//===========================================================================================
//Login
//===========================================================================================
protected void btnAdminLogin_Click(object sender, EventArgs e)
{
//Connecting to the Database.
using (DefaultConnection1 db = new DefaultConnection1())
{
//Creating user in memory.
admin_users objI = new admin_users();
//First get the salt value for this username
String username = txtUsernameLogin.Text;
objI = (from em in db.admin_users
where em.admin_username == username
select em).FirstOrDefault();
//Did the username match?
if (objI != null)
{
//Grabing salt.
String salt = objI.admin_salt;
//Salt and hash the plan text password.
String password = txtPasswordLogin.Text;
String pass_and_salt = password + salt;
// Create a new instance of the hash crypto service provider.
HashAlgorithm hashAlg = new SHA256CryptoServiceProvider();
// Convert the data to hash to an array of Bytes.
byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(pass_and_salt);
// Compute the Hash. This returns an array of Bytes.
byte[] bytHash = hashAlg.ComputeHash(bytValue);
// Optionally, represent the hash value as a base64-encoded string,
// For example, if you need to display the value or transmit it over a network.
string base64 = Convert.ToBase64String(bytHash);
//Check if the password that was just salted and hashed matches the password in the database.
if (objI.admin_password == base64)
{
//Checking if the password was the same, Showing a valid login.
lblSubmitLoginMessage.Text = "Valid Login";
//Store the indentity in the session object.
Session["admin_user_id"] = objI.admin_user_id;
//Rediect to logged in homepage.
Response.Redirect("admin_grid.aspx");
}
else
{
lblSubmitLoginMessageError.Text = "Invaild Login, the Email or Password may be wrong.";
}
}
}
}
/**
* Name: protected void Page_Load(object sender, EventArgs e)
* Description: Called to authenticate the admin credentials and redirects to admin default page if theyre correct.
* Arguments: sender: Object being sent. Not currently used.
* e: Any events being sent. Not currently used.
* Return: Nothing being returned.
* Author: Johnathan Falbo
* Date: 16/04/2015
* */
protected void Authenticate_Login(object sender, EventArgs e)
{
string username = usernameTextBox.Text;
string password = passwordTextBox.Text;
SearchEntities db = new SearchEntities();
admin_users adminUsr = new admin_users();
adminUsr.username = usernameTextBox.Text;
adminUsr.password = passwordTextBox.Text;
List <admin_users> adminList = db.admin_users.ToList <admin_users>();
admin_users tempAdmin;
admin_users tempAdmin2 = null;
for (int i = 0; i < adminList.Count; i++)
{
tempAdmin = adminList.ElementAt <admin_users>(i);
if (Encryption.Decrypt(tempAdmin.username) == usernameTextBox.Text)
{
tempAdmin2 = tempAdmin;
break;
}
}
if (tempAdmin2 != null)
{
if (Encryption.Decrypt(tempAdmin2.password) == Encryption.GetSHA256Hash(passwordTextBox.Text))
{
messageLabel1.Text = "authenticated";
AdminObject aO = new AdminObject();
aO.SetUserName(Encryption.Decrypt(tempAdmin2.username));
Session["Admin"] = aO;
Response.Redirect("Default.aspx");
}
else
{
messageLabel1.Text = "authentication failed";
}
}
//string enusr = Encryption.Encrypt(usernameTextBox.Text);
//string enusr = Encryption.GetSHA256Hash(usernameTextBox.Text);
//messageLabel1.Text = Server.HtmlEncode(enusr);
}
public ActionResult Index(admin_users u)
{
if (ModelState.IsValid)
{
using (AdminContext ac = new AdminContext())
{
var v = ac.admin_users.Where(a => a.email.Equals(u.email) && a.password.Equals(u.password)).SingleOrDefault();
if (v != null)
{
Session["id"] = u.id;
Response.Redirect("~/Account/Index");
}
else
{
ViewBag.Message = "Invalid Credentials.";
}
}
}
return(View());
}
//===========================================================================================
//Signup
//===========================================================================================
protected void btnAdminSignUp_Click(object sender, EventArgs e)
{
//Connect to the Database.
using (DefaultConnection1 db = new DefaultConnection1())
{
//Creating a new user.
admin_users objI = new admin_users();
//Fill the properties from the form inputs.
objI.admin_username = txtUsernameSignUp.Text;
//Salt and Hash the plan text Password.
String password = txtPasswordSignUp.Text;
String salt = CreateSalt(8);
String pass_and_salt = password + salt;
// Create a new instance of the hash crypto service provider.
HashAlgorithm hashAlg = new SHA256CryptoServiceProvider();
// Convert the data to hash to an array of Bytes.
byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(pass_and_salt);
// Compute the Hash. This returns an array of Bytes.
byte[] bytHash = hashAlg.ComputeHash(bytValue);
// Optionally, represent the hash value as a base64-encoded string,
// For example, if you need to display the value or transmit it over a network.
string base64 = Convert.ToBase64String(bytHash);
//Filling the properties of password to Database.
objI.admin_password = base64;
objI.admin_salt = salt;
//Saving information into Database.
db.admin_users.Add(objI);
db.SaveChanges();
}
}
