Implementing SHA1 hash validation for Extended Registration

Aug 3, 2012 at 10:00 AM

Hi everybody,

I need to implement a system for validate form fields using hash strings on a web site.

I have been reading Orchard documentation about module creation but my programming skills are very basic and I have dificults to figure out the whole process, in addition the programmers that are working whit me have no experienc (and time) on MVC developement. So I need some help.

The thing is like that; I have a web site where users have to validate phone number and birthday date for create an account. We want to use SHA1 for this task and the programmers wrote simple a class that converts plain strings in salted hash ones:

 

using System;
using System.Security.Cryptography;
using System.Text;

namespace Auxiliar
{
  public sealed class SaltedHash
  {
    private const int SALTLENGTH = 6;

    private SaltedHash(string salt, string hash)
    {
      this.salt = salt;
      this.hash = hash;
    }

    private readonly string salt;
    public string Salt
    {
      get { return salt; }
    }

    private readonly string hash;
    public string Hash
    {
      get { return hash; }
    }

    public static SaltedHash Create(string password)
    {
      if(string.IsNullOrEmpty(password))
      {
        throw new ArgumentException("A value for password is required.", "password");
      }
      string salt = CreateSalt();
      string hash = CalculateHash(salt, password);
      return new SaltedHash(salt, hash);
    }

    public static SaltedHash Restore(string salt, string hash)
    {
      return new SaltedHash(salt, hash);
    }

    public bool VerifyPlainPassword(string password)
    {
      string hashedPassword = CalculateHash(salt, password);
      return hash.Equals(hashedPassword);
    }

    private static string CreateSalt()
    {
      byte[] randombytes = CreateRandomBytes(SALTLENGTH);
      return Convert.ToBase64String(randombytes);
    }

    private static byte[] CreateRandomBytes(int len)
    {
      byte[] randomBytes = new byte[len];
      new RNGCryptoServiceProvider().GetBytes(randomBytes);
      return randomBytes;
    }

    private static string CalculateHash(string salt, string password)
    {
      byte[] data = ToByteArray(salt + password);
      byte[] hash = CalculateHash(data);
      return Convert.ToBase64String(hash);
    }

    private static byte[] CalculateHash(byte[] data)
    {
      return new SHA1CryptoServiceProvider().ComputeHash(data);
    }

    private static byte[] ToByteArray(string someString)
    {
      return Encoding.UTF8.GetBytes(someString);
    }
  }
}

 

The plan is to generate a boolean value from the hashed string and check it with this:

bool isValid = Auxiliar.SaltedHash.Restore(saltTelefono, hashTelefono).VerifyPlainPassword(plainTextTelefono);

I have been looking at Extended Registration module files and it seem not so complicated, but I have many doubts:

I figured out the class my programmers wrote gonna be the Model, isn't it? So, where I have to place it? There's not any Model directory in module's folder or Profile module (which is a dependency for ER)...

Also I figured out that the boolean variable have to be placed in the controller... but I'm not sure, can someone comfirm this?

I know I must to study for increase my skills but at this point I haven't time so any light or advise about this would be strongly apreciated.

Thanks in advance for take the time to read this post.