public bool Login(User model)
        {
            bool res = false;

            string sqlConnectionString = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString;

            using (SqlConnection conn = new SqlConnection(sqlConnectionString))
            {
                conn.Open();

                using (SqlCommand cmd = new SqlCommand("dbo.Users_SelectByEmail", conn))
                {
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.AddWithValue("@Email", model.Email);
                    SqlDataReader reader = cmd.ExecuteReader();

                    if (reader.Read())
                    {
                        User responseModel = Mapper(reader);

                        int multOf4 = responseModel.Salt.Length % 4;
                        if (multOf4 > 0)
                        {
                            responseModel.Salt += new string('=', 4 - multOf4);
                        }
                        CryptographyService cryptSvc = new CryptographyService();
                        string passwordHash          = cryptSvc.Hash(model.BasicPass, responseModel.Salt);

                        if (passwordHash == responseModel.EncryptedPass)
                        {
                            res = true;
                        }
                    }
                }

                conn.Close();
            }

            return(res);
        }
Beispiel #2
0
        public int Register(User model)
        {
            int res = 0;

            CryptographyService cryptSvc = new CryptographyService();

            model.Salt          = cryptSvc.GenerateRandomString();
            model.EncryptedPass = cryptSvc.Hash(model.BasicPass, model.Salt);

            string sqlConnectionString = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString;

            using (SqlConnection conn = new SqlConnection(sqlConnectionString))
            {
                conn.Open();

                using (SqlCommand cmd = new SqlCommand("dbo.Users_Insert", conn))
                {
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.AddWithValue("@Email", model.Email);
                    cmd.Parameters.AddWithValue("@EncryptedPass", model.EncryptedPass);
                    cmd.Parameters.AddWithValue("@Salt", model.Salt);

                    SqlParameter param = new SqlParameter("@Id", SqlDbType.Int);
                    param.Direction = ParameterDirection.Output;
                    cmd.Parameters.Add(param);

                    cmd.ExecuteNonQuery();

                    res = (int)cmd.Parameters["@Id"].Value;
                }

                conn.Close();
            }

            return(res);
        }