Scribd
Upload
74 views

ChangePassword Aspx Cs

This document contains code for a web page that allows changing a user's password. It includes: 1) Code to validate the current password and new password values by checking length, complexity, and that they are different from the old password. 2) Encryption code to encrypt the password change request before sending it to a web service. 3) Code to call the web service to change the password, and display success or error messages.

Uploaded by

Arindam Basu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
74 views

ChangePassword Aspx Cs

This document contains code for a web page that allows changing a user's password. It includes: 1) Code to validate the current password and new password values by checking length, complexity, and that they are different from the old password. 2) Encryption code to encrypt the password change request before sending it to a web service. 3) Code to call the web service to change the password, and display success or error messages.

Uploaded by

Arindam Basu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

using System;

using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Text.RegularExpressions;
using rcw.PMIContactObjects;

public partial class changePassword : System.Web.UI.Page


{
public string strBrandPath = "";
public int intUserKey = 0;

//Generic Button Class


public clsCommon objclsCommon;

//Save Message...
public string strSaveMsg = "Data has been saved successfully.";
//Error Message...
public string strErrMsg = "Error in saving data, please try later.";

//Encryption...
string plainText = ""; // original plaintext
string cipherText = ""; // encrypted string
string passPhrase = "Pas5pr@se"; // can be any string
string initVector = "@1B2c3D4e5F6g7H8"; // must be 16 bytes

protected void Page_Load(object sender, EventArgs e)


{
//Check page request only by HTTPS...
if (Request.ServerVariables["HTTPS"].ToLower().Equals("off"))
{
Response.Write("<p style='text-align:center'><b>UnAuthorized
Access.</b></p>");
Response.End();
}
else
{
//==============================================
//HASH Key Validation
string strUserKeyFromQueryString = "";
string strHashKeyFromQueryString = "";

if (Convert.ToString(Request.QueryString["u"]) != "" &&


Convert.ToString(Request.QueryString["h"]) != "")
{
strUserKeyFromQueryString =
Convert.ToString(Request.QueryString["u"]);
strHashKeyFromQueryString =
Convert.ToString(Request.QueryString["h"]).ToUpper();
UCMHashKeyValidation csHashKeyValidation = new
UCMHashKeyValidation();

csHashKeyValidation.CreateHashPreviousKey(csHashKeyValidation.GENERICHash,
strUserKeyFromQueryString);
if ((csHashKeyValidation.hash.ToUpper() !=
strHashKeyFromQueryString) && (csHashKeyValidation.hashprev.ToUpper() !=
strHashKeyFromQueryString))
{
Response.Write("<p style='text-align:center'><b>UnAuthorized
Access.</b></p>");
Response.End();
}
Session["UserKey"] = strUserKeyFromQueryString;
}
else
{
if (Convert.ToString(Session["UserKey"]) == "")
{
Response.Write("<p style='text-align:center'><b>UnAuthorized
Access.</b></p>");
Response.End();
}

//UCMSession objUCMSession = new UCMSession();

//To initialize session variables...


GetUser gu = new GetUser();

strBrandPath = Session["ASPX_UserBrandPath"].ToString(); //Get The


Brand Path from Session
csslink.Href = strBrandPath + Session["ASPX_CSSName"].ToString();

//Generic Button initiallization...


objclsCommon = new clsCommon();

//UserKey...
intUserKey = Convert.ToInt32(Session["UserKey"]);

divPassError.InnerHtml = "";
divPassError.Attributes.Add("class", "updateMessage");

if (!Page.IsPostBack)
{
//Password txtBoxes on Enter key press post the form...
txtCurPass.Attributes.Add("onkeydown", "if(event.which ||
event.keyCode){if ((event.which == 13) || (event.keyCode == 13)) {if
(BrowserDetect.browser == 'Explorer'){document.getElementById('" +
lnkChnPassSave.UniqueID + "').click();}else{document.getElementById('" +
lnkChnPassSave.UniqueID + "').onclick();}return false;}} else {return true}; ");
txtNewPass.Attributes.Add("onkeydown", "if(event.which ||
event.keyCode){if ((event.which == 13) || (event.keyCode == 13)) {if
(BrowserDetect.browser == 'Explorer'){document.getElementById('" +
lnkChnPassSave.UniqueID + "').click();}else{document.getElementById('" +
lnkChnPassSave.UniqueID + "').onclick();}return false;}} else {return true}; ");
txtConfPass.Attributes.Add("onkeydown", "if(event.which ||
event.keyCode){if ((event.which == 13) || (event.keyCode == 13)) {if
(BrowserDetect.browser == 'Explorer'){document.getElementById('" +
lnkChnPassSave.UniqueID + "').click();}else{document.getElementById('" +
lnkChnPassSave.UniqueID + "').onclick();}return false;}} else {return true}; ");
}
}
}
protected void lnkChnPassSave_Click(object sender, EventArgs e)
{
Type typObj = typeof(pmiUser);
pmiUser pmUser = new pmiUser();
string strErr = "";
string strHashKey = "";
string strChagePassXml = "";
string strWebServiceUrl = "";
UCMHashKeyValidation csHashKeyValidation = new UCMHashKeyValidation();
SecureWebService.net_olmWebService ws = new
SecureWebService.net_olmWebService();
try
{
if (ValidatePwd(txtCurPass.Text, txtNewPass.Text, txtConfPass.Text, ref
strErr))
{

