public ActionResult Register(RegistrationModel register) { using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) { BusinessLogicLayer.UserBLL user = ctx.UserFindByEMail(register.Email); if (user != null) { register.Message = $"The Email address '{register.Email}' has already been registered."; return(View(register)); } user = new UserBLL(); user.UserName = register.UserName; user.Name = register.Name; user.Address = register.Address; user.Email = register.Email; user.Salt = System.Web.Helpers.Crypto.GenerateSalt(MuhConstants.SaltSize); user.Hash = System.Web.Helpers.Crypto.HashPassword(register.Password + user.Salt); user.RoleID = 3; ctx.UserCreate(user); Session["AUTHUserName"] = user.Email; Session["AUTHRoles"] = user.RoleID; Session["AUTHTYPE"] = "HASHED"; return(RedirectToAction("Index")); } }
public ActionResult Login(LoginModel info) { try { using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) { BusinessLogicLayer.UserBLL user = ctx.FindUserByEmail(info.EmailAddress); if (user == null) { info.Message = $"The EmailAddress '{info.EmailAddress}' does not exist in the database"; return(View(info)); } string actual = user.Password; //string potential = user.Salt + info.Password; //bool validateduser = Sybool Valstem.Web.Helpers.Crypto.VerifyHashedPassword(actual, potential); bool validateduser = user.Password == info.Password; if (validateduser) { Session["AUTHEmailAddress"] = user.EmailAddress; Session["AUTHRole"] = user.Role; return(Redirect(info.ReturnURL)); } info.Message = "The password was incorrect"; return(View(info)); } } catch (Exception ex) { return(View("Error", ex)); } }
public ActionResult Register(RegistrationModel info) { using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) { BusinessLogicLayer.UserBLL user = ctx.FindUserByEMail(info.EMail); if (user != null) { info.Message = $"The EMail Address '{info.EMail}' already exists in the database"; return(View(info)); } user = new UserBLL(); user.DateOfBirth = info.DateOfBirth; user.EMail = info.EMail; user.Salt = System.Web.Helpers.Crypto. GenerateSalt(MagicConstants.SaltSize); user.Hash = System.Web.Helpers.Crypto. HashPassword(info.Password + user.Salt); user.RoleID = 3; ctx.CreateUser(user); Session["AUTHUsername"] = user.EMail; Session["AUTHRoles"] = user.RoleName; Session["AUTHTYPE"] = "HASHED"; return(RedirectToAction("Index")); } }
public ActionResult Create(BusinessLogicLayer.UserBLL collection) { try { // TODO: Add insert logic here using (ContextBll ctx = new ContextBll()) { ctx.CreateUser(collection); } return(RedirectToAction("Index")); } catch (Exception Ex) { ViewBag.Exception = Ex; return(View("Error")); } }
public ActionResult Login(LoginModel info) { using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) { BusinessLogicLayer.UserBLL user = ctx.FindUserByEMail(info.EMail); if (user == null) { info.Message = $"The Username '{info.EMail}' does not exist in the database"; return(View(info)); } string actual = user.Hash; //string potential = info.Password + user.Salt ; //bool validateduser = System.Web.Helpers.Crypto.VerifyHashedPassword(actual, potential); string potential = info.Password; string ValidationType = $"ClearText:({user.UserID})"; bool validateduser = actual == potential; if (!validateduser) { potential = info.Password + user.Salt; try { // this try catches the event where a cleartext user types the // wrong password. The VerifyHashedPassword will throw exception // because salt is invalid. validateduser = System.Web.Helpers.Crypto.VerifyHashedPassword(actual, potential); ValidationType = $"HASHED:({user.UserID})"; } catch (Exception) { validateduser = false; } } if (validateduser) { Session["AUTHUsername"] = user.EMail; Session["AUTHRoles"] = user.RoleName; Session["AUTHTYPE"] = ValidationType; return(Redirect(info.ReturnURL)); } info.Message = "The password was incorrect"; return(View(info)); } }
