Ejemplo n.º 1
0
        public ActionResult Login(string username, string password, bool rememberme = false)
        {
            var user = UserAccountCSV.Authenticate(username, password);

            if (user != null)            // If not null then it's a valid login
            {
                var authTicket = new FormsAuthenticationTicket(
                    1,                                                  // version
                    user.UserName,                                      // user name
                    DateTime.Now,                                       // created
                    DateTime.Now.AddMinutes(20),                        // expires
                    rememberme,                                         // persistent?
                    user.Roles                                          // can be used to store roles
                    );

                string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

                var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
                System.Web.HttpContext.Current.Response.Cookies.Add(authCookie);

                Session["user"] = user.UserName;

                return(Redirect(FormsAuthentication.GetRedirectUrl(user.UserName, rememberme)));                // auth succeed
            }

            // invalid username or password
            ModelState.AddModelError("invalidLogin", "Invalid username or password");
            return(View());
        }
Ejemplo n.º 2
0
        public ActionResult Register(string username, string password, string role = "")
        {
            if (role.ToLower() == "admin")
            {
                role = "user";                                       // Prevent unauthorized creation of admin account
            }
            var result = UserAccountCSV.Create(username, password, role);

            return(Content(result.UserName));
        }
Ejemplo n.º 3
0
    public static UserAccountCSV Create(string userName, string userPassword, string userRoles = "", bool requiresActivation = false)
    {
        if (string.IsNullOrWhiteSpace(userPassword))
        {
            return(null);
        }
        if (string.IsNullOrWhiteSpace(userName) || userName.Any(Char.IsWhiteSpace))
        {
            return(null);
        }

        var user = new UserAccountCSV();

        user.UserName = userName.Trim().ToLower();

        var accounts   = ReadAccountCSV();
        var userExists = accounts.FirstOrDefault(x => x.UserName == user.UserName) != null;

        if (userExists)
        {
            return(null);
        }

        // Create PasswordHash
        using (var hmac = new System.Security.Cryptography.HMACSHA1()) //HMACSHA512
        {
            user.PasswordSalt = hmac.Key;
            user.PasswordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(userPassword));
        }

        user.Roles     = System.Text.RegularExpressions.Regex.Replace(userRoles, @"\s+", "");
        user.CreatedOn = DateTime.Now;
        user.IsActive  = !requiresActivation;

        accounts.Add(user);
        WriteAccountCSV(accounts);

        user.PasswordSalt = null;
        user.PasswordHash = null;
        return(user);
    }
Ejemplo n.º 4
0
        public ActionResult GetUsersCSV()
        {
            var file = UserAccountCSV.GetCsvFile();

            return(File(file, "text/csv"));
        }