public HttpResponseMessage Authenticate()
{
var credentials = Request.Content.ReadAsStringAsync().Result;
var postData = JObject.Parse(credentials);
var username = postData["Username"].ToString().Trim();
var password = postData["Password"].ToString().Trim();
var match = DynamoDBConnection.Instance.GetUser(username);
if (match == null) {
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Unrecognized username or password");
}
var data = JObject.Parse(match["UserInfo"]);
var hashedPassword = data["Password"].ToString();
bool authenticated;
if (hashedPassword != "test") {
byte[] charArray = hashedPassword.Select(i => (byte)i).ToArray();
var passwordHash = new PasswordHash(charArray);
authenticated = passwordHash.Verify(password);
} else {
authenticated = true;
}
if (authenticated) {
var toReturn = new HttpResponseMessage(HttpStatusCode.OK);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(username, true, 525600);
var sessionKey = FormsAuthentication.Encrypt(ticket);
toReturn.Headers.Add("Set-Cookie", string.Format("session_id={0}; Path=/", sessionKey));
toReturn.Headers.Add("Set-Cookie", string.Format("user_id={0}; Path=/", username));
toReturn.Content = new StringContent(sessionKey.ToString());
return toReturn;
} else {
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Unrecognized username or password");
}
}
internal static UserModel Create(string username, string password)
{
var pass = new PasswordHash(password);
var arr = pass.ToArray();
return new UserModel() {
UserId = username,
Password = string.Concat(arr.Select(i => (char)i)),
Role = "user",
Created = DateTime.Now.Ticks
};
}