Änderungen algorithmus verschlüsselung session key email pw reset

2021-10-14 11:14:04 +02:00
parent 146a86a83e
commit 888ea5150d
3 changed files with 6 additions and 6 deletions
--- a/Web.config
+++ b/Web.config
@@ -27,7 +27,7 @@
    <authentication mode="Forms">
      <forms defaultUrl="/Customers/CustomsAviso.aspx" loginUrl="login/Login_FLEX.aspx" slidingExpiration="true" timeout="2880"/>
    </authentication>
-    <sessionState mode="InProc" timeout="1800" cookieless="false"  regenerateExpiredSessionId="true" compressionEnabled="false"/>
+    <sessionState mode="InProc" timeout="1800" cookieless="false"  regenerateExpiredSessionId="false" compressionEnabled="false" useHostingIdentity="true" />
    <httpRuntime requestValidationMode="2.0" targetFramework="4.7"/>
    <pages validateRequest="false" controlRenderingCompatibilityVersion="4.0"/>
    <!--<securityPolicy>
--- a/login/ChangePW.aspx.vb
+++ b/login/ChangePW.aspx.vb
@@ -100,9 +100,9 @@ Partial Class login_ChangePW
    End Sub

    Function getDateoftoken(tokenname As String) As Boolean
-        Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname))
+        Dim data() As Byte = Convert.FromBase64String(VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(tokenname))
        Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
-        Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography.Decrypt(tokenname)
+        Dim nameoftoken = VERAG_PROG_ALLGEMEIN.cCryptography2.Decrypt(tokenname)
        If wenn < DateTime.UtcNow.AddMinutes(-30) Then
            nameoftoken = String.Empty
            'MsgBox("Token has not been found or is too old!" + Environment.NewLine + "Please send a new E-mail!")
--- a/login/ForgotPW.aspx.vb
+++ b/login/ForgotPW.aspx.vb
@@ -96,6 +96,7 @@ Partial Class login_ForgotPW
            If Session.Item("TokenforEmail") = Nothing Then
                tokenname = genToken(username, password, email)
                Session.Add("TokenforEmail", tokenname)
+                Session.Add("SessID", VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(Session.SessionID))
            Else
                tokenname = Session.Item("TokenforEmail")
            End If
@@ -157,7 +158,6 @@ Partial Class login_ForgotPW
        Dim getdomianenvironment As String = String.Empty
        Dim pagename As String = String.Empty
        Dim ServPort As String = String.Empty
-
        Dim mailto As String = String.Empty
        Dim Betreff As String = String.Empty
        Dim htmlbody As String = String.Empty
@@ -167,14 +167,14 @@ Partial Class login_ForgotPW
            'pagename = Request.ServerVariables("SCRIPT_NAME")
            mailto = email
            Betreff = "Passwort reset"
-            htmlbody = String.Format("Dear, {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + tokenname + ">Link</a>" + Environment.NewLine + "<br />Kind regards, <br />VERAG | EDV Support<br />support@verag.ag,", username, password)
+            htmlbody = String.Format("Dear, {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + ServPort + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + ">Link</a>" + Environment.NewLine + "<br />Kind regards, <br />VERAG | EDV Support<br />support@verag.ag,", username, password)
        ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = False Then
            getdomianenvironment = HttpContext.Current.Request.ServerVariables("SERVER_NAME")
            ServPort = String.Empty
            'pagename = Request.ServerVariables("SCRIPT_NAME")
            mailto = email
            Betreff = "Passwort reset"
-            htmlbody = String.Format("Dear, {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ChangePW.aspx?Par1=" + tokenname + ">Link</a>" + Environment.NewLine + "<br />Kind regards, <br />VERAG | EDV Support<br />support@verag.ag,", username, password)
+            htmlbody = String.Format("Dear, {0},<br /><br /> Please follow the Link to reset your password:<br /><br />" + Environment.NewLine + "<a runat=" + "server" + " href=http://" + getdomianenvironment + "/login/ChangePW.aspx?Par1=" + VERAG_PROG_ALLGEMEIN.cCryptography.Encrypt(tokenname) + ">Link</a>" + Environment.NewLine + "<br />Kind regards, <br />VERAG | EDV Support<br />support@verag.ag,", username, password)
        ElseIf String.IsNullOrWhiteSpace(HttpContext.Current.Request.ServerVariables("SERVER_NAME")) = True Then
            'MsgBox("Error09:" + Environment.NewLine + "The Domain could not be vaildated. Check Link please or contact the Administrator of the program.")
            lblMessage.ForeColor = Color.OrangeRed