C# Class Subtext.Framework.Security.SecurityHelper

Handles blog logins/passwords/tickets

Afficher le fichier Open project: ayende/Subtext Class Usage Examples

Méthodes publiques

Méthode	Description
Authenticate ( string claimedIdentifier, bool persist ) : bool	Check to see if the supplied OpenID claim is valid for the current blog. If so, Set the user's FormsAuthentication Ticket This method will handle passwords for both hashed and non-hashed configurations We're comparing URI objects rather than using simple string compare because functionally equivalent URI's may not pass string comparaisons, e.g. such as http://example.myopenid.com/ and http://example.myopenid.com (trailing /)
Authenticate ( string username, string password, bool persist ) : bool	Check to see if the supplied credentials are valid for the current blog. If so, Set the user's FormsAuthentication Ticket This method will handle passwords for both hashed and non-hashed configurations
AuthenticateHostAdmin ( string username, string password, bool persist ) : bool	Authenticates the host admin.
CombinePasswordAndSalt ( string password, string salt ) : string	Returns a string with a password and salt combined.
CreateRandomSalt ( ) : string	Creates a random salt value.
DecryptString ( string encryptedBase64EncodedString, Encoding encoding, byte key, byte initializationVendor ) : string	Decrypts the string.
EncryptString ( string clearText, Encoding encoding, byte key, byte initializationVendor ) : string	Generates the symmetric key.
GenerateInitializationVector ( ) : byte[]	Generates the symmetric key.
GenerateSymmetricKey ( ) : byte[]	Generates the symmetric key.
GetExpiredCookie ( ) : System.Web.HttpCookie	Used to remove a cookie from the client.
GetFullCookieName ( ) : string	Identifies cookies by unique BlogHost names (rather than a single name for all cookies in multiblog setups as the old code did).
HashPassword ( string password ) : string	Get MD5 hashed/encrypted representation of the password and returns a Base64 encoded string of the hash. This is a one-way hash. Passwords are case sensitive now. Before they weren't.
HashPassword ( string password, string salt ) : string	Get MD5 hashed/encrypted representation of the password and a salt value combined in the proper manner. Returns a Base64 encoded string of the hash. This is a one-way hash. Passwords are case sensitive now. Before they weren't.
IsInRole ( string role ) : bool	Returns true if the user is in the specified role. It's a wrapper to calling the IsInRole method of IPrincipal.
IsValidPassword ( string password ) : bool	Check to see if the supplied password matches the password for the current blog. This method will check the BlogConfigurationSettings to see if the password should be Encrypted/Hashed
IsValidUser ( string username, string password ) : bool	Validates if the supplied credentials match the current blog
LogOut ( ) : void	Logs the user off the system.
RandomPassword ( ) : string	Generates a "Random Enough" password. :)
ResetHostAdminPassword ( ) : string
ResetPassword ( ) : string	When we Encrypt/Hash the password, we can not un-Encrypt/Hash the password. If user's need to retrieve this value, all we can do is reset the passowrd to a new value and send it.
SelectAuthenticationCookie ( ) : System.Web.HttpCookie	Obtains the correct cookie for the current blog
SetAuthenticationTicket ( string username, bool persist ) : void
SetAuthenticationTicket ( string username, bool persist, bool forceHostAdmin ) : void	Used by methods in this class plus Install.Step02_ConfigureHost
UpdateHostAdminPassword ( string password ) : void
UpdatePassword ( string password ) : void	Updates the current users password to the supplied value. Handles hashing (or not hashing of the password)

Private Methods

Méthode	Description
GetFullCookieName ( bool forceHostAdmin ) : string

Method Details

Authenticate() public static méthode

Check to see if the supplied OpenID claim is valid for the current blog. If so, Set the user's FormsAuthentication Ticket This method will handle passwords for both hashed and non-hashed configurations We're comparing URI objects rather than using simple string compare because functionally equivalent URI's may not pass string comparaisons, e.g. such as http://example.myopenid.com/ and http://example.myopenid.com (trailing /)

public static Authenticate ( string claimedIdentifier, bool persist ) : bool
claimedIdentifier	string
persist	bool	If valid, should we persist the login
Résultat	bool

Authenticate() public static méthode

Check to see if the supplied credentials are valid for the current blog. If so, Set the user's FormsAuthentication Ticket This method will handle passwords for both hashed and non-hashed configurations

public static Authenticate ( string username, string password, bool persist ) : bool
username	string	Supplied UserName
password	string	Supplied Password
persist	bool	If valid, should we persist the login
Résultat	bool

AuthenticateHostAdmin() public static méthode

Authenticates the host admin.

public static AuthenticateHostAdmin ( string username, string password, bool persist ) : bool
username	string	The username.
password	string	The password.
persist	bool	if set to true [persist].
Résultat	bool

