protected void Page_Load(object sender, EventArgs e)
{
// if there is no user defined yet, notify the user
if (AuthorManager.Count(0, 10) < 1)
{
LoginBlogo.UserName = "******";
LabelMessage.Text = @"You have not yet defined a blog user. You can create new blog users from the 'manage users' option in the
administration panel. For now, you can use username: admin, password: admin to access the administration panel. Once you have created
a blog user, the admin account will automatically be disabled and the administration panel protected by your newly defined username
and password.";
}
}
public override bool ValidateUser(string username, string password)
{
// this is custom authentication logic against Blogo's user store
// steps involved:
// 0. if no users are yet defined, accept user admin, password admin
// 1. get Author object based on "username"
// 2. get salt of author object
// 3. hash "password" using the salt
// 4. check if the result is the same as the stored hashed password
bool result = false;
try
{
if (AuthorManager.Count(0, 10) < 1 && username == "admin" && password == "admin")
{
result = true;
}
else
{
string salt = null;
string hashedPassword = null;
Author currentUser = AuthorManager.GetItem(username);
if (currentUser != null)
{
salt = currentUser.salt;
hashedPassword = Hash.HashPassword(password, salt);
if (hashedPassword.Equals(currentUser.password))
{
// successfully authenticated!
result = true;
}
}
}
}
catch (Exception)
{
}
return(result);
}