public ActionResult Login(UserErrors userModel) { if (!ModelState.IsValid) //Checks if input fields have the correct format { return(View(userModel)); //Returns the view with the input values so that the user doesn't have to retype again } using (ResourcingToolConnection db = new ResourcingToolConnection()) { // hash the password and compare against database if (!(userModel.UserName == null || userModel.Password == null)) { var hashedPassword = Sha256encrypt(userModel.Password); var userDetails = db.Users.Where(x => x.UserName == userModel.UserName && x.Password == hashedPassword).FirstOrDefault(); if (userDetails != null) { var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Role, userDetails.Role), new Claim(ClaimTypes.Name, userDetails.Name), new Claim(ClaimTypes.NameIdentifier, userDetails.Id.ToString()) }, "ApplicationCookie"); // get owin context var ctx = Request.GetOwinContext(); // get authentication manager var authManager = ctx.Authentication; //sign in as claimed identity- in this case the admin //A user is authenticated by calling AuthenticationManager.SignIn authManager.SignIn(identity); //User is authenticated and redirected return(RedirectToAction("Index", "Projects")); } else { userModel.ErrorMessage = "The username or password entered is incorrect. Please try again."; //User authentication failed } } else { userModel.ErrorMessage = "The username or password entered is incorrect. Please try again."; //User authentication failed - blank } } return(View(userModel)); //Should always be declared on the end of an action method }
public ActionResult ChangePassword(int userId, string currentPassword, string newPassword, UserErrors userModel) { if (!ModelState.IsValid) //Checks if input fields have the correct format { return(View()); //Returns the view with the input values so that the user doesn't have to retype again } using (ResourcingToolConnection db = new ResourcingToolConnection()) { // hash the password and compare against database if (!(userId == null || currentPassword == null)) { var hashedPassword = Sha256encrypt(currentPassword); var leaderDetails = db.Users.Where(x => x.Id == userId && x.Password == hashedPassword).FirstOrDefault(); if (leaderDetails != null) { var newHashedPassword = Sha256encrypt(newPassword); db.Set <User>().SingleOrDefault(o => o.Id == userId).Password = newHashedPassword; db.SaveChanges(); return(RedirectToAction("Index", "Projects")); } else { //User authentication failed userModel.ErrorMessage = "The current password you've entered is incorrect. Please try again."; return(View(userModel)); } } else { userModel.ErrorMessage = "Please enter your current password and your new password."; //User authentication failed - blank } } return(View(userModel)); //Should always be declared on the end of an action method }