We store Administrator user and password (encrypted) in database. And want to use encrypted administrator password when using DirectoryEntry C# like this.
DirectoryEntry loginDirectory = new DirectoryEntry("ldap_path", "administrator", "Password");
how can I do it, i don't want to write admin password in code.
Thanks
What you would do is use some form of two way encryption. You can read more about that here: Encrypt and decrypt a string
Then you would have the encrypted string in your database and then decrypt it when you're going to use it like this:
DirectoryEntry loginDirectory = new DirectoryEntry("ldap_path", "administrator", decrypt(database["Password"]));
Related
I have completed login functionality using Auth middleware where is used a Bcrypt encryption method. Login functionality is works fine. But we need to handle set password functionality with having old password need to validate. But everytime Bcrypt method change the password string so the previous store bcrypt string of password in table is not match with the manually enter password in the set password form. So how to validate old password field if it will not match with existing saved passoword in the table.
$credentials = request(['email', 'password']);
$user=Auth::attempt($credentials);
You are using Laravel so you should use Hash in order to deal with passwords.
Here is all you need to know about it: https://laravel.com/docs/6.x/hashing#basic-usage
In short you can create and verify the passwords in following ways:
Create hashed password to store in DB:
$hashedPassword = Hash::make($request->password);
Verify against existing password
if (Hash::check('entered-password-by-user', $hashedPassword)) {
// The passwords match...
}
Of course dont forget to include Hash facade: use Illuminate\Support\Facades\Hash;
md5 is ancient and very vulnerable way to go if you want to hash your passwords with it. It is HIGHLY DISCOURAGED!
I am working on ATG11.2 , my requirement is as below:
User will click on forgot password button, a link with encoded user id and a temporary password will be sent to email. User will click on the link sent in email and will be redirected to ResetPassword.jsp where he will get an option to fill temporary password which is sent in email, new password and confirm password respectively
I am using ForgotPasswordHandler for this implementation. I have read that forgotpasswordhandler method replaces the password property with the new generated password. Therefore m storing the input box value of temporary password in ProfileFormHandler.value.oldpassword
The values are as below:
Temporary Password :
New Password:
ConfirmPassword
But , when I am debugging handleChangePassword method in ProfileForm it is not able to compare the passwords properly. Please suggest if my approach is correct , or what do I need to override in gmethod if any required.
ATG stores passwords in encrypted format.
You need to store your oldPassword in encrypted format too. The passwords will not be equal unless both the passwords are hashed and are same.
I am developing a routine that imports data from a 3rd party SFTP server. This server uses WinSCP to create the SFTP Connection and uses a SSH Private Key for the connection rather than a username and password. So I create my connection as below in a script task:
SessionOptions sessionOptions = new SessionOptions
{
Protocol = Protocol.Sftp,
HostName = ftpSite,
UserName = username,
Password = password,
SshHostKeyFingerprint = sshKey,
SshPrivateKeyPassphrase = "mypassword",
SshPrivateKeyPath = #"C:\path\to\private.ppk"
};
I'm happy enough storing the Private Key Path in a database table (which contains my connectoin settings) but I want to store the SshPrivateKeyPassphrase somehwere that is encrypted. I was initially thinking can I create an Encrypted Variable, so if you look at the xml of the package, it won't expose the password directly, but I can reference the variable in code to pass the password to the connection.
I was also looking at creating a dummy Connection and see if I can refer to the connection and get the password in the code, but it seems a bit of a fudge.
The solution the package is in is passworded, i'm just trying to cover all bases, so if someone gets access to the package who shouldn't, they won't get the private key passphrase as that would cause us all sorts of issues.
I am developing a website which will authenticate the user and change the old password with new password.
I am using WinNT string connection and setting password, without the old password check, works.
My code is as below:
'actual setting password
Dim entryD As New DirectoryEntry("WinNT://" + Environment.MachineName + ",computer")
Dim NewUser As DirectoryEntry = entryD.Children.Find(username, "user")
Dim nativeobject As Object = NewUser.NativeObject
NewUser.Invoke("SetPassword", New Object() {strPassNew})
NewUser.CommitChanges()
'setting password ends
This works fine, but authentication code is not working.
It is as below:
'authentication starts
Dim adsiPath As String
adsiPath = String.Format("WinNT://{0}/{1},user", domain, username)
Dim userEntry = New DirectoryEntry(adsiPath, username, password, AuthenticationTypes.Secure)
'Dim nativeobject1 As Object = userEntry.NativeObject
Dim newobj As ActiveDs.IADsUser = userEntry.NativeObject
authent = True
'authentication ends
This authenticates but the exception which it throws is:
logon failure: unknown username or bad password
for the first time, but if i do it again the error is:
"Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.
"
Which I don't want to happen... I don't want to use LDAP, I want a solution please, to authenticate the old password. Please help?
I had this error in my code where requirement was to add domain users to local admin group of a system. While testing the code after the first try I used to get "Multiple connections to a server ..." error and then I if try the code code later(an hour or so) it worked fine. After searching thru various forms I came know the we can see user logged-on to a computer using
NET SESSION /LIST
command in cmd of remote system and it appears that when we use WinNT provider it actually creates an user session with idle timeout on remote computer (there can be a situation where other programs are creating sessions) which conflicts the connection when you try for second time. So I tried deleting the previous session by
NET SESSION \\RequestingComputerName /DELETE
then I did n't got the error. If that doesn't solve the problem then the last resort is to restart the system.
The PasswordHasher takes in a generic TUser and then takes the user's object for hashing and verifying, something like this:
var result = hash.VerifyHashedPassword(user, HashedPassword, Password);
string HashedPassword = hash.HashPassword(user, Password);
So I am assuming the user data is used to hash the password and then to verify. But doesn't this mean I need to rehash the password? If so, wouldn't that mean each time the user changes any of his account info he also needs to re-enter his password or is there a way around it where I can rehash it without asking the user for his password?