// POST api/CustomLogin public HttpResponseMessage Post(LoginRequest loginRequest) { homesecurityContext context = new homesecurityContext(); Account account = context.Accounts .Where(a => a.Email == loginRequest.Email).SingleOrDefault(); if (account != null) { byte[] incoming = CustomLoginProviderUtils .hash(loginRequest.Password, account.Salt); if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword)) { ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.Email)); LoginResult loginResult = new CustomLoginProvider(handler) .CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); var customLoginResult = new CustomLoginResult() { UserId = loginResult.User.UserId, MobileServiceAuthenticationToken = loginResult.AuthenticationToken, Verified = account.Verified }; return this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult); } } var message = "Fail"; return this.Request.CreateResponse(HttpStatusCode.Unauthorized, new { message }); }
// POST api/CustomLogin public HttpResponseMessage Post(LoginRequest loginRequest) { var context = new dhcchardwareContext(); var account = context.Accounts.SingleOrDefault(a => a.Username == loginRequest.username); if (account == null) { return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password")); } byte[] incoming = CustomLoginProviderUtils .hash(loginRequest.password, account.Salt); if (!CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword)) { return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password")); } var claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username)); var loginResult = new CustomLoginProvider(handler) .CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); var customLoginResult = new CustomLoginResult() { UserId = loginResult.User.UserId, MobileServiceAuthenticationToken = loginResult.AuthenticationToken }; return(this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult)); }
/// <summary> /// POST api/CustomLogin HTTP request handler /// </summary> public HttpResponseMessage Post(LoginRequest Request) { // Use local database context for testing local to service //alltheairgeadmobileContext context = new alltheairgeadmobileContext(); // Setup the connection to the remote database alltheairgeadContext context = new alltheairgeadContext(Services.Settings["ExistingDbConnectionString"]); try { // Look for an account with the provided details UserProfile account = context.UserProfiles.Where(a => a.Email == Request.Email).SingleOrDefault(); if (account != null) { // Store membership data from database in a webpages_Membership webpages_Membership membership = context.Memberships.Where(a => a.UserId == account.UserId).SingleOrDefault(); // Attempt to verify the supplied password if (Crypto.VerifyHashedPassword(membership.Password, Request.Password)) { // Generate authentication token ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, Request.Email)); LoginResult loginResult = new CustomLoginProvider(handler).CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); return(this.Request.CreateResponse(HttpStatusCode.OK, loginResult)); } } // If an account could not be found with the username, return an unautherized response return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password")); } catch { return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password")); } }
// POST api/CustomLogin public HttpResponseMessage Post(LoginRequest loginRequest) { ToeTrackerTrainerMobContext context = new ToeTrackerTrainerMobContext(); Account account = context.Accounts .Where(a => a.Username == loginRequest.username).SingleOrDefault(); if (account != null) { byte[] incoming = CustomLoginProviderUtils .hash(loginRequest.password, account.Salt); if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword)) { ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username)); LoginResult loginResult = new CustomLoginProvider(handler) .CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); var customLoginResult = new CustomLoginResult() { UserId = loginResult.User.UserId, MobileServiceAuthenticationToken = loginResult.AuthenticationToken, UserType = account.Trainer == true ? "Trainer" : "Trainee" }; return(this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult)); } } return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password")); }
// POST api/CustomLogin public HttpResponseMessage Post(LoginRequest loginRequest) { XamarinPushDemoContext context = new XamarinPushDemoContext(); Account account = context.Accounts .Where(a => a.Username == loginRequest.username).SingleOrDefault(); if (account != null) { byte[] incoming = CustomLoginProviderUtils .hash(loginRequest.password, account.Salt); if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword)) { ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username)); LoginResult loginResult = new CustomLoginProvider(handler) .CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); var customLoginResult = new CustomLoginResult() { UserId = loginResult.User.UserId, MobileServiceAuthenticationToken = loginResult.AuthenticationToken }; return this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult); } } return this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password"); }
// POST api/CustomLogin public HttpResponseMessage Post(LoginRequest loginRequest) { //Auth logic here... if (loginRequest.username == "foo" && loginRequest.password == "bar") { var claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username)); var loginResult = new CustomLoginProvider(handler).CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); return(Request.CreateResponse(HttpStatusCode.OK, loginResult)); } return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password")); }
