public async Task <BasicAuthUser> UpdateUser(long Id, BasicAuthUserDTO userDto)
{
BasicAuthUser user = await GetAll(Id);
user.Username = userDto.Username;
user.PasswordHash = HashValue(userDto.Password + user.Salt.ToString().ToUpper());
_context.Entry(user).State = EntityState.Modified;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!UserExists(Id))
{
return(null);
}
else
{
throw;
}
}
return(user.WithoutPassword());
}
public async Task <BasicAuthUser> CreateUser(BasicAuthUserDTO userDto)
{
Guid salt = Guid.NewGuid();
BasicAuthUser user = new BasicAuthUser
{
Username = userDto.Username,
Salt = salt,
PasswordHash = HashValue(userDto.Password + salt.ToString().ToUpper())
};
_context.User.Add(user);
await _context.SaveChangesAsync();
return(user.WithoutPassword());
}
public async Task <BasicAuthUser> Authenticate(string username, string password)
{
BasicAuthUser user = _context.User.SingleOrDefault(x => x.Username == username);
byte[] passwordHash = HashValue(password + user.Salt.ToString().ToUpper());
var result = await Task.Run(() => user.PasswordHash.SequenceEqual(passwordHash));
// return null if user not found
if (!result)
{
return(null);
}
// authentication successful so return user details without password
return(user.WithoutPassword());
}