public string Post([FromBody] UserLoginDTO userLoginDTO) { //Check existing if (northwindContext.TbIUsers.Any(user => user.Username.Equals(userLoginDTO.Username))) { TbIUser user = northwindContext.TbIUsers.Where(user => user.Username.Equals(userLoginDTO.Username)).First(); //Calculate hash password from data of Client and compare with hash in server with salt. var client_post_hash_password = Convert.ToBase64String( Common.SaltHashPassword( Encoding.ASCII.GetBytes(userLoginDTO.Password), Convert.FromBase64String(user.Salt))); if (client_post_hash_password.Equals(user.Password)) { return(JsonConvert.SerializeObject(user)); } else { HttpContext.Response.StatusCode = 412; return(JsonConvert.SerializeObject("Wrong Password")); } } else { HttpContext.Response.StatusCode = 401; return(JsonConvert.SerializeObject("User is not existing in Database")); } }
public string Post([FromBody] UserRegisterDTO userRegisterDTO) { //check User have existing in database if (!(northwindContext.TbIUsers.Any(u => u.Username.Equals(userRegisterDTO.Username))) && !(northwindContext.TbIUsers.Any(u => u.CustomerId.Equals(userRegisterDTO.CustomerId)))) { ValidatorResult validatorResult = UserValidator.IsValidUser(userRegisterDTO); if (!validatorResult.IsValid) { HttpContext.Response.StatusCode = 422; return(JsonConvert.SerializeObject(validatorResult.ValidationMessage)); } TbIUser user = new TbIUser(); user.Username = userRegisterDTO.Username; var customer = northwindContext.Customers.Find(userRegisterDTO.CustomerId); if (customer == null) { HttpContext.Response.StatusCode = 422; return(JsonConvert.SerializeObject("Wrong CustomerId.")); } user.CustomerId = userRegisterDTO.CustomerId; user.Salt = Convert.ToBase64String(Common.GetRandomSalt(16)); user.Password = Convert.ToBase64String(Common.SaltHashPassword( Encoding.ASCII.GetBytes(userRegisterDTO.Password), Convert.FromBase64String(user.Salt))); //Add to DB try { northwindContext.Add(user); northwindContext.SaveChanges(); HttpContext.Response.StatusCode = 200; return(JsonConvert.SerializeObject("Register successfully")); } catch (Exception e) { HttpContext.Response.StatusCode = 520; return(JsonConvert.SerializeObject(e.Message)); } } else { HttpContext.Response.StatusCode = 422; return(JsonConvert.SerializeObject("User is existing in Database.")); } }