
|
||||
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(Errorcode)
|
||||
End Function
|
||||
Public Shared Function GenerateSalt(ByVal nSalt As Integer) As String
|
||||
Public Shared Function GenerateSalt(ByVal nSalt As Integer) As Byte()
|
||||
Dim saltBytes = New Byte(nSalt) {}
|
||||
|
||||
Using provider = New RNGCryptoServiceProvider()
|
||||
provider.GetNonZeroBytes(saltBytes)
|
||||
End Using
|
||||
|
||||
Return Convert.ToBase64String(saltBytes)
|
||||
Return saltBytes
|
||||
'Convert.ToBase64String(saltBytes)
|
||||
End Function
|
||||
Public Shared Async Function HashPassword(ByVal password As String, ByVal salt As Byte(), ByVal nIterations As Integer, ByVal nHash As Integer) As Threading.Tasks.Task(Of Byte())
|
||||
Dim Argon As Argon2id = New Argon2id(Encoding.UTF8.GetBytes(password))
|
||||
Argon.Salt = salt
|
||||
Argon.DegreeOfParallelism = 6
|
||||
Argon.Iterations = nIterations
|
||||
Argon.MemorySize = 4096
|
||||
Return Await Argon.GetBytesAsync(nHash)
|
||||
'Return Convert.ToBase64String(Argon.GetBytes(nHash))
|
||||
Return Argon.GetBytes(nHash)
|
||||
'Dim saltBytes = Convert.FromBase64String(salt)
|
||||
'Using rfc2898DeriveBytes = New Rfc2898DeriveBytes(password, saltBytes, nIterations)
|
||||
'End Using
|
||||
End Function
|
||||
Public Shared Function HashPassword(ByVal password As String, ByVal salt As String, ByVal nIterations As Integer, ByVal nHash As Integer) As String
|
||||
Dim saltBytes = Convert.FromBase64String(salt)
|
||||
|
||||
Using rfc2898DeriveBytes = New Rfc2898DeriveBytes(password, saltBytes, nIterations)
|
||||
Return Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(nHash))
|
||||
End Using
|
||||
Public Shared Async Function Verifyhash(ByVal passw As String, ByVal salt As Byte(), ByVal hash As Byte(), ByVal nIterations As Integer, ByVal nHash As Integer) As Threading.Tasks.Task(Of Boolean)
|
||||
Dim newHash As Byte() = Await HashPassword(passw, salt, nIterations, nHash)
|
||||
Return hash.SequenceEqual(newHash)
|
||||
End Function
|
||||
|
||||
Public Shared Function RandomInteger(ByVal min As Integer, ByVal _
|
||||
max As Integer) As Integer
|
||||
Dim rand As New RNGCryptoServiceProvider()
|
||||
Dim one_byte() As Byte = {0}
|
||||
rand.GetBytes(one_byte)
|
||||
Return min + (max - min) * (one_byte(0) / 255)
|
||||
End Function
|
||||
End Class
|
||||
|
||||
@@ -26,11 +26,11 @@
|
||||
<system.web>
|
||||
<webServices>
|
||||
<protocols>
|
||||
<add name="HttpGet"/>
|
||||
<add name="HttpPost"/>
|
||||
<add name="HttpGet" />
|
||||
<add name="HttpPost" />
|
||||
</protocols>
|
||||
<conformanceWarnings>
|
||||
<remove name='BasicProfile1_1'/>
|
||||
<remove name="BasicProfile1_1" />
|
||||
</conformanceWarnings>
|
||||
</webServices>
|
||||
<authentication mode="Forms">
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Change_PW.aspx.vb" Debug="true" Inherits="login_Change_PW" %>
|
||||
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Change_PW.aspx.vb" Debug="true" Inherits="login_Change_PW" Async="true" %>
|
||||
|
||||
<!DOCTYPE html>
|
||||
|
||||
|
||||
@@ -1,10 +1,13 @@
|
||||
|
||||
Imports System.Data.SqlClient
|
||||
Imports System.Security.Cryptography
|
||||
Imports System.Threading.Tasks
|
||||
|
||||
Partial Class login_Change_PW
|
||||
Inherits System.Web.UI.Page
|
||||
|
||||
