public ActionResult Login(LoginModel model) { if (ModelState.IsValid) { string password = model.Password; VideoGameStoreDBContext db = new VideoGameStoreDBContext(); var users = db.Users.Where(u => u.email == model.Email).ToList(); if (users.Count == 1) { User user = users.FirstOrDefault(); string hashedPassword = user.user_password; if (CheckPassword(password, hashedPassword)) { var role = ""; if (user.is_admin) { role = "Admin"; } else if (user.is_employee) { role = "Employee"; } else if (user.is_member) { role = "Member"; } else { role = "Customer"; } var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, user.username), new Claim(ClaimTypes.Email, user.email), new Claim(ClaimTypes.Role, role) }, "ApplicationCookie"); var context = Request.GetOwinContext(); var authManager = context.Authentication; authManager.SignIn(identity); return(RedirectToAction("Index", "Home")); } ModelState.AddModelError("", "Incorrect password."); return(View(model)); } else { ModelState.AddModelError("", "Email address not found."); return(View(model)); } } else { ModelState.AddModelError("", "Invalid email or password."); return(View(model)); } }
public ActionResult Register(User user) { if (ModelState.IsValid) { string password = user.user_password; string hashedPassword = Crypto.HashPassword(password); user.user_password = hashedPassword; VideoGameStoreDBContext db = new VideoGameStoreDBContext(); db.Users.Add(user); db.SaveChanges(); return(RedirectToAction("Index", "Home")); } else { ModelState.AddModelError("", "One or more fields are invalid"); return(View()); } }
public bool CheckPassword(string plainTextPassword, string hashedPassword) { VideoGameStoreDBContext db = new VideoGameStoreDBContext(); return(Crypto.VerifyHashedPassword(hashedPassword, plainTextPassword)); }