protected override bool?VerifyUserImpl(string username, string password) { using (var ctx = LearnLanguagesContextManager.Instance.GetManager()) { var results = from userData in ctx.ObjectContext.UserDatas where userData.Username == username select userData; if (results.Count() == 1) { var user = results.First(); var authenticated = (SaltedHashedPassword.GetHashedPasswordValue(password, user.Salt) == user.SaltedHashedPasswordValue); //RETURNS SUCCESS IF VALIDATION IS AUTHENTICATED OR NOT. DOES *NOT* THROW EXCEPTION //IF CREDENTIALS ARE INVALID. return(authenticated); } else { if (results.Count() == 0) { return(false); //FALSE BECAUSE USER NOT FOUND } else { //results.count is not one or zero. either it's negative, which would be framework absurd, or its more than one, //which means that we have multiple users with the same username. this is very bad. var errorMsg = string.Format(DalResources.ErrorMsgVeryBadException, DalResources.ErrorMsgVeryBadExceptionDetail_ResultCountNotOneOrZero); throw new Exceptions.VeryBadException(errorMsg); } } } }
//private string _TestValidPassword = "******"; //private string _TestSaltedHashedPassword = @"瞌訖ꎚ壿喐ຯ缟㕧"; //private int _TestSalt = -54623530; //private string _TestInvalidUsername = "******"; //private string _TestInvalidPassword = "******"; /// <summary> /// Returns Success(true) if verify user is valid, Success(false) if invalid. Throws exceptions if something bad happens. /// </summary> /// <param name="username"></param> /// <param name="password"></param> /// <returns></returns> protected override bool?VerifyUserImpl(string username, string password) { bool?retResult = null; var results = from u in SeedData.Ton.Users where u.Username == username select u; if (results.Count() == 1) { //USERNAME FOUND. CHECK PASSWORD var userDto = results.First(); SaltedHashedPassword saltedHashedPasswordObj = new SaltedHashedPassword(password, userDto.Salt); if (string.Compare(userDto.SaltedHashedPasswordValue, saltedHashedPasswordObj.Value, StringComparison.InvariantCulture) == 0) { //PASSWORDS MATCH retResult = true; } else { //PASSWORDS DO *NOT* MATCH retResult = false; } } else if (results.Count() == 0) { //USERNAME NOT FOUND. retResult = false; } else { //?? VERY BAD EXCEPTION. MULTIPLE USERS WITH THAT USERNAME FOUND? throw new Exceptions.VeryBadException(); } return(retResult); }