edv/VERAG_Homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Tokengenerierung funktioniert und Sicherheitsmechanismus mittels Cryptographic Funktion auf VERAG_Prog_Allgemein verschlüsseltem Token an der URL zum PW Resetten

Browse Source
This commit is contained in:
ja
2021-10-08 13:45:16 +02:00
parent 46edf79845
commit 36e6191b5a
5 changed files with 107 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
login/ForgotPW.aspx.vb
View File

@@ -7,6 +7,9 @@ Imports System.Data
Partial Class login_ForgotPW
Inherits System.Web.UI.Page
Protected Sub Page_Load(sender As Object, e As EventArgs)
If txt_Username.Text = "" Then
Try
@@ -15,6 +18,7 @@ Partial Class login_ForgotPW
MsgBox(ex.Message)
End Try
End If
End Sub
Protected Sub btn_Back_Click(sender As Object, e As EventArgs)
Response.Redirect("login/login_FLEX.aspx")
@@ -72,7 +76,7 @@ Partial Class login_ForgotPW
con.Close()
End Using
tokenname = genToken(username, password, email)
If SendEmail(username, password, email) = True Then
If SendEmail(username, password, email, tokenname) = True Then
'password = RandomString(New Random, 10)
If (getDateoftoken(tokenname) = True) Then
Dim msgboxstyle = vbDefaultButton1 + vbOK
@@ -86,7 +90,7 @@ Partial Class login_ForgotPW
MsgBox("Mail would be sent successfully!")
lblMessage.ForeColor = Color.Green
lblMessage.Text = "Passwort wurde erfolgreich an die angegebene E-Mail Adresse gesendet."
ElseIf SendEmail(username, password, email) = False Then
ElseIf SendEmail(username, password, email, tokenname) = False Then
MsgBox("Mail would not be sent successfully!")
lblMessage.ForeColor = Color.Red
lblMessage.Text = "Diese E-Mail ist nicht in unserer Datenbank vorhanden."
@@ -104,31 +108,38 @@ Partial Class login_ForgotPW
Return sb.ToString()
End Function
Function SendEmail(username As String, password As String, email As String) As Boolean
Function SendEmail(username As String, password As String, email As String, tokenname As String) As Boolean
Dim getdomianenvironment As String = ""
Dim pagename As String = ""
Dim ServPort As String = ""
If HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
ElseIf HttpContext.Current.Request.ServerVariables("SERVER_NAME") = "localhost" Then
ServPort = Request.ServerVariables("SERVER_PORT")
pagename = Request.ServerVariables("SCRIPT_NAME")
ElseIf HttpContext.Current.Request.ServerVariables("SERVER_NAME") = Not "localhost" Then
getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
ServPort = Nothing
pagename = Request.ServerVariables("SCRIPT_NAME")
End If
'Dim pg As String = Request.ServerVariables("URL")
MsgBox("/" + ServPort + Request.ServerVariables("URL"))
Dim mailto As String = email
Dim Betreff As String = "Passwort reset"
Dim htmlbody = String.Format("Sehr geehrte/r {0},<br /><br /> Der Link zum Zurücksetzen des Passwortes lautet:<br /><br /><br />.<br />" + Environment.NewLine + "<a href=" + "" + getdomianenvironment + "/login/ChangePW.aspx" + ">This is default.aspx</a>" + Environment.NewLine + "<br />Mit freundlichen Grüßen,", username, password)
Dim htmlbody = String.Format("Sehr geehrte/r {0},<br /><br /> Der Link zum Zurücksetzen des Passwortes lautet:<br /><br /><br />.<br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ":" + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + ">Link</a>" + Environment.NewLine + "<br />Mit freundlichen Grüßen,", username, password)
Try
Dim tokennametemp = genToken(username, password, email)
'Dim Strtemp = Session.Keys.Item("urltochangepw")
If getDateoftoken(tokennametemp) = True Then
' Dim attachment As Attachment = New Attachment(File.OpenRead(excel), "Kundenliste.xlsx")
' Msg.Attachments.Add(attachment)
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
MsgBox("SENT")
Return True
Else
MsgBox("Error02: Mail not delivered!")
tokennametemp = genToken(username, password, email)
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody)
VERAG_PROG_ALLGEMEIN.cProgramFunctions.sendMail(mailto, Betreff, htmlbody, tokenname)
Return False
End If
Catch ex As Exception
@@ -140,8 +151,9 @@ Partial Class login_ForgotPW
Function genToken(username As String, password As String, email As String) As String
Dim time() As Byte = BitConverter.GetBytes(DateTime.UtcNow.ToBinary())
Dim Key() As Byte = Guid.NewGuid().ToByteArray()
Dim token As String
Try
Dim token As String
token = Convert.ToBase64String(time.Concat(Key).ToArray())
Return token
Catch Ex As Exception
@@ -152,21 +164,35 @@ Partial Class login_ForgotPW
MsgBox(Msg, Style, Title)
If MsgBox(Msg, Style, Title).Retry Then
If SendEmail(username, password, email) = True Then
MsgBox("SENT")
genToken(username, password, email)
Else
MsgBox("Tokengenerierung nicht erfolgreich." & vbCrLf & "In 5 Sekunden nochmal versuchen!")
Dim jetzt As DateTime = DateTime.UtcNow
Dim wenn As DateTime = DateTime.UtcNow.AddMinutes(-3)
Token_tmr.Interval = 3000
Token_tmr.Enabled = True
If jetzt < DateTime.UtcNow.AddSeconds(-5) Then
Return "NotYet"
Else
MsgBox("Error02: Mail not delivered!")
Token_tmr.Enabled = False
token = Convert.ToBase64String(time.Concat(Key).ToArray())
Return token
End If
End If
End Try
End Function
Function getDateoftoken(tokenname As String) As Boolean
Dim data() As Byte = Convert.FromBase64String(tokenname)
Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
If wenn < DateTime.UtcNow.AddHours(-24) Then
If wenn < DateTime.UtcNow.AddMinutes(-30) Then
Return False
MsgBox("Token nicht gefunden oder zu alt!" + Environment.NewLine + "Bitte erneut Mail senden!")
ElseIf tokenname = "NotYet" Then
Return False
Else
Return True
End If
@@ -175,4 +201,8 @@ Partial Class login_ForgotPW
Protected Sub txtEmail_TextChanged(sender As Object, e As EventArgs)
regexval_txt_Email.Validate()
End Sub
Protected Sub Token_tmr_Tick(sender As Object, e As EventArgs)
btn_Send.Enabled = False
End Sub
End Class