// POST api/CustomLogin
public HttpResponseMessage Post(LoginRequest loginRequest)
{
homesecurityContext context = new homesecurityContext();
Account account = context.Accounts
.Where(a => a.Email == loginRequest.Email).SingleOrDefault();
if (account != null)
{
byte[] incoming = CustomLoginProviderUtils
.hash(loginRequest.Password, account.Salt);
if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword))
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.Email));
LoginResult loginResult = new CustomLoginProvider(handler)
.CreateLoginResult(claimsIdentity, Services.Settings.MasterKey);
var customLoginResult = new CustomLoginResult()
{
UserId = loginResult.User.UserId,
MobileServiceAuthenticationToken = loginResult.AuthenticationToken,
Verified = account.Verified
};
return this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult);
}
}
var message = "Fail";
return this.Request.CreateResponse(HttpStatusCode.Unauthorized,
new { message });
}
// POST api/CustomLogin
public HttpResponseMessage Post(LoginRequest loginRequest)
{
var context = new dhcchardwareContext();
var account = context.Accounts.SingleOrDefault(a => a.Username == loginRequest.username);
if (account == null)
{
return(this.Request.CreateResponse(HttpStatusCode.Unauthorized,
"Invalid username or password"));
}
byte[] incoming = CustomLoginProviderUtils
.hash(loginRequest.password, account.Salt);
if (!CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword))
{
return(this.Request.CreateResponse(HttpStatusCode.Unauthorized,
"Invalid username or password"));
}
var claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username));
var loginResult = new CustomLoginProvider(handler)
.CreateLoginResult(claimsIdentity, Services.Settings.MasterKey);
var customLoginResult = new CustomLoginResult()
{
UserId = loginResult.User.UserId,
MobileServiceAuthenticationToken = loginResult.AuthenticationToken
};
return(this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult));
}
/// <summary>
/// POST api/CustomLogin HTTP request handler
/// </summary>
public HttpResponseMessage Post(LoginRequest Request)
{
// Use local database context for testing local to service
//alltheairgeadmobileContext context = new alltheairgeadmobileContext();
// Setup the connection to the remote database
alltheairgeadContext context = new alltheairgeadContext(Services.Settings["ExistingDbConnectionString"]);
try
{
// Look for an account with the provided details
UserProfile account = context.UserProfiles.Where(a => a.Email == Request.Email).SingleOrDefault();
if (account != null)
{
// Store membership data from database in a webpages_Membership
webpages_Membership membership = context.Memberships.Where(a => a.UserId == account.UserId).SingleOrDefault();
// Attempt to verify the supplied password
if (Crypto.VerifyHashedPassword(membership.Password, Request.Password))
{
// Generate authentication token
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, Request.Email));
LoginResult loginResult = new CustomLoginProvider(handler).CreateLoginResult(claimsIdentity, Services.Settings.MasterKey);
return(this.Request.CreateResponse(HttpStatusCode.OK, loginResult));
}
}
// If an account could not be found with the username, return an unautherized response
return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password"));
}
catch
{
return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password"));
}
}
// POST api/CustomLogin
public HttpResponseMessage Post(LoginRequest loginRequest)
{
ToeTrackerTrainerMobContext context = new ToeTrackerTrainerMobContext();
Account account = context.Accounts
.Where(a => a.Username == loginRequest.username).SingleOrDefault();
if (account != null)
{
byte[] incoming = CustomLoginProviderUtils
.hash(loginRequest.password, account.Salt);
if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword))
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username));
LoginResult loginResult = new CustomLoginProvider(handler)
.CreateLoginResult(claimsIdentity, Services.Settings.MasterKey);
var customLoginResult = new CustomLoginResult()
{
UserId = loginResult.User.UserId,
MobileServiceAuthenticationToken = loginResult.AuthenticationToken,
UserType = account.Trainer == true ? "Trainer" : "Trainee"
};
return(this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult));
}
}
return(this.Request.CreateResponse(HttpStatusCode.Unauthorized,
"Invalid username or password"));
}
// POST api/CustomLogin
public HttpResponseMessage Post(LoginRequest loginRequest)
{
XamarinPushDemoContext context = new XamarinPushDemoContext();
Account account = context.Accounts
.Where(a => a.Username == loginRequest.username).SingleOrDefault();
if (account != null)
{
byte[] incoming = CustomLoginProviderUtils
.hash(loginRequest.password, account.Salt);
if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword))
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username));
LoginResult loginResult = new CustomLoginProvider(handler)
.CreateLoginResult(claimsIdentity, Services.Settings.MasterKey);
var customLoginResult = new CustomLoginResult()
{
UserId = loginResult.User.UserId,
MobileServiceAuthenticationToken = loginResult.AuthenticationToken
};
return this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult);
}
}
return this.Request.CreateResponse(HttpStatusCode.Unauthorized,
"Invalid username or password");
}
// POST api/CustomLogin
public HttpResponseMessage Post(LoginRequest loginRequest)
{
//Auth logic here...