Dim intzahl As Integer = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
|
||||
Dim intzahliterats As Integer = VERAG_VARIABLES.getiterationnumber
|
||||
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
|
||||
Dim url = Request.ServerVariables("URL")
|
||||
Session.Add("urltochangepw", url)
|
||||
@@ -124,7 +127,7 @@ Partial Class login_Change_PW
|
||||
MsgBox("")
|
||||
End Sub
|
||||
|
||||
Protected Sub btn_submitpw_Click(sender As Object, e As EventArgs)
|
||||
Protected Async Sub btn_submitpw_Click(sender As Object, e As EventArgs)
|
||||
Dim tempstr As String = ""
|
||||
Dim UsernameDB As String = String.Empty
|
||||
Dim pwDB As String = String.Empty
|
||||
@@ -235,10 +238,10 @@ Partial Class login_Change_PW
|
||||
ConnectionString = "Server=DEVELOPER.verag.ost.dmn\DEVSQL;Database=VERAG_HOMEPAGE;Uid=AppUser;Pwd=yp/THDd?xM+pZ$;"
|
||||
'ConnectionString = "Server=db593295684.db.1and1.com;Database=db593295684;Uid=dbo593295684;Pwd=atilla#2;"
|
||||
End If
|
||||
Dim isPasswhash As String = gensaltPassw(usrname, tempstr, Email, Session.IsNewSession)
|
||||
Dim isPasswDBhash As String = gensaltPassw(UsernameDB, pwDB, EmailDB, Session.IsNewSession)
|
||||
Dim isPasswhash As Byte() = Await gensaltPasswAsync(usrname, tempstr, salt, intzahliterats, intzahl, Email, Session.IsNewSession)
|
||||
Dim isPasswDBhash As Byte() = Await gensaltPasswAsync(UsernameDB, pwDB, salt, intzahliterats, intzahl, EmailDB, Session.IsNewSession)
|
||||
If regexval_txt_Pw.IsValid = True Then
|
||||
If String.Equals(isPasswhash, isPasswDBhash) = False Then
|
||||
If Await VERAG_VARIABLES.Verifyhash(tempstr, salt, isPasswhash, intzahliterats, intzahl) = True Then
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [Password]=@Password WHERE [Username]=@Username AND [UserId]=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
@@ -351,7 +354,7 @@ Partial Class login_Change_PW
|
||||
End If
|
||||
End Sub
|
||||
|
||||
Protected Sub btn_submitpw_M_Click(sender As Object, e As EventArgs)
|
||||
Protected Async Sub btn_submitpw_M_Click(sender As Object, e As EventArgs)
|
||||
Dim tempstr As String = ""
|
||||
Dim pwDB As String = String.Empty
|
||||
Dim EmailDB As String = String.Empty
|
||||
@@ -406,28 +409,28 @@ Partial Class login_Change_PW
|
||||
If dr.HasRows Then
|
||||
dr.Read()
|
||||
tempstr = txt_Pw_M.Text
|
||||
EmailDB = dr("Email").ToString
|
||||
pwDB = dr("Password").ToString
|
||||
usrnmDB = dr("Username").ToString
|
||||
TheUsrIdDB = dr("UserId").ToString
|
||||
customerIDDB = dr("KundenNr").ToString
|
||||
If String.Equals(usrname, usrnmDB, StringComparison.CurrentCulture) = True Then
|
||||
isusernameright = True
|
||||
End If
|
||||
If String.Equals(Email, EmailDB, StringComparison.CurrentCulture) = True Then
|
||||
isemailright = True
|
||||
End If
|
||||
If String.Equals(txt_Pw_M.Text, pwDB, StringComparison.CurrentCulture) = False Then
|
||||
ispwrEqual = False
|
||||
End If
|
||||
If String.Equals(UsrID, TheUsrIdDB, StringComparison.CurrentCulture) = True Then
|
||||
isUSrIDright = True
|
||||
End If
|
||||
If String.Equals(THEUsrID, customerIDDB, StringComparison.CurrentCulture) = True Then
|
||||
isctmrIDright = True
|
||||
End If
|
||||
EmailDB = dr("Email").ToString
|
||||
pwDB = dr("Password").ToString
|
||||
usrnmDB = dr("Username").ToString
|
||||
TheUsrIdDB = dr("UserId").ToString
