public ActionResult Login(string username, string password, bool rememberme = false) { var user = UserAccountCSV.Authenticate(username, password); if (user != null) // If not null then it's a valid login { var authTicket = new FormsAuthenticationTicket( 1, // version user.UserName, // user name DateTime.Now, // created DateTime.Now.AddMinutes(20), // expires rememberme, // persistent? user.Roles // can be used to store roles ); string encryptedTicket = FormsAuthentication.Encrypt(authTicket); var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); System.Web.HttpContext.Current.Response.Cookies.Add(authCookie); Session["user"] = user.UserName; return(Redirect(FormsAuthentication.GetRedirectUrl(user.UserName, rememberme))); // auth succeed } // invalid username or password ModelState.AddModelError("invalidLogin", "Invalid username or password"); return(View()); }
public ActionResult Register(string username, string password, string role = "") { if (role.ToLower() == "admin") { role = "user"; // Prevent unauthorized creation of admin account } var result = UserAccountCSV.Create(username, password, role); return(Content(result.UserName)); }
public static UserAccountCSV Create(string userName, string userPassword, string userRoles = "", bool requiresActivation = false) { if (string.IsNullOrWhiteSpace(userPassword)) { return(null); } if (string.IsNullOrWhiteSpace(userName) || userName.Any(Char.IsWhiteSpace)) { return(null); } var user = new UserAccountCSV(); user.UserName = userName.Trim().ToLower(); var accounts = ReadAccountCSV(); var userExists = accounts.FirstOrDefault(x => x.UserName == user.UserName) != null; if (userExists) { return(null); } // Create PasswordHash using (var hmac = new System.Security.Cryptography.HMACSHA1()) //HMACSHA512 { user.PasswordSalt = hmac.Key; user.PasswordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(userPassword)); } user.Roles = System.Text.RegularExpressions.Regex.Replace(userRoles, @"\s+", ""); user.CreatedOn = DateTime.Now; user.IsActive = !requiresActivation; accounts.Add(user); WriteAccountCSV(accounts); user.PasswordSalt = null; user.PasswordHash = null; return(user); }
public ActionResult GetUsersCSV() { var file = UserAccountCSV.GetCsvFile(); return(File(file, "text/csv")); }