public IHttpActionResult Login(LoginVM model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
string OldHASHValue = string.Empty;
byte[] SALT = new byte[saltLengthLimit];
string userID = string.Empty;
try
{
using (db = new SSODBEntities())
{
//Retrive Stored HASH Value From Database According To Username (one unique field)
var userInfo = db.Users.Where(s => s.Username == model.Username.Trim()).FirstOrDefault();
//Assign HASH Value
if (userInfo != null)
{
OldHASHValue = userInfo.HASH;
SALT = userInfo.SALT;
}
bool isLogin = CompareHashValue(model.Password, model.Username, OldHASHValue, SALT);
if (isLogin)
{
SetCookie(userInfo.UserID.ToString());
userInfo.SessionTimeout = DateTime.Now.AddDays(1);
db.SaveChanges();
}
else
{
//Login Fail
ModelState.AddModelError("ErrorMessage", "Access Denied! Wrong Credential");
return(BadRequest(ModelState));
}
}
}
catch (Exception ex)
{
ModelState.AddModelError("ErrorMessage", ex.Message);
return(BadRequest(ModelState));
}
return(Ok(userID));
}
public IHttpActionResult Create(LoginVM model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
try
{
var userInfo = db.Users.Where(s => s.Username == model.Username.Trim()).FirstOrDefault();
if (userInfo == null)
{
using (db = new SSODBEntities())
{
byte[] usrSalt = Get_SALT();
User usr = new User();
usr.Username = model.Username;
usr.SALT = usrSalt;
usr.HASH = Get_HASH_SHA512(model.Password, model.Username, usrSalt);
usr.SessionTimeout = DateTime.Now;
db.Users.Add(usr);
db.SaveChanges();
}
}
else
{
ModelState.AddModelError("ErrorMessage", "User already exists.");
return(BadRequest(ModelState));
}
return(Ok(model));
}
catch (Exception ex)
{
ModelState.AddModelError("ErrorMessage", ex.Message);
return(BadRequest(ModelState));
}
}
public ActionResult Login(LoginVM entity)
{
string OldHASHValue = string.Empty;
byte[] SALT = new byte[saltLengthLimit];
try
{
using (db = new SSODBEntities())
{
// Ensure we have a valid viewModel to work with
if (!ModelState.IsValid)
{
return(View(entity));
}
//Retrive Stored HASH Value From Database According To Username (one unique field)
var userInfo = db.Users.Where(s => s.Username == entity.Username.Trim()).FirstOrDefault();
//Assign HASH Value
if (userInfo != null)
{
OldHASHValue = userInfo.HASH;
SALT = userInfo.SALT;
}
bool isLogin = CompareHashValue(entity.Password, entity.Username, OldHASHValue, SALT);
if (isLogin)
{
//Login Success
//For Set Authentication in Cookie (Remeber ME Option)
SignInRemember(entity.Username, entity.isRemember);
//Set A Unique ID in session
//Session["SSOUserID"] = userInfo.UserID;
SetCookie(userInfo.UserID.ToString());
userInfo.SessionTimeout = DateTime.Now.AddDays(1);
db.SaveChanges();
// If we got this far, something failed, redisplay form
// return RedirectToAction("Index", "Dashboard");
return(RedirectToLocal(entity.ReturnURL));
}
else
{
//Login Fail
TempData["ErrorMSG"] = "Access Denied! Wrong Credential";
return(View(entity));
}
}
}
catch
{
throw;
}
}