|
||||
customerIDDB = dr("KundenNr").ToString
|
||||
If String.Equals(usrname, usrnmDB, StringComparison.CurrentCulture) = True Then
|
||||
isusernameright = True
|
||||
End If
|
||||
If String.Equals(Email, EmailDB, StringComparison.CurrentCulture) = True Then
|
||||
isemailright = True
|
||||
End If
|
||||
If String.Equals(txt_Pw_M.Text, pwDB, StringComparison.CurrentCulture) = False Then
|
||||
ispwrEqual = False
|
||||
End If
|
||||
If String.Equals(UsrID, TheUsrIdDB, StringComparison.CurrentCulture) = True Then
|
||||
isUSrIDright = True
|
||||
End If
|
||||
If String.Equals(THEUsrID, customerIDDB, StringComparison.CurrentCulture) = True Then
|
||||
isctmrIDright = True
|
||||
End If
|
||||
|
||||
If String.Compare(usrname, dr("Username")) = True Then
|
||||
If String.Compare(usrname, dr("Username")) = True Then
|
||||
isusernameright = True
|
||||
End If
|
||||
End If
|
||||
@@ -454,10 +457,10 @@ Partial Class login_Change_PW
|
||||
End If
|
||||
|
||||
Using con As New SqlConnection(ConnectionString)
|
||||
Dim isPasswhash As String = gensaltPassw(usrname, tempstr, Email, Session.IsNewSession)
|
||||
Dim isPasswDBhash As String = gensaltPassw(usrnmDB, pwDB, EmailDB, Session.IsNewSession)
|
||||
Dim isPasswhash As Byte() = Await gensaltPasswAsync(usrname, tempstr, salt, intzahliterats, intzahl, Email, Session.IsNewSession)
|
||||
Dim isPasswDBhash As Byte() = Await gensaltPasswAsync(usrnmDB, pwDB, salt, intzahliterats, intzahl, EmailDB, Session.IsNewSession)
|
||||
If regexval_txt_Pw.IsValid = True Then
|
||||
If String.Equals(isPasswhash, isPasswDBhash, StringComparison.CurrentCulture) = False Then
|
||||
If Await VERAG_VARIABLES.Verifyhash(tempstr, salt, isPasswhash, intzahliterats, intzahl) = True AndAlso Await VERAG_VARIABLES.Verifyhash(pwDB, salt, isPasswDBhash, intzahliterats, intzahl) = True Then
|
||||
Using cmd As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET Password=@Password WHERE Username=@Username AND UserId=@UserId")
|
||||
' cmd.CommandType = CommandType.StoredProcedure
|
||||
cmd.Parameters.AddWithValue("@Username", usrname)
|
||||
@@ -522,79 +525,29 @@ Partial Class login_Change_PW
|
||||
End If
|
||||
End If
|
||||
End Sub
|
||||
Function gensaltPassw(username As String, password As String, email As String, isnewSession As Boolean) As String
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 8), Math.Pow(2, 12))
|
||||
|
||||
Async Function gensaltPasswAsync(username As String, password As String, salt As Byte(), intzahliterats As Integer, intzahl As Integer, email As String, isnewSession As Boolean) As Task(Of Byte())
|
||||
If isnewSession = False Then
|
||||
Dim token As String
|
||||
If String.IsNullOrEmpty(username) = False AndAlso String.IsNullOrEmpty(email) = False Then
|
||||
If String.IsNullOrEmpty(password) = False Then
|
||||
Try
|
||||
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = password
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 1491, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = password
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 901, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
End Try
|
||||
Else
|
||||
Return String.Empty
|
||||
End If
|
||||
End If
|
||||
Return String.Empty
|
||||
Else
|
||||
Return "Error in Session ID. It has changed. Please check admin!"
