using System; using System.Collections.Generic; using System.Linq; using System.Text; namespace OwinFramework.InterfacesV1.Facilities { /// /// This POCO is returned when the user chooses a new password and the /// password is checked to see if it meets the password complexity policy /// public class PasswordCheckResult { /// /// Contains true if the password is allowed under the password /// complexity policy /// public bool IsAllowed { get; set; } /// /// If the IsAllowed property is False, then this property contains /// a description of why the password is not acceptable. This /// description must be suitably worded for display in the UI /// public string ValidationError { get; set; } /// /// Returns an HTML description of the password policy. This will /// be displayed in teh UI when the user changes their password. /// public string PasswordPolicy { get; set; } } /// /// You can implement this interface in your application to add a custom /// password hashing scheme for a specific version of stored passwords. /// This is particularly useful when migrating users from a prior system /// and you do not want to force all the users to reset their password. /// public interface IPasswordHashingScheme { /// /// Computes a hash for a password /// /// The password to hash /// If you pass salt in then it will be appended to /// the password prior to hashing. If you pass null for the salt, then /// the hashing scheme should generate random salt and return it. /// byte[] ComputeHash(string password, ref byte[] salt); } /// /// Defines a facility for hashing passwords so that they can be safely /// stored and checked later. /// public interface IPasswordHasher { /// /// Tests a potential password to see if it meets the requirements for /// password complexity. /// /// The identity of the user who is setting the /// password. This is passed as a parameter to enable identity specific /// password complexity rules - such as you can not use the same password /// again. /// The password that the user wants to set /// Results of checking their password against the policy PasswordCheckResult CheckPasswordAllowed(string identity, string password); /// /// Computes the hash for a password so that it can be stored as the new /// password for the identity /// /// The identity whos password is being set. This is passed in /// case the implementation uses different versions of the hashing scheme for different /// types of identity /// The password that the user chose /// You can pass in a version to use that hashing scheme or pass null /// for the most recent version. Outputs the version of the password hashing scheme that /// was actually used, never returns null. /// Outputs the random salt that was added to the password before hashing /// Outputs the password hash that can be safely stored void ComputeHash(string identity, string password, ref int? version, out byte[] salt, out byte[] hash); /// /// Computes the hash for a password so that it can be compared to the stored /// hash during the login process /// /// The login password supplied by the user /// The version of the password hashing scheme that /// was employed when the password was originally hashed /// The random salt that was originally appended to the /// password before hashing /// Outputs a hash that can be compared to the stored /// hash to see if the user supplied the correct password. void ComputeHash(string password, int version, byte[] salt, out byte[] hash); /// /// Sets the password hashing scheme for a specific version number. /// /// The version number that this scheme applies to /// The hashing scheme void SetHashingScheme(int version, IPasswordHashingScheme scheme); /// /// Gets a specific version of the password hashing scheme /// /// The version number to get /// The hashing scheme used for this version of the hash IPasswordHashingScheme GetHashingScheme(int version); } }