Beispiel #1
0
 protected void Page_Load(object sender, EventArgs e)
 {
     // if there is no user defined yet, notify the user
     if (AuthorManager.Count(0, 10) < 1)
     {
         LoginBlogo.UserName = "******";
         LabelMessage.Text   = @"You have not yet defined a blog user. You can create new blog users from the 'manage users' option in the 
         administration panel. For now, you can use username: admin, password: admin to access the administration panel. Once you have created
          a blog user, the admin account will automatically be disabled and the administration panel protected by your newly defined username 
         and password.";
     }
 }
        public override bool ValidateUser(string username, string password)
        {
            // this is custom authentication logic against Blogo's user store
            // steps involved:
            // 0. if no users are yet defined, accept user admin, password admin
            // 1. get Author object based on "username"
            // 2. get salt of author object
            // 3. hash "password" using the salt
            // 4. check if the result is the same as the stored hashed password

            bool result = false;

            try
            {
                if (AuthorManager.Count(0, 10) < 1 && username == "admin" && password == "admin")
                {
                    result = true;
                }
                else
                {
                    string salt           = null;
                    string hashedPassword = null;
                    Author currentUser    = AuthorManager.GetItem(username);
                    if (currentUser != null)
                    {
                        salt           = currentUser.salt;
                        hashedPassword = Hash.HashPassword(password, salt);
                        if (hashedPassword.Equals(currentUser.password))
                        {
                            // successfully authenticated!
                            result = true;
                        }
                    }
                }
            }
            catch (Exception)
            {
            }
            return(result);
        }