|
||||
Dim token As Byte()
|
||||
'Dim tok As Byte = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
Dim tok As String = password
|
||||
token = Await VERAG_VARIABLES.HashPassword(password, salt, intzahliterats, intzahl)
|
||||
Return token
|
||||
End If
|
||||
End Function
|
||||
|
||||
Function gennewsaltToken(username As String, password As String, email As String, CustomerID As String, isnewSession As Boolean, theUserID As String) As String
|
||||
Async Function gennewsaltToken(username As String, password As String, email As String, salt As Byte(), CustomerID As String, intzahlits As Integer, intzahl As Integer, isnewSession As Boolean, theUserID As String) As Task(Of String)
|
||||
If isnewSession = False Then
|
||||
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
|
||||
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
|
||||
Dim token As String
|
||||
Dim token As Byte()
|
||||
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
Dim Rand As Random = New Random
|
||||
If String.IsNullOrEmpty(theUserID) = False Then
|
||||
Try
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
|
||||
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
|
||||
End Try
|
||||
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
token = Await VERAG_VARIABLES.HashPassword(tok, salt, intzahlits, intzahl)
|
||||
|
||||
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
|
||||
Else
|
||||
Return String.Empty
|
||||
End If
|
||||
@@ -603,72 +556,33 @@ Partial Class login_Change_PW
|
||||
End If
|
||||
End Function
|
||||
|
||||
Function gensaltToken(STrings As String) As String
|
||||
Async Function gensaltTokenAsync(STrings As String) As Task(Of String)
|
||||
If String.IsNullOrEmpty(STrings) = False Then
|
||||
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
|
||||
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
|
||||
Dim token As String
|
||||
Dim token As Byte()
|
||||
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 7))
|
||||
Dim Rand As Random = New Random
|
||||
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = STrings
|
||||
token = Await VERAG_VARIABLES.HashPassword(tok, salt, intzahliterats, intzahl)
|
||||
|
||||
Try
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(STrings)
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
Dim intzahl2 = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 7))
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
|
||||
Dim tok As String = VERAG_PROG_ALLGEMEIN.cCryptography3.Decrypt(STrings)
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Return Convert.ToBase64String(token)
|
||||
|
||||
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
|
||||
|
||||
End Try
|
||||
Else
|
||||
Dim token As String
|
||||
Dim token As Byte()
|
||||
Dim intzahliterats = RandomInteger(Math.Pow(2, 10), Math.Pow(2, 12))
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 7))
|
||||
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
Dim Rand As Random = New Random
|
||||
|
||||
Try
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = STrings
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
|
||||
Dim tok As String = STrings
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
token = Await VERAG_VARIABLES.HashPassword(tok, salt, intzahliterats, intzahl)
|
||||
|
||||
End Try
|
||||
Return Convert.ToBase64String(token)
|
||||
|
||||
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
|
||||
End If
|
||||
End Function
|
||||
Public Function RandomInteger(ByVal min As Integer, ByVal _
|
||||
Shared Function RandomInteger(ByVal min As Integer, ByVal _
|
||||
max As Integer) As Integer
|
||||
Dim rand As New RNGCryptoServiceProvider()
|
||||
Dim one_byte() As Byte = {0}
|
||||
|
||||
@@ -605,8 +605,8 @@ Partial Class ForgotPW
|
||||
|
||||
Async Function Findtokenhashsalt(username As String, password As String, email As String, customerID As String, isusernameright As Boolean, isuserIDright As Boolean, isuserEmailright As Boolean, isnewsess As Boolean, UserID As String) As Task(Of String)
|
||||
