public void CanCheckThatPasswordGivenIsSameAsHashedPassword()
{
using (var db = ConnectionHelper.CreateSqlConnection())
{
var userName = "******";
var password = "******";
var fullName = "John Squarepants";
HashPassword hashpassword = new HashPassword();
var passwordHashed = hashpassword.Hashpassword(password);
var hashpasswordThatWillbeChecked = hashpassword.Hashpassword(password);
db.Execute("INSERT INTO \"Users\" (username, password, fullname) VALUES(@userName, @passwordHashed, @fullName)", new { userName, passwordHashed, fullName });
var user = db.Query <string>("SELECT \"password\" FROM \"Users\"");
try
{
foreach (var person in user.Reverse())
{
Assert.IsTrue(hashpassword.CovertPasswordBack(person, password));
break;
}
}
finally
{
// Delete them from the table
db.Execute("DELETE FROM \"Users\" WHERE \"username\" = @userName", new { userName });
}
}
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var req = filterContext.HttpContext.Request;
var userNameAndPassword = AuthenticationHelper.ExtractUsernameAndPassword(req);
var Hashpassword = new HashPassword();
if (userNameAndPassword != null)
{
UserRepository userRepository = new UserRepository();
var users = userRepository.GetAllUsers();
foreach (var person in users)
{
if (person.username == userNameAndPassword.Username)
{
if (Hashpassword.CovertPasswordBack(person.password, userNameAndPassword.Password))
{
return;
}
}
}
}
const string realm = "MyFace";
filterContext.HttpContext.Response.AddHeader("WWW-Authenticate", $"Basic realm=\"{realm}\"");
filterContext.Result = new HttpUnauthorizedResult();
}
public ActionResult Login(Users login)
{
var users = new Users();
var UR = new UserRepository();
var HP = new HashPassword();
users = UR.GetUser(login);
if (users.username == login.username)
{
if (HP.CovertPasswordBack(users.password, login.password))
{
Session["User"] = users;
}
}
return(RedirectToAction("Index", "UserList"));
}