// POST api/CustomLogin public HttpResponseMessage Post(LoginRequest loginRequest) { Guid shardKey; // SEND A QUERY TO ALL SHARD TO DETECT OUR SHARD!!!! // SAVE companiesId to shardKey! using (MultiShardConnection conn = new MultiShardConnection(WebApiConfig.ShardingObj.ShardMap.GetShards(), WebApiConfig.ShardingObj.connstring)) { using (MultiShardCommand cmd = conn.CreateCommand()) { // CHECK SCHEMA // SQL INJECTION SECURITY ISSUE cmd.CommandText = "SELECT CompaniesID FROM [mpbdm].[Accounts] JOIN [mpbdm].[Users] ON [mpbdm].[Users].Id = [mpbdm].[Accounts].User_Id WHERE email='" + loginRequest.email + "'"; cmd.CommandType = CommandType.Text; cmd.ExecutionOptions = MultiShardExecutionOptions.IncludeShardNameColumn; cmd.ExecutionPolicy = MultiShardExecutionPolicy.PartialResults; // Async using (MultiShardDataReader sdr = cmd.ExecuteReader()) { bool res = sdr.Read(); if (res != false) { shardKey = new Guid(sdr.GetString(0)); } else { return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Account doesn't exist!")); } } } } // Connect with entity framework to the specific shard mpbdmContext <Guid> context = new mpbdmContext <Guid>(WebApiConfig.ShardingObj.ShardMap, shardKey, WebApiConfig.ShardingObj.connstring); Account account = context.Accounts.Include("User").Where(a => a.User.Email == loginRequest.email).SingleOrDefault(); if (account != null) { byte[] incoming = CustomLoginProviderUtils.hash(loginRequest.password, account.Salt); if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword)) { ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, account.User.Email)); // Custom Claim must be added to CustomLoginProvider too !! claimsIdentity.AddClaim(new Claim("shardKey", account.User.CompaniesID)); var customLoginProvider = new CustomLoginProvider(handler); LoginResult loginResult = customLoginProvider.CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); MobileLoginResult res = new MobileLoginResult(account, loginResult); return(this.Request.CreateResponse(HttpStatusCode.OK, res)); } } return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password")); }
// POST api/CustomLogin public HttpResponseMessage Post(LoginRequest loginRequest) { // TODO: Comment out for Azure Table storage. MobileServiceContext context = new MobileServiceContext(); Account account = context.Accounts .Where(a => a.Username == loginRequest.username).SingleOrDefault(); //// TODO: Uncomment to use Azure Table storage. //// Create a query for a specific username. //TableQuery<Account> query = new TableQuery<Account>().Where( // TableQuery.GenerateFilterCondition("Username", QueryComparisons.Equal, // loginRequest.username)); //// Execute the query to retrieve the account. //Account account = accountTable.ExecuteQuery(query).SingleOrDefault(); if (account != null) { if (!account.IsConfirmed) { return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "You must first confim your account registration.")); } byte[] incoming = CustomLoginProviderUtils .hash(loginRequest.password, account.Salt); if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword)) { ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username)); LoginResult loginResult = new CustomLoginProvider(handler) .CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); var customLoginResult = new CustomLoginResult() { UserId = loginResult.User.UserId, MobileServiceAuthenticationToken = loginResult.AuthenticationToken }; return(this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult)); } } return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password")); }
// POST api/CustomLogin public HttpResponseMessage Post(LoginRequest loginRequest) { // TODO: Comment out for Azure Table storage. MobileServiceContext context = new MobileServiceContext(); Account account = context.Accounts .Where(a => a.Username == loginRequest.username).SingleOrDefault(); //// TODO: Uncomment to use Azure Table storage. //// Create a query for a specific username. //TableQuery<Account> query = new TableQuery<Account>().Where( // TableQuery.GenerateFilterCondition("Username", QueryComparisons.Equal, // loginRequest.username)); //// Execute the query to retrieve the account. //Account account = accountTable.ExecuteQuery(query).SingleOrDefault(); if (account != null) { if (!account.IsConfirmed) { return this.Request.CreateResponse(HttpStatusCode.BadRequest, "You must first confim your account registration."); } byte[] incoming = CustomLoginProviderUtils .hash(loginRequest.password, account.Salt); if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword)) { ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username)); LoginResult loginResult = new CustomLoginProvider(handler) .CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); var customLoginResult = new CustomLoginResult() { UserId = loginResult.User.UserId, MobileServiceAuthenticationToken = loginResult.AuthenticationToken }; return this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult); } } return this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password"); }
public HttpResponseMessage Post(LoginRequest pLoginRequest) { TalkerContext talkerContext = new TalkerContext(); User user = talkerContext.Users.Where(a => a.mName == pLoginRequest.mUserName).SingleOrDefault(); if (user != null) { byte[] incomingPd = PasswordUtility.hash(pLoginRequest.mPassword, user.mSalt); if (PasswordUtility.slowEquals(incomingPd, user.mSaltedAndHashedPd)) { ClaimsIdentity claimsId = new ClaimsIdentity(); claimsId.AddClaim(new Claim(ClaimTypes.NameIdentifier, pLoginRequest.mUserName)); LoginResult loginResult = new CustomLoginProvider(handler).CreateLoginResult(claimsId, Services.Settings.MasterKey); return(this.Request.CreateResponse(HttpStatusCode.OK, loginResult)); } } return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid Username or Password")); }
// POST api/CustomLogin public HttpResponseMessage Post(LoginRequest loginRequest) { myanmarticketContext context = new myanmarticketContext(); Account account = context.Accounts.Where(a => a.Email == loginRequest.email).SingleOrDefault(); if (account != null) { byte[] incoming = CustomLoginProviderUtils.hash(loginRequest.password, account.Salt); if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword)) { ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.email)); LoginResult loginResult = new CustomLoginProvider(handler).CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); return(this.Request.CreateResponse(HttpStatusCode.OK, loginResult)); } } return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid email or password")); }