3
Contributors
3
Replies
29
Views
9 Months
Discussion Span
Last Post by overwraith
0

As a student you would know how to research. That is, use google, wikipedia and more. What else you need to know is how to ask questions here. Please read https://www.daniweb.com/programming/threads/435023/read-this-before-posting-a-question

Back to your work at hand. You have a concept that has been done before so what is the goal here? Make a wheel or try to build it from scratch so you understand how it all works from the ground up?

It's unclear what your question here is. Be sure to ask the question after you read the link I supplied. Be sure to write it as a question that is followed by the usual question mark.

0

I hope it is not too intrusive for me to provide a little sample code... The object relational mapper would probably be your own responsibility. Object relational mappers pull objects out of the database and map them to properties in your objects, the model. You would have to determine the resulting byte array lengths and then create a table in the database with those byte array lengths, you could also do that on the fly with nhibernate creating the table for you.

        /// <summary>
        /// Object to be saved to database. 
        /// </summary>
        public class MyObject {
            /// <summary>
            /// Fingerprint to save to database. 
            /// </summary>
            public byte[] Fingerprint {
                get; set;
            }

            public MyObject() {

            }

            /// <summary>
            /// Set the fingerprint byte array object. 
            /// </summary>
            public void SetFingerprint(Stream stream) {
                using (HashAlgorithm hash = CreateHashAlgorithim()) {
                    Fingerprint = hash.ComputeHash(stream);
                }
            }//end method

            public HashAlgorithm CreateHashAlgorithim() {
                //options md5, sha1, and sha512
                return MD5.Create();
            }//end method
        }//end class
0

I don't know what I was thinking. This is much more complete...

namespace NHibernateIdentityDAL.Models {
    [Indexed(Index = "User")]
    public class User {
        /// <summary>
        /// Unique identifier for group used by program and database layer. 
        /// </summary>
        [DocumentId]
        public virtual int UserId {
            get; set;
        }

        /// <summary>
        /// A hash of the users password is stored in the database and used for logins. 
        /// Storing a hash is more secure than storing plaintext. 
        /// No Company should have a comprehensive plaintext wordlist of it's users. 
        /// </summary>
        public virtual byte[] PasswordHash {
            get; set;
        }

        /// <summary>
        /// Sets the password for the given individual. 
        /// </summary>
        /// <param name="password"></param>
        public virtual void SetPassword(String password) {
            //get salt from web config
            byte[] salt = Encoding.UTF8.GetBytes(System.Configuration.ConfigurationManager.AppSettings["salt"].ToString());
            byte[] passBytes = Encoding.UTF8.GetBytes(password);

            //perpend salt to password
            byte[] catPass = salt.Concat(passBytes).ToArray();

            //call all the hash algorithims here
            HashAlgorithm hashAlg = GetHashAlgorithim();
            byte[] passHash = hashAlg.ComputeHash(catPass);

            //determine if password meets password policy conventions
            if (!PassPolicy.VerifyPasswordConvention(password, this.UserId))
                throw new InvalidOperationException(PassPolicy.GetMessage());

            this.PasswordHash = passHash;
        }//end method

        /// <summary>
        /// Determines whether two passwords are equal. 
        /// </summary>
        /// <param name="password"></param>
        /// <returns></returns>
        public virtual bool ComparePassword(String password) {
            //get salt from web config
            byte[] salt = Encoding.UTF8.GetBytes(System.Configuration.ConfigurationManager.AppSettings["salt"].ToString());
            byte[] passBytes = Encoding.UTF8.GetBytes(password);

            //perpend salt to password
            byte[] catPass = salt.Concat(passBytes).ToArray();

            //call all the hash algorithims here
            HashAlgorithm hashAlg = GetHashAlgorithim();

            byte[] incomingHash = hashAlg.ComputeHash(catPass);

            if (incomingHash.SequenceEqual(this.PasswordHash))
                return true;

            return false;
        }//end method

        /// <summary>
        /// Gets the underlying hash algorithim for the object's password capability. 
        /// </summary>
        /// <returns></returns>
        public virtual HashAlgorithm GetHashAlgorithim() {
            //Detect the hash algorithim that the user wants employed. 
            String hashMethod = System.Configuration.ConfigurationManager.AppSettings["HashMethod"];
            Dictionary<String, HashAlgorithm> hashAlgorithims = new Dictionary<String, HashAlgorithm>();
            hashAlgorithims.Add("MD5", MD5.Create());
            hashAlgorithims.Add("RIPEMD160", RIPEMD160.Create());
            hashAlgorithims.Add("SHA1", SHA1.Create());
            hashAlgorithims.Add("SHA256", SHA256.Create());
            hashAlgorithims.Add("SHA384", SHA256.Create());
            hashAlgorithims.Add("SHA512", SHA512.Create());

            HashAlgorithm currentAlg = null;
            if (hashAlgorithims.ContainsKey(hashMethod))
                currentAlg = hashAlgorithims[hashMethod];
            else
                throw new NotImplementedException("This algorithim has not been implemented. ");

            return currentAlg;
        }//end method

    }//end class

}//end namespace
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.