CombinePasswordAndSalt() public static méthode

Returns a string with a password and salt combined.

public static CombinePasswordAndSalt ( string password, string salt ) : string
password	string	Password.
salt	string	Salt.
Résultat	string

CreateRandomSalt() public static méthode

Creates a random salt value.

public static CreateRandomSalt ( ) : string
Résultat	string

DecryptString() public static méthode

Decrypts the string.

public static DecryptString ( string encryptedBase64EncodedString, Encoding encoding, byte key, byte initializationVendor ) : string
encryptedBase64EncodedString	string	The encrypted base64 encoded string.
encoding	System.Text.Encoding	The encoding.
key	byte	The key.
initializationVendor	byte	The initialization vendor.
Résultat	string

EncryptString() public static méthode

Generates the symmetric key.

public static EncryptString ( string clearText, Encoding encoding, byte key, byte initializationVendor ) : string
clearText	string	The clear text.
encoding	System.Text.Encoding	The encoding.
key	byte	The key.
initializationVendor	byte	The initialization vendor.
Résultat	string

GenerateInitializationVector() public static méthode

Generates the symmetric key.

public static GenerateInitializationVector ( ) : byte[]
Résultat	byte[]

GenerateSymmetricKey() public static méthode

Generates the symmetric key.

public static GenerateSymmetricKey ( ) : byte[]
Résultat	byte[]

GetExpiredCookie() public static méthode

Used to remove a cookie from the client.

public static GetExpiredCookie ( ) : System.Web.HttpCookie
Résultat	System.Web.HttpCookie

GetFullCookieName() public static méthode

Identifies cookies by unique BlogHost names (rather than a single name for all cookies in multiblog setups as the old code did).

public static GetFullCookieName ( ) : string
Résultat	string

HashPassword() public static méthode

Get MD5 hashed/encrypted representation of the password and returns a Base64 encoded string of the hash. This is a one-way hash.

Passwords are case sensitive now. Before they weren't.

public static HashPassword ( string password ) : string
password	string	Supplied Password
Résultat	string

HashPassword() public static méthode

Get MD5 hashed/encrypted representation of the password and a salt value combined in the proper manner. Returns a Base64 encoded string of the hash. This is a one-way hash.

Passwords are case sensitive now. Before they weren't.

public static HashPassword ( string password, string salt ) : string
password	string	Supplied Password
salt	string
Résultat	string

IsInRole() public static méthode

Returns true if the user is in the specified role. It's a wrapper to calling the IsInRole method of IPrincipal.

public static IsInRole ( string role ) : bool
role	string	Role.
Résultat	bool

IsValidPassword() public static méthode

Check to see if the supplied password matches the password for the current blog. This method will check the BlogConfigurationSettings to see if the password should be Encrypted/Hashed

public static IsValidPassword ( string password ) : bool
password	string	Supplied Password
Résultat	bool

IsValidUser() public static méthode

Validates if the supplied credentials match the current blog

public static IsValidUser ( string username, string password ) : bool
username	string	Supplied Username
password	string	Supplied Password
Résultat	bool

LogOut() public static méthode

Logs the user off the system.

public static LogOut ( ) : void
Résultat	void

RandomPassword() public static méthode

Generates a "Random Enough" password. :)

public static RandomPassword ( ) : string
Résultat	string

ResetHostAdminPassword() public static méthode

public static ResetHostAdminPassword ( ) : string
Résultat	string

ResetPassword() public static méthode

When we Encrypt/Hash the password, we can not un-Encrypt/Hash the password. If user's need to retrieve this value, all we can do is reset the passowrd to a new value and send it.

public static ResetPassword ( ) : string
Résultat	string

SelectAuthenticationCookie() public static méthode

Obtains the correct cookie for the current blog

public static SelectAuthenticationCookie ( ) : System.Web.HttpCookie
Résultat	System.Web.HttpCookie

SetAuthenticationTicket() public static méthode

public static SetAuthenticationTicket ( string username, bool persist ) : void
username	string
persist	bool
Résultat	void

SetAuthenticationTicket() public static méthode

Used by methods in this class plus Install.Step02_ConfigureHost

public static SetAuthenticationTicket ( string username, bool persist, bool forceHostAdmin ) : void
username	string	Username for the ticket
persist	bool	Should this ticket be persisted
forceHostAdmin	bool
Résultat	void

UpdateHostAdminPassword() public static méthode

public static UpdateHostAdminPassword ( string password ) : void
password	string
Résultat	void

UpdatePassword() public static méthode

Updates the current users password to the supplied value. Handles hashing (or not hashing of the password)

public static UpdatePassword ( string password ) : void
password	string	Supplied Password
Résultat	void