public static bool TryAuthenticate(IServiceBase authService, string userName, string password)
{
if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(password)) {
return false;
}
var user = GetUserRule(userName);
if (user == null) {
return false;
}
var storedPassword = user["password"].Value;
if (storedPassword.Length == 32) {
using(var hasher = MD5.Create()) {
// simplisting one-way salting of the password with the service-name.
// if service name changes, this invalidates the passwords.
var pwd = hasher.ComputeHash(Encoding.Unicode.GetBytes(_service._serviceName + password)).Aggregate(String.Empty, (current, b) => current + b.ToString("x2").ToUpper());
if(pwd == storedPassword) {
return true;
}
}
}
if(storedPassword == password) {
// matched against password unsalted.
// user should change password asap.
return true;
}
return false;
}