Beispiel #1
0
        protected void btnLogin_Click(object sender, EventArgs e)
        {
            using (DefaultConnection db = new DefaultConnection())
            {
                Instructor objc = new Instructor();

                String username = txtUserName.Text;

                objc = (from i in db.Instructors
                        where i.Username == username
                        select i).FirstOrDefault();

                if (objc != null)
                {
                    String salt = objc.Salt;

                    //salt and hash password
                    String password = txtPassword.Text;

                    String pass_and_salt = password + salt;

                    // Create a new instance of the hash crypto service provider.
                    HashAlgorithm hashAlg = new SHA256CryptoServiceProvider();
                    // Convert the data to hash to an array of Bytes.
                    byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(pass_and_salt);
                    // Compute the Hash. This returns an array of Bytes.
                    byte[] bytHash = hashAlg.ComputeHash(bytValue);
                    // Optionally, represent the hash value as a base64-encoded string,
                    // For example, if you need to display the value or transmit it over a network.
                    string base64 = Convert.ToBase64String(bytHash);

                    // cehck if matches password in db
                    if (objc.Password == base64)
                    {
                        lblError.Text = "Valid login";

                        // store session variable
                        Session["InstructorID"] = objc.InstructorID;
                        Session["InstructorName"] = objc.FirstName + " " + objc.LastName;
                        Session["DepartmentID"] = objc.DepartmentID;

                        Response.Redirect("departments.aspx");
                    }
                }
                else
                {
                    lblError.Text = "invalid login";
                }
            }
        }
        protected void btnRegister_Click(object sender, EventArgs e)
        {
            try
            {
                using (DefaultConnection db = new DefaultConnection())
                {
                    Instructor objc = new Instructor();

                    objc.FirstName = txtFirstName.Text;
                    objc.LastName = txtLastName.Text;
                    objc.Username = txtUserName.Text;
                    objc.DepartmentID = Convert.ToInt32(ddlDepartments.SelectedValue);

                    //salt and hash password
                    String password = txtPassword.Text;
                    String salt = CreateSalt(8);
                    String pass_and_salt = password + salt;

                    // Create a new instance of the hash crypto service provider.
                    HashAlgorithm hashAlg = new SHA256CryptoServiceProvider();
                    // Convert the data to hash to an array of Bytes.
                    byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(pass_and_salt);
                    // Compute the Hash. This returns an array of Bytes.
                    byte[] bytHash = hashAlg.ComputeHash(bytValue);
                    // Optionally, represent the hash value as a base64-encoded string,
                    // For example, if you need to display the value or transmit it over a network.
                    string base64 = Convert.ToBase64String(bytHash);

                    objc.Password = base64;
                    objc.Salt = salt;

                    db.Instructors.Add(objc);
                    db.SaveChanges();
            }

            }
            catch
            {
                Response.Redirect("~/error.aspx");
            }
        }