Beispiel #1
0
        public HttpResponseMessage Login(LoginModel loginModel)
        {
            try
            {
                var user = DBContext.Employee.FirstOrDefault(x => x.UserName == loginModel.Username);

                if (user != null)
                {
                    var hash = new HashModel()
                    {
                        Password = loginModel.Password, Salt = user.Salt
                    };
                    var hashedPassword = PasswordHashHelper.PasswordHasher(hash);
                    if (hashedPassword == user.Pword)
                    {
                        return(new HttpResponseMessage(HttpStatusCode.OK));
                    }
                }
            }
            catch (Exception)
            {
                throw;
            }

            return(new HttpResponseMessage(HttpStatusCode.Forbidden));
        }
Beispiel #2
0
        public IHttpActionResult AddUser(EmployeeModel employee)
        {
            var findUser = DBContext.Employee.FirstOrDefault(x => x.UserName == employee.UserName);

            if (findUser != null)
            {
            }
            var newEmployee = new Employee();

            newEmployee.Admin     = employee.IsAdmin;
            newEmployee.UserName  = employee.UserName;
            newEmployee.FirstName = employee.FirstName;
            newEmployee.LastName  = employee.LastName;
            newEmployee.Salt      = PasswordHashHelper.CreateSalt(employee.UserName);
            newEmployee.Pword     = PasswordHashHelper.PasswordHasher(new HashModel()
            {
                Password = employee.Password, Salt = newEmployee.Salt
            });

            try
            {
                DBContext.Employee.Add(newEmployee);
                DBContext.SaveChanges();
                return(Ok());
            }
            catch (Exception)
            {
                return(BadRequest());

                throw;
            }
        }
Beispiel #3
0
        /*// TODO: Here is where you would validate the username and password.
         * private static bool CheckPassword(string username, string password)
         * {
         *  return username == "user" && password == "password";
         * }*/

        private static void AuthenticateUser(string credentials)
        {
            try
            {
                //var encoding = Encoding.GetEncoding("iso-8859-1");
                var encoding = Encoding.UTF8;
                credentials = encoding.GetString(Convert.FromBase64String(credentials));

                int    separator = credentials.IndexOf(':');
                string name      = credentials.Substring(0, separator);
                string password  = credentials.Substring(separator + 1);

                /*if (CheckPassword(name, password))
                 * {
                 *  var identity = new GenericIdentity(name);
                 *  SetPrincipal(new GenericPrincipal(identity, null));
                 * }
                 * else
                 * {
                 *  // Invalid username or password.
                 *  HttpContext.Current.Response.StatusCode = 401;
                 * }*/

                // name och password är variablerna du ska jobba med här
                var user = DBContext.Employee.FirstOrDefault(x => x.UserName == name);

                if (user != null &&
                    user.Pword ==
                    PasswordHashHelper.PasswordHasher(new HashModel()
                {
                    Password = password, Salt = user.Salt
                }))
                {
                    var identity = new GenericIdentity(name);
                    if (user.Admin)
                    {
                        SetPrincipal(new GenericPrincipal(identity, new[] { "Admin" }));
                    }
                    else
                    {
                        SetPrincipal(new GenericPrincipal(identity, new[] { "Driver" }));
                    }
                }
                else
                {
                    // Invalid username or password.
                    HttpContext.Current.Response.StatusCode = 401;
                }
            }

            catch (FormatException)
            {
                // Credentials were not formatted correctly.
                HttpContext.Current.Response.StatusCode = 401;
            }
        }