if (loginRequest.username == "foo" && loginRequest.password == "bar")
{
var claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username));
var loginResult = new CustomLoginProvider(handler).CreateLoginResult(claimsIdentity, Services.Settings.MasterKey);
return(Request.CreateResponse(HttpStatusCode.OK, loginResult));
}
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password"));
}
// POST api/CustomLogin
public HttpResponseMessage Post(LoginRequest loginRequest)
{
Guid shardKey;
// SEND A QUERY TO ALL SHARD TO DETECT OUR SHARD!!!!
// SAVE companiesId to shardKey!
using (MultiShardConnection conn = new MultiShardConnection(WebApiConfig.ShardingObj.ShardMap.GetShards(), WebApiConfig.ShardingObj.connstring))
{
using (MultiShardCommand cmd = conn.CreateCommand())
{
// CHECK SCHEMA
// SQL INJECTION SECURITY ISSUE
cmd.CommandText = "SELECT CompaniesID FROM [mpbdm].[Accounts] JOIN [mpbdm].[Users] ON [mpbdm].[Users].Id = [mpbdm].[Accounts].User_Id WHERE email='" + loginRequest.email + "'";
cmd.CommandType = CommandType.Text;
cmd.ExecutionOptions = MultiShardExecutionOptions.IncludeShardNameColumn;
cmd.ExecutionPolicy = MultiShardExecutionPolicy.PartialResults;
// Async
using (MultiShardDataReader sdr = cmd.ExecuteReader())
{
bool res = sdr.Read();
if (res != false)
{
shardKey = new Guid(sdr.GetString(0));
}
else
{
return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Account doesn't exist!"));
}
}
}
}
// Connect with entity framework to the specific shard
mpbdmContext <Guid> context = new mpbdmContext <Guid>(WebApiConfig.ShardingObj.ShardMap, shardKey, WebApiConfig.ShardingObj.connstring);
Account account = context.Accounts.Include("User").Where(a => a.User.Email == loginRequest.email).SingleOrDefault();
if (account != null)
{
byte[] incoming = CustomLoginProviderUtils.hash(loginRequest.password, account.Salt);
if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword))
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, account.User.Email));
// Custom Claim must be added to CustomLoginProvider too !!
claimsIdentity.AddClaim(new Claim("shardKey", account.User.CompaniesID));
var customLoginProvider = new CustomLoginProvider(handler);
LoginResult loginResult = customLoginProvider.CreateLoginResult(claimsIdentity, Services.Settings.MasterKey);
MobileLoginResult res = new MobileLoginResult(account, loginResult);
return(this.Request.CreateResponse(HttpStatusCode.OK, res));
}
}
return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password"));
}
// POST api/CustomLogin
public HttpResponseMessage Post(LoginRequest loginRequest)
{
// TODO: Comment out for Azure Table storage.
MobileServiceContext context = new MobileServiceContext();
Account account = context.Accounts
.Where(a => a.Username == loginRequest.username).SingleOrDefault();
//// TODO: Uncomment to use Azure Table storage.
//// Create a query for a specific username.