Dim t As Task(Of String)
|
||||
t = Task.Run(Function() As String
|
||||
Return gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, isnewsess, UserID)
|
||||
t = Task.Run(Async Function() As Task(Of String)
|
||||
Return Await gensaltToken(username, password, email, customerID, isusernameright, isuserIDright, isuserEmailright, isnewsess, UserID)
|
||||
End Function)
|
||||
Return Await t
|
||||
End Function
|
||||
@@ -755,39 +755,24 @@ Partial Class ForgotPW
|
||||
Return min + (max - min) * (one_byte(0) / 255)
|
||||
End Function
|
||||
|
||||
Function gensaltToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean, theUserID As String) As String
|
||||
Async Function gensaltToken(username As String, password As String, email As String, CustomerID As String, isusrnmright As Boolean, iscstmIDright As Boolean, isemailright As Boolean, isnewSession As Boolean, theUserID As String) As Task(Of String)
|
||||
If isnewSession = False Then
|
||||
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
|
||||
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
|
||||
Dim token As String
|
||||
Dim token As Byte()
|
||||
|
||||
Dim intzahl = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 14))
|
||||
Dim intzahl2 = RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
|
||||
Dim intzahliterats = RandomInteger(Math.Pow(2, 5), Math.Pow(2, 10))
|
||||
Dim Rand As Random = New Random
|
||||
If isusrnmright = True And iscstmIDright = True And isemailright = True AndAlso String.IsNullOrEmpty(theUserID) = False Then
|
||||
Try
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(intzahl2)
|
||||
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(tok, salt, 10191, intzahl2))
|
||||
salt = String.Empty
|
||||
tok = String.Empty
|
||||
Return token
|
||||
|
||||
End Try
|
||||
Dim salt As Byte() = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
'Dim tok As Byte = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
Dim tok As String = Convert.ToBase64String(time.Concat(Key).ToArray())
|
||||
token = Await VERAG_VARIABLES.HashPassword(tok, salt, intzahliterats, intzahl)
|
||||
|
||||
Return Convert.ToBase64String(token)
|
||||
Else
|
||||
Return String.Empty
|
||||
End If
|
||||
@@ -835,7 +820,6 @@ Partial Class ForgotPW
|
||||
End If
|
||||
End Function
|
||||
|
||||
|
||||
Function RandomString(r As Random, max As Integer) As String
|
||||
Dim s As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!§$%&/?="
|
||||
Dim sb As New StringBuilder
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
<%@ Page Language="VB" Debug="true" AutoEventWireup="false" CodeFile="login_FLEX.aspx.vb" Inherits="login_FLEX" EnableSessionState="True" %>
|
||||
<%@ Page Language="VB" Debug="true" AutoEventWireup="false" CodeFile="login_FLEX.aspx.vb" Inherits="login_FLEX" EnableSessionState="True" Async="true" %>
|
||||
|
||||
<!DOCTYPE html>
|
||||
|
||||
|
||||
@@ -1,14 +1,15 @@
|
||||
Imports System.Data.SqlClient
|
||||
Imports System.Data
|
||||
Imports System.Security.Cryptography
|
||||
|
||||
Partial Class login_FLEX
|
||||
Inherits System.Web.UI.Page
|
||||
|
||||
Dim Customer_ID As String = String.Empty
|
||||
Dim UserNaMe As String = String.Empty
|
||||
Dim passw As String = String.Empty
|
||||
Dim USERID As String = String.Empty
|
||||
Private Customer_ID As String = String.Empty
|
||||
Private UserNaMe As String = String.Empty
|
||||
Private passw As String = String.Empty
|
||||
Private USERID As String = String.Empty
|
||||
Private salt As Byte()
|
||||
Private intzahl As Integer
|
||||
Private intzahliterats As Integer
|
||||
Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
|
||||
VERAG_VARIABLES.initerrorcount()
|
||||
If Page.IsPostBack = True Then
|
||||
@@ -16,8 +17,11 @@ Partial Class login_FLEX
|
||||
Else
|
||||
Page.MaintainScrollPositionOnPostBack = False
|
||||
End If
|
||||
intzahl = VERAG_VARIABLES.RandomInteger(Math.Pow(2, 7), Math.Pow(2, 10))
|
||||
intzahliterats = VERAG_VARIABLES.getiterationnumber
|
||||
salt = VERAG_VARIABLES.GenerateSalt(intzahl)
|
||||
End Sub
