Example #1
0
        public string Post([FromBody] UserLoginDTO userLoginDTO)
        {
            //Check existing
            if (northwindContext.TbIUsers.Any(user => user.Username.Equals(userLoginDTO.Username)))
            {
                TbIUser user = northwindContext.TbIUsers.Where(user => user.Username.Equals(userLoginDTO.Username)).First();

                //Calculate hash password from data of Client and compare with hash in server with salt.
                var client_post_hash_password = Convert.ToBase64String(
                    Common.SaltHashPassword(
                        Encoding.ASCII.GetBytes(userLoginDTO.Password),
                        Convert.FromBase64String(user.Salt)));

                if (client_post_hash_password.Equals(user.Password))
                {
                    return(JsonConvert.SerializeObject(user));
                }
                else
                {
                    HttpContext.Response.StatusCode = 412;
                    return(JsonConvert.SerializeObject("Wrong Password"));
                }
            }
            else
            {
                HttpContext.Response.StatusCode = 401;
                return(JsonConvert.SerializeObject("User is not existing in Database"));
            }
        }
        public string Post([FromBody] UserRegisterDTO userRegisterDTO)
        {
            //check User have existing in database
            if (!(northwindContext.TbIUsers.Any(u => u.Username.Equals(userRegisterDTO.Username))) &&
                !(northwindContext.TbIUsers.Any(u => u.CustomerId.Equals(userRegisterDTO.CustomerId))))
            {
                ValidatorResult validatorResult = UserValidator.IsValidUser(userRegisterDTO);
                if (!validatorResult.IsValid)
                {
                    HttpContext.Response.StatusCode = 422;
                    return(JsonConvert.SerializeObject(validatorResult.ValidationMessage));
                }

                TbIUser user = new TbIUser();
                user.Username = userRegisterDTO.Username;
                var customer = northwindContext.Customers.Find(userRegisterDTO.CustomerId);
                if (customer == null)
                {
                    HttpContext.Response.StatusCode = 422;
                    return(JsonConvert.SerializeObject("Wrong CustomerId."));
                }
                user.CustomerId = userRegisterDTO.CustomerId;
                user.Salt       = Convert.ToBase64String(Common.GetRandomSalt(16));
                user.Password   = Convert.ToBase64String(Common.SaltHashPassword(
                                                             Encoding.ASCII.GetBytes(userRegisterDTO.Password),
                                                             Convert.FromBase64String(user.Salt)));

                //Add to DB
                try
                {
                    northwindContext.Add(user);
                    northwindContext.SaveChanges();
                    HttpContext.Response.StatusCode = 200;
                    return(JsonConvert.SerializeObject("Register successfully"));
                }
                catch (Exception e)
                {
                    HttpContext.Response.StatusCode = 520;
                    return(JsonConvert.SerializeObject(e.Message));
                }
            }
            else
            {
                HttpContext.Response.StatusCode = 422;
                return(JsonConvert.SerializeObject("User is existing in Database."));
            }
        }