private async ValueTask <ClaimsIdentity> GetIdentity(string login, string password) { DataWrapper <AuthorizationDto> authorizationDto = await _repo.GetByLogin(login); PasswordEncryptor encryptor = new PasswordEncryptor(); if (authorizationDto.Data != null) { if (encryptor.CheckPassword(authorizationDto.Data.Password, password)) { List <Claim> claims = new List <Claim>() { new Claim(ClaimsIdentity.DefaultNameClaimType, authorizationDto.Data.Login), new Claim(ClaimsIdentity.DefaultRoleClaimType, authorizationDto.Data.Role.Name) }; ClaimsIdentity claimsIdentity = new ClaimsIdentity(claims, "Token", ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); return(claimsIdentity); } else { return(null); } } return(null); }
/// <summary> /// Logs in the user /// </summary> /// <returns> Instance of the user object if they login or null else.</returns> /// <param name="clientConnection">Client connection.</param> /// <param name="currentClientNumber">Current client number.</param> private static User LoginUser(TcpClient clientConnection, int currentClientNumber) { bool notLoggedIn = true; while (notLoggedIn) { Console.WriteLine("Logging user information"); // User wants to login, so we ask them for their username and password. SocketStream.SendMessage("Enter Username - ", clientConnection.GetStream()); string username = SocketStream.RecieveMessage(clientConnection.GetStream()); Console.WriteLine(username); SocketStream.SendMessage("Enter Password - ", clientConnection.GetStream()); string password = SocketStream.RecieveMessage(clientConnection.GetStream()); Console.WriteLine(password); try { string getUsernameQuery = "SELECT * FROM user_accounts WHERE username = ?username;"; // Holds info grabbed from the db string dbPassword = null; string dbUsername = null; int permissions = 0; string lastname = null; string firstname = null; using (MySqlConnection con = new MySqlConnection(Database.Instance.ConnectionString)) { con.Open(); using (var cmd = con.CreateCommand()) { cmd.CommandText = getUsernameQuery; cmd.Parameters.Add("?username", MySqlDbType.VarChar).Value = username; using (var queryReader = cmd.ExecuteReader()) { // Using while even though only one value should return as the usernames are unique. while (queryReader.Read()) { try { dbUsername = queryReader.GetString(queryReader.GetOrdinal("username")); dbPassword = queryReader.GetString(queryReader.GetOrdinal("password")); permissions = queryReader.GetInt32(queryReader.GetOrdinal("user_type")); firstname = queryReader.GetString(queryReader.GetOrdinal("first_name")); lastname = queryReader.GetString(queryReader.GetOrdinal("last_name")); } catch (Exception e) { Console.WriteLine(e); } } // The username doesn't exist in the database or the password is incorrect // so we loop again asking for a new password. if ((dbUsername == null) || (!PasswordEncryptor.CheckPassword(password, dbPassword))) { // Tell the user the username or password is incorrect. // Not too sure whether or not to be specific about which one // The vagueness in the message increases security though, as // Someone trying to guess a user's account might not know which one. SocketStream.SendMessage("Username or password is incorrect, Try again? Y/N\n", clientConnection.GetStream()); // Used to decide if the user wants to continue with the login, bool continueLogin = true; // Use this as a form of user input error checking, so we only get y or n. bool decisionNotMade = true; while (decisionNotMade) { string userResponse = SocketStream.RecieveMessage(clientConnection.GetStream()); switch (userResponse.ToLower()) { // the user wants to try again, so we can just break the loop and continue case ("y"): continueLogin = true; decisionNotMade = false; break; case ("n"): continueLogin = false; decisionNotMade = false; break; // If the choice is not what we want, send the message saying incorrect response and // try again. default: SocketStream.SendMessage("Invalid input, try again.", clientConnection.GetStream()); continue; } } // If the user does not want to continue attempting the login then we return a null user // the user is not logged in. if (!continueLogin) { return(null); } // Here we go back to the start of the loop and ask for a username again. continue; } // If this point is reached, the user has entered successful login information. SocketStream.SendMessage(String.Format("Welcome back, {0}", firstname), clientConnection.GetStream()); return(new User(currentClientNumber, username, firstname, permissions)); } } } } catch (InvalidOperationException) { Console.WriteLine("Query cannot be executed, please check parameters."); } } // Return null if the loop to login is broken, this means that the user would like to return to the main menu. return(null); }