//TableQuery<Account> query = new TableQuery<Account>().Where(
// TableQuery.GenerateFilterCondition("Username", QueryComparisons.Equal,
// loginRequest.username));
//// Execute the query to retrieve the account.
//Account account = accountTable.ExecuteQuery(query).SingleOrDefault();
if (account != null)
{
if (!account.IsConfirmed)
{
return(this.Request.CreateResponse(HttpStatusCode.BadRequest,
"You must first confim your account registration."));
}
byte[] incoming = CustomLoginProviderUtils
.hash(loginRequest.password, account.Salt);
if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword))
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username));
LoginResult loginResult = new CustomLoginProvider(handler)
.CreateLoginResult(claimsIdentity, Services.Settings.MasterKey);
var customLoginResult = new CustomLoginResult()
{
UserId = loginResult.User.UserId,
MobileServiceAuthenticationToken = loginResult.AuthenticationToken
};
return(this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult));
}
}
return(this.Request.CreateResponse(HttpStatusCode.Unauthorized,
"Invalid username or password"));
}
// POST api/CustomLogin
public HttpResponseMessage Post(LoginRequest loginRequest)
{
// TODO: Comment out for Azure Table storage.
MobileServiceContext context = new MobileServiceContext();
Account account = context.Accounts
.Where(a => a.Username == loginRequest.username).SingleOrDefault();
//// TODO: Uncomment to use Azure Table storage.
//// Create a query for a specific username.
//TableQuery<Account> query = new TableQuery<Account>().Where(
// TableQuery.GenerateFilterCondition("Username", QueryComparisons.Equal,
// loginRequest.username));
//// Execute the query to retrieve the account.
//Account account = accountTable.ExecuteQuery(query).SingleOrDefault();
if (account != null)
{
if (!account.IsConfirmed)
{
return this.Request.CreateResponse(HttpStatusCode.BadRequest,
"You must first confim your account registration.");
}
byte[] incoming = CustomLoginProviderUtils
.hash(loginRequest.password, account.Salt);
if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword))
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username));
LoginResult loginResult = new CustomLoginProvider(handler)
.CreateLoginResult(claimsIdentity, Services.Settings.MasterKey);
var customLoginResult = new CustomLoginResult()
{
UserId = loginResult.User.UserId,
MobileServiceAuthenticationToken = loginResult.AuthenticationToken
};
return this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult);
}
}
return this.Request.CreateResponse(HttpStatusCode.Unauthorized,
"Invalid username or password");
}
public HttpResponseMessage Post(LoginRequest pLoginRequest)
{
TalkerContext talkerContext = new TalkerContext();
User user = talkerContext.Users.Where(a => a.mName == pLoginRequest.mUserName).SingleOrDefault();
if (user != null)
{
byte[] incomingPd = PasswordUtility.hash(pLoginRequest.mPassword, user.mSalt);
if (PasswordUtility.slowEquals(incomingPd, user.mSaltedAndHashedPd))
{
ClaimsIdentity claimsId = new ClaimsIdentity();
claimsId.AddClaim(new Claim(ClaimTypes.NameIdentifier, pLoginRequest.mUserName));
LoginResult loginResult = new CustomLoginProvider(handler).CreateLoginResult(claimsId, Services.Settings.MasterKey);
return(this.Request.CreateResponse(HttpStatusCode.OK, loginResult));
}
}
return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid Username or Password"));
}
// POST api/CustomLogin
public HttpResponseMessage Post(LoginRequest loginRequest)
{
myanmarticketContext context = new myanmarticketContext();
Account account = context.Accounts.Where(a => a.Email == loginRequest.email).SingleOrDefault();
if (account != null)
{
byte[] incoming = CustomLoginProviderUtils.hash(loginRequest.password, account.Salt);
if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword))
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.email));
LoginResult loginResult = new CustomLoginProvider(handler).CreateLoginResult(claimsIdentity, Services.Settings.MasterKey);
return(this.Request.CreateResponse(HttpStatusCode.OK, loginResult));
}
}
return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid email or password"));
}
