public ActionResult Logon() { var frmData = Request.Form; if (!frmData["Username"].IsNullOrWhiteSpace() || !frmData["Password"].IsNullOrWhiteSpace()) { var userDto = BusinessLayer.GetUserByCredentials(frmData["Username"], frmData["Password"]); if (ZeitenanalyseHelper.CheckIfUserDtoIsValid(userDto)) { SessionFacade.User = userDto; return(RedirectToAction("Index", "Home")); } } return(View("Login", new LoginModel { CurrentMode = LoginModel.PageMode.Erroneous })); return(RedirectToAction("Login", "Login")); }
/// <summary> /// 1. Retrieve the user's salt and hash from the database. /// 2. Prepend the salt to the given password and hash it using the same hash function. /// 3. Compare the hash of the given password with the hash from the database. If they match, the password is correct. Otherwise, the password is incorrect /// </summary> /// <param name="username">The username</param> /// <param name="password">The hashed password</param> /// <returns></returns> public UserDTO GetUserByCredentials(string username, string password) { var query = $"{SelectStatement} WHERE Username = @var0;"; var result = ReadParamterized(query, new List <string> { username }); var users = new List <UserDTO>(); result.ForEach(r => users.Add(r)); if (users.Count > 0) { var user = users[0]; if (user.Password == ZeitenanalyseHelper.Sha256Hash(password + user.Salt)) { return(user); } } return(new UserDTO()); }
protected override DbObjDTO GetDtoFromCollection(int id, FormCollection collection) { var user = new UserDTO() { Pk = id, Username = collection["Username"], Admin = collection["Admin"].Contains("true"), Email = collection["Email"] }; /* Edit with no password or salt will not yet work, because the function * Update in DBHandler will try to insert null values as Password and Salt */ if (!collection["Password"].IsNullOrWhiteSpace() && !collection["ConfPassword"].IsNullOrWhiteSpace()) { if (collection["Password"] == collection["ConfPassword"]) { user.Salt = ZeitenanalyseHelper.CreateSalt(); user.Password = ZeitenanalyseHelper.Sha256Hash(collection["Password"] + user.Salt); } } return(user); }