/// <summary> /// On validation, new user is authenticated. /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void btnLogin_Click(object sender, EventArgs e) { // Starting a connection with the CasinoDB for User and Record tables. playerDAO = new PlayerDAO(connString); // Check if user is even registered. if (playerDAO.UserNameExists(txtUsername.Text)) { // Retrieve user through username from database. Player player = playerDAO.SelectByUsername(txtUsername.Text); // Retrieve B64Password and B64Salt from user. string salt = player.B64Salt; string secPwd = player.B64Password; // Convert values to bytes. byte[] saltBytes = Convert.FromBase64String(salt); byte[] passwordBytes = Encoding.UTF8.GetBytes(txtPass.Text); // Combine to single byte value. byte[] combined = new byte[saltBytes.Length + passwordBytes.Length]; saltBytes.CopyTo(combined, 0); passwordBytes.CopyTo(combined, saltBytes.Length); // Compute hash for combined byte value. SHA512 sha512 = SHA512.Create(); byte[] finalHashedBytes = sha512.ComputeHash(combined); // Convert hashed byte to string for comparison. string base64Password = Convert.ToBase64String(finalHashedBytes); // Check if forms hashed password matches database hashed password. if (base64Password.Equals(secPwd)) { Session["Player"] = player; FormsAuthentication.RedirectFromLoginPage($"{player.LastName}, {player.FirstName}", false); } else { txtUsername.BorderColor = Color.Red; txtUsername.Text = "Username"; txtPass.BorderColor = Color.Red; txtPass.Text = "Password"; } } else { txtUsername.BorderColor = Color.Orange; txtUsername.Text = "Username"; txtPass.BorderColor = Color.FromArgb(236, 240, 241); txtPass.Text = "Password"; } }