strChagePassXml += "<?xml version='1.0' encoding='UTF-8'?>";


strChagePassXml += "<ChangePInput
xmlns:xsd='http://w3.0rg/2001/XMLSchema' xmlns:xsi='http://w3.0rg/2001/XMLSchema-
instance'>";
strChagePassXml += "<USER><USERKEY>" + intUserKey + "</USERKEY>";

csHashKeyValidation.CreateHashKey(csHashKeyValidation.GENERICHash,
intUserKey.ToString());
strHashKey = csHashKeyValidation.hash;
strChagePassXml += "<HASHKEY>" + strHashKey + "</HASHKEY>";

strChagePassXml += "<CURRENTPASS>" + txtCurPass.Text +


"</CURRENTPASS>";
strChagePassXml += "<NEWPASS>" + txtNewPass.Text + "</NEWPASS>";

strChagePassXml += "</USER></ChangePInput>";

strWebServiceUrl = "https://";
strWebServiceUrl +=
Request.ServerVariables["SERVER_NAME"].ToString();
strWebServiceUrl += "/" + Session["dotnet_path"].ToString();
strWebServiceUrl += "/net_olmWebService.asmx";

ws.Url = strWebServiceUrl;

//RijndaelEnhanced....(Encryption)
// Before encrypting data, we will append plain text to a random
// salt value, which will be between 4 and 8 bytes long (implicitly
// used defaults).
plainText = strChagePassXml;
RijndaelEnhanced rijndaelKey = new RijndaelEnhanced(passPhrase,
initVector);
cipherText = rijndaelKey.Encrypt(plainText);

if (!ws.CngP(cipherText))
{
divPassError.InnerHtml = strErrMsg;
}
else
{
divPassError.InnerHtml = "Password changed successfully.";
divPassError.Attributes.Add("class", "bodytext_1");
}
//strErr = ws.CngP1(cipherText);
//divPassError.InnerHtml = strErr;
}
else
{
divPassError.InnerHtml = strErr;
}

}
catch
{
divPassError.InnerHtml = strErrMsg;
}
finally
{
System.Runtime.InteropServices.Marshal.ReleaseComObject(pmUser);
}

}
private bool ValidatePwd(string strCurrpass, string strPwd1, string strPwd2,
ref string strRet)
{

string strValid =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
char chrTemp;

if (strCurrpass.Length == 0)
{
strRet = "You must fill in current password value.";
return false;
}
//Check Current Password...
if (!strCurrpass.Equals(Session["password"]))
{
strRet = "Please check your current password.";
return false;
}
if (strPwd1.Length < 4 || strPwd1.Length > 10)
{
strRet = "New password length should be between 4 and 10 characters.";
return false;
}
if (strPwd2.Length < 4 || strPwd2.Length > 10)
{
strRet = "Re-enter new password. Length should be between 4 and 10
characters.";
return false;
}
if (strPwd1 == strCurrpass)
{
strRet = "The new password you entered is the same as your old
password. Please change your password.";
return false;
}
if (strPwd1 != strPwd2)
{
strRet = "The two entries for your new password do not match. Please
re-enter your new password in both fields.";
return false;
}

for (int i = 0; i < strPwd1.Length; i++)


{
chrTemp = Convert.ToChar(strPwd1.Substring(i, 1));
if (strValid.IndexOf(chrTemp) == -1)
{
strRet = "Your new password may only consist of letters and
numbers.";
return false;
}
}

//Check Easy Password...


string strEasyPass = get_EasyPasswords();
if (strEasyPass.IndexOf("," + strPwd1.ToLower() + ",") != -1)
{
strRet = "The password entered cannot be used because it is too easy to
guess. Please try another.";
return false;
}
return true;

}
private string get_EasyPasswords()
{
string strRet = "";
string strTmp = "";

try
{
rcw.pmiFileObject.pmiFileMaint pFM = new
rcw.pmiFileObject.pmiFileMaint();
string strFileLoc = Session["easypasswordsLocation"].ToString();
strTmp = pFM.ReadAll(ref strFileLoc);
Regex regEx = new Regex(@"\s+");
string[] t = regEx.Split(strTmp);
strRet = "," + string.Join(",", t).ToLower() + ",";
}
catch
{

}
return strRet;
}
}

You might also like