public LoginResponse ValidateUser(string email, string password)
{
LoginResponse response = new LoginResponse();
UsersData data = new UsersData(CurrentDataContext);
User theUser = data.ReadUserByEmail(email);
if (theUser != null)
{
// PBKDF2 hashing of password and salt
Rfc2898DeriveBytes dBytes = new System.Security.Cryptography.Rfc2898DeriveBytes(password, theUser.Salt, NumKeyIterations);
byte[] pass2Check = dBytes.GetBytes(256);
if (pass2Check.SequenceEqual(theUser.Password))
{
// Create user login token
UserToken token = new UserToken();
token.UserId = theUser.Id;
token.Token = Guid.NewGuid();
token.TokenType = TokenType.Login;
token.CreateDate = DateTime.Now;
UserTokensData tokenData = new UserTokensData(CurrentDataContext);
token.Id = tokenData.CreateToken(token);
response.Success = true;
response.UserToken = token.Token;
response.AutoLogoutInMinutes = 0;
response.User = theUser.StripSecurity();
}
else
{
response.Message = ErrorMessages.LOGIN_INVALID_PASSWORD;
}
}
else
{
response.Message = ErrorMessages.LOGIN_NO_USER_WITH_PROVIDED_USERNAME;
}
return(response);
}
public RegisterResponse RegisterUser(InputUser regUser)
{
RegisterResponse response = new RegisterResponse();
response.Errors = new List <string>();
try
{
UsersData data = new UsersData(CurrentDataContext);
if (data.UserExists(regUser.Email))
{
response.Success = false;
response.Message = ErrorMessages.REGISTER_DUPLICATE_USER_EMAIL;
response.Errors.Add(ErrorMessages.REGISTER_DUPLICATE_USER_EMAIL);
}
else
{
// Create our random 256 bit salt
RNGCryptoServiceProvider rngGod = new System.Security.Cryptography.RNGCryptoServiceProvider();
byte[] salt = new byte[32];
rngGod.GetBytes(salt);
// Prepare our password
Rfc2898DeriveBytes dBytes = new System.Security.Cryptography.Rfc2898DeriveBytes(regUser.Password, salt, NumKeyIterations);
User newUser = new User();
newUser.Email = regUser.Email;
newUser.Username = regUser.UserName;
newUser.Password = dBytes.GetBytes(256);
newUser.Salt = salt;
newUser.Verified = false;
newUser.SignUpDate = DateTime.Now;
// Create our user
newUser.Id = data.CreateUser(newUser);
// Create registration verification token
UserToken token = new UserToken();
token.UserId = newUser.Id;
token.Token = Guid.NewGuid();
token.TokenType = TokenType.Verify;
token.CreateDate = DateTime.Now;
UserTokensData tokenData = new UserTokensData(CurrentDataContext);
token.Id = tokenData.CreateToken(token);
// Send back our response
response.Success = true;
response.Message = newUser.Email;
response.RegisteredUser = newUser;
response.RegisteredToken = token;
}
}
catch (Exception e)
{
response.Success = false;
response.Message = e.Message;
response.Errors.Add(ErrorMessages.REGISTER_GENERAL_ERROR);
}
return(response);
}