public ActionResult Create(Models.CreateUser info) { try { //using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) //{ if (!ModelState.IsValid) { return(View(info)); } using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) { BusinessLogicLayer.UserBLL user = ctx.FindUserByUserName(info.UserName); //if (user != null) //{ // info.Message = $"The EMail Address '{info.Email}' already exists in the database"; // return View(info); //} user = new UserBLL(); user.FirstName = info.FirstName; user.LastName = info.LastName; user.UserName = info.UserName; user.DateOfBirth = info.DateOfBirth; user.RoleID = info.RoleID; user.SALT = System.Web.Helpers.Crypto. GenerateSalt(Constants.SaltSize); user.HASH = System.Web.Helpers.Crypto. HashPassword(info.Password + user.SALT); user.Email = info.Email; ctx.CreateUser(user); Session["AUTHUserName"] = user.UserName; Session["AUTHRoles"] = user.RoleName; Session["AUTHTYPE"] = "HASHED"; } return(RedirectToAction("Index")); } catch (Exception Ex) { ViewBag.Exception = Ex; return(View("Error")); } }
public ActionResult Login(LoginModel info) { //authentication logic using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) { BusinessLogicLayer.UserBLL user = ctx.UserFindByEMail(info.Email); if (user == null) { info.message = $"The username '{info.Email}'is not in the database"; return(View(info)); } string actual = user.Hash; //string potential = info.Password + user.Salt; //bool validated user = System.Web.Helpers.Crypto.VerifyHashedPasswords(actual, potential); string potential = info.Password; string ValidationType = "$ClearText:({user.UserID})"; bool validateduser = actual == potential; { potential = info.Password + user.Salt; try { validateduser = System.Web.Helpers.Crypto.VerifyHashedPassword(actual, potential); ValidationType = $"HASHED:({user.UserID})"; } catch (Exception ex) { Logger.Logger.Log(ex); validateduser = false; } } if (validateduser) { Session["AUTHUsername"] = user.Email; Session["AUTHRoles"] = user.RoleID; Session["AUTHTYPE"] = ValidationType; return(Redirect(info.ReturnURL)); } info.message = "The username or password was incorrect. Please try again."; return(View(info)); } }
public ActionResult Delete(int id, BusinessLogicLayer.UserBLL collection) { try { if (!ModelState.IsValid) { return(View(collection)); } // TODO: Add delete logic here using (ContextBLL ctx = new ContextBLL()) { ctx.DeleteUser(id); } return(RedirectToAction("Index")); } catch (Exception ex) { ViewBag.Exception = ex; return(View("Error")); } }
// GET: Home/Hash public ActionResult Hash() { if (!User.Identity.IsAuthenticated) { return(View("NotLoggedIn")); } if (User.Identity.AuthenticationType.StartsWith("HASHED")) { return(View("AlreadyHashed")); } if (User.Identity.AuthenticationType.StartsWith("IMPERSONATED")) { return(View("ActionNotAllowed")); } using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) { BusinessLogicLayer.UserBLL user = ctx.User_FindByUserName(User.Identity.Name); if (user == null) { Exception Message = new Exception($"The Username '{User.Identity.Name}' does not exist in the database"); ViewBag.Exception = Message; return(View("Error")); } user.PasswordSalt = System.Web.Helpers.Crypto.GenerateSalt(Constants.SaltSize); user.PasswordHash = System.Web.Helpers.Crypto.HashPassword(user.PasswordHash + user.PasswordSalt); ctx.User_JustUpdate(user); string ValidationType = $"HASHED:({user.UserID})"; Session["AUTHUsername"] = user.UserEmail; Session["AUTHRoles"] = user.RoleName; Session["AUTHTYPE"] = ValidationType; return(RedirectToAction("Index", "Home")); } }
public ActionResult Login(Models.LoginModel info) { if (!ModelState.IsValid) { return(View(info)); } using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) { BusinessLogicLayer.UserBLL user = ctx.FindUserByUserName(info.UserName); if (user == null) { info.Message = $"The UserName '{info.UserName}' does not exist in the database"; return(View(info)); } string actual = user.HASH; string potential = info.Password; string ValidationType = $"ClearText:({user.UserID})"; //bool validateduser = potential == actual; bool validateduser = potential == actual; if (!validateduser) { potential = info.Password + user.SALT; validateduser = System.Web.Helpers.Crypto.VerifyHashedPassword(actual, potential); ValidationType = $"HASHED:({user.UserID})"; } if (validateduser) { Session["AUTHUserName"] = user.UserName; Session["AUTHRoles"] = user.RoleName; Session["AUTHTYPE"] = ValidationType; return(Redirect(info.ReturnURL)); } info.Message = "The UserName or Password was incorrect"; return(View(info)); } }
public ActionResult Hash() { if (!User.Identity.IsAuthenticated) { return(View