|
||||
Protected Sub ValidateUser(sender As Object, e As EventArgs)
|
||||
Protected Async Sub ValidateUser(sender As Object, e As EventArgs)
|
||||
|
||||
' cDBFunctions.GetNewOpenConnection()
|
||||
Dim ConnectionString = ""
|
||||
@@ -183,16 +187,6 @@ Partial Class login_FLEX
|
||||
dr.Close()
|
||||
con.Close()
|
||||
End Using
|
||||
Using cmd2 As New SqlCommand("UPDATE [VERAG_HOMEPAGE].[dbo].[Users] SET [LastLoginDate]=@Date WHERE [Username]=@Username AND [KundenNr]=@KundenNr AND Password=@Password")
|
||||
cmd2.Parameters.AddWithValue("Date", Date.Now.ToString)
|
||||
cmd2.Parameters.AddWithValue("Username", UserNaMe)
|
||||
cmd2.Parameters.AddWithValue("KundenNr", Customer_ID)
|
||||
cmd2.Parameters.AddWithValue("Password", passw)
|
||||
cmd2.Connection = con
|
||||
con.Open()
|
||||
cmd2.ExecuteNonQuery()
|
||||
con.Close()
|
||||
End Using
|
||||
End Using
|
||||
|
||||
If String.IsNullOrEmpty(tb2_M.Text) = False AndAlso String.IsNullOrEmpty(tb2.Text) = True Then
|
||||
@@ -204,7 +198,10 @@ Partial Class login_FLEX
|
||||
'Dim str = gensaltToken(UserNaMe, passw, Customer_ID, Session.IsNewSession)
|
||||
'MsgBox(str)
|
||||
'End If
|
||||
FormsAuthentication.RedirectFromLoginPage(UserNaMe, True)
|
||||
Dim hashpw As Byte() = Await VERAG_VARIABLES.HashPassword(passw, salt, intzahliterats, intzahl)
|
||||
If Await VERAG_VARIABLES.Verifyhash(passw, salt, hashpw, intzahliterats, intzahl) = True Then
|
||||
FormsAuthentication.RedirectFromLoginPage(UserNaMe, True)
|
||||
End If
|
||||
|
||||
End Sub
|
||||
|
||||
@@ -220,58 +217,38 @@ Partial Class login_FLEX
|
||||
Session.Add("CustomerID", Customer_ID)
|
||||
Session.Add("PW", passw)
|
||||
End Sub
|
||||
Function gensaltToken(username As String, password As String, CustomerID As String, isnewSession As Boolean) As String
|
||||
Async Function gensaltToken(username As String, password As String, CustomerID As String, salt As Byte(), intzahliterats As Integer, intzahl As Integer, isnewSession As Boolean) As Threading.Tasks.Task(Of String)
|
||||
If isnewSession = False Then
|
||||
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
|
||||
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
|
||||
Dim token As String
|
||||
Dim MyMin As Integer = 155, MyMax As Integer = 875, My1stRandomNumber As Integer, My2ndRandomNumber As Integer
|
||||
' Create a random number generator
|
||||
Dim Generator As System.Random = New System.Random()
|
||||
' Get a random number >= MyMin and <= MyMax
|
||||
My1stRandomNumber = Generator.Next(MyMin, MyMax + 1) ' Note: Next function returns numbers _less than_ max, so pass in max + 1 to include max as a possible value
|
||||
Dim token As Byte()
|
||||
|
||||
' Get another random number (don't create a new generator, use the same one)
|
||||
My2ndRandomNumber = Generator.Next(MyMin, MyMax + 1)
|
||||
If String.IsNullOrEmpty(username) = False And String.IsNullOrEmpty(passw) = False And String.IsNullOrEmpty(CustomerID) = False Then
|
||||
Try
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber)
|
||||
Dim passw As String = password
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(passw, salt, 101, My1stRandomNumber))
|
||||
Session.Add("Tokensalt", VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(token))
|
||||
Session.Add("salt", VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(salt))
|
||||
Return token
|
||||
Catch Ex As Exception
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
Dim salt As String = VERAG_VARIABLES.GenerateSalt(My1stRandomNumber)
|
||||
Dim passw As String = password
|
||||
token = VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(VERAG_VARIABLES.HashPassword(passw, salt, 101, My2ndRandomNumber))
|
||||
token = Await VERAG_VARIABLES.HashPassword(Convert.ToBase64String(time.Concat(Key).ToArray()), salt, intzahliterats, intzahl)
|
||||
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
|
||||
|
||||
'Dim Msg, Style, Title As String
|
||||
'Msg = "Token Generation failed" & vbCrLf & "A new E-mail has been sent to the intern e-mail given."
