private bool isValidPassword(string username, string password)
{
UserBE user = getUserFromDB(username);
bool isValid = false;
if (!string.IsNullOrEmpty(user.user))
{
byte[] hashedPassword = Cryptographic.HashPasswordWithSalt(Encoding.UTF8.GetBytes(password), user.salt);
if (hashedPassword.SequenceEqual(user.pass))
{
isValid = true;
}
}
return(isValid);
}
private bool saveUser(string user, string password)
{
bool isSaved = false;
byte[] salt = Cryptographic.GenerateSalt();
var hashedPassword = Cryptographic.HashPasswordWithSalt(Encoding.UTF8.GetBytes(password), salt);
var connectionString = ConfigurationManager.ConnectionStrings["DemoCredentials"].ConnectionString;
using (SqlConnection connection = new SqlConnection(connectionString))
{
string saveUser = "******";
using (SqlCommand command = new SqlCommand())
{
command.Connection = connection;
command.CommandType = CommandType.Text;
command.CommandText = saveUser;
command.Parameters.Add("@username", SqlDbType.VarChar, 50).Value = user;
command.Parameters.Add("@salt", SqlDbType.VarBinary).Value = salt;
command.Parameters.Add("@pass", SqlDbType.VarBinary).Value = hashedPassword;
try
{
connection.Open();
int recordsAffected = command.ExecuteNonQuery();
if (recordsAffected > 0)
{
isSaved = true;
}
}
catch (SqlException ex)
{
lblResultado.Text = ex.Message;
}
finally
{
connection.Close();
}
}
}
return(isSaved);
}
