// Verify that user exists and password is right private void ValidateLogInModel(User dbUser, LogInModel logInModel) { if (dbUser == null) { ModelState.AddModelError("Username", "This username doesn't exist"); } else { try { if (!BCrypt.Net.BCrypt.Verify(logInModel.Password, dbUser.Password)) { ModelState.AddModelError("Password", "Password is wrong!"); } } catch (SaltParseException) { ModelState.AddModelError("Password", "Password is wrong!"); } } }
public ActionResult SignUp(SignUpModel signUpModel) { if (ModelState.IsValid) { ValidateSignUpModel(signUpModel); } if (ModelState.IsValid) { User user = new User { Email = signUpModel.Email, First_Name = signUpModel.FirstName, Last_Name = signUpModel.LastName, Username = signUpModel.Username, Password = BCrypt.Net.BCrypt.HashString(signUpModel.Password), CreationDate = DateTime.Now }; user.Role.Add(GetContext().Role.FirstOrDefault(r => r.Name == "User")); if (signUpModel.Username == ConfigurationManager.AppSettings["AdminName"]) { user.Role.Add(GetContext().Role.FirstOrDefault(r => r.Name == "Admin")); } GetContext().User.Add(user); GetContext().SaveChanges(); user = GetContext().User .FirstOrDefault(u => u.Username == signUpModel.Username); Authorize(user); } if (Request.IsAjaxRequest()) return PartialView("_SignUp"); if (ModelState.IsValid) { return RedirectToAction(HomeController.IndexAction, HomeController.ControllerName, new { pageNumber = signUpModel.ReturnPageNumber }); } SaveModelState(ModelState); return RedirectToAction(SignUpAction, new { returnPageNumber = signUpModel.ReturnPageNumber }); }
private void Authorize(User dbUser) { // Create principal UserPrincipal principal = new UserPrincipal(dbUser.Username, dbUser.Id, dbUser.Role.Select(r => r.Name).ToArray()); // Save it to this request and session string principalApplicationKey = Guid.NewGuid().ToString(); UserPrincipal.CurrentPrincipal = principal; ControllerContext.HttpContext.Application[principalApplicationKey] = principal; // Set Forms auth cookie HttpCookie authCookie = GetAuthCookie(principal, principalApplicationKey); Response.Cookies.Add(authCookie); }