|
||||
'Style = vbRetry + vbExclamation + vbDefaultButton1
|
||||
'Title = "Error05: Token-Generierung"
|
||||
'MsgBox(Msg, Style, Title)
|
||||
'If MsgBox(Msg, Style, Title).Retry Then
|
||||
'genToken(username, password, email)
|
||||
token = Await VERAG_VARIABLES.HashPassword(Convert.ToBase64String(time.Concat(Key).ToArray()), salt, intzahliterats, intzahl)
|
||||
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
|
||||
|
||||
'Else
|
||||
'MsgBox("Token-Generation has not been successful." & vbCrLf & "Please try again in five seconds!")
|
||||
Dim jetzt As DateTime = DateTime.UtcNow
|
||||
Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
|
||||
'Else
|
||||
'MsgBox("Token-Generation has not been successful." & vbCrLf & "Please try again in five seconds!")
|
||||
Dim jetzt As DateTime = DateTime.UtcNow
|
||||
Dim wenn As DateTime = DateTime.UtcNow.AddSeconds(-5)
|
||||
|
||||
If jetzt < wenn Then
|
||||
Return "NotYet"
|
||||
Else
|
||||
token = Await VERAG_VARIABLES.HashPassword(Convert.ToBase64String(time.Concat(Key).ToArray()), salt, intzahliterats, intzahl)
|
||||
Return VERAG_PROG_ALLGEMEIN.cCryptography3.Encrypt(Convert.ToBase64String(token))
|
||||
'End If
|
||||
End If
|
||||
|
||||
If jetzt < wenn Then
|
||||
Return "NotYet"
|
||||
Else
|
||||
token = gensaltToken(username, password, CustomerID, Session.IsNewSession)
|
||||
Return token
|
||||
'End If
|
||||
End If
|
||||
End Try
|
||||
Else
|
||||
Return String.Empty
|
||||
End If
|
||||
Else
|
||||
Return "Error in Session ID. It has changed. Please check admin!"
|
||||
End If
|
||||
End Function
|
||||
End Class
|
||||
@@ -10,6 +10,8 @@
|
||||
<package id="K4os.Compression.LZ4" version="1.2.6" targetFramework="net47" />
|
||||
<package id="K4os.Compression.LZ4.Streams" version="1.2.6" targetFramework="net47" />
|
||||
<package id="K4os.Hash.xxHash" version="1.0.6" targetFramework="net47" />
|
||||
<package id="Konscious.Security.Cryptography.Argon2" version="1.2.1" targetFramework="net47" />
|
||||
<package id="Konscious.Security.Cryptography.Blake2" version="1.0.9" targetFramework="net47" />
|
||||
<package id="Microsoft.CodeAnalysis.Analyzers" version="3.0.0" targetFramework="net47" developmentDependency="true" />
|
||||
<package id="Microsoft.CodeAnalysis.Common" version="3.9.0" targetFramework="net47" />
|
||||
<package id="Microsoft.CodeAnalysis.CSharp" version="3.9.0" targetFramework="net47" />
|
||||
|
||||
Reference in New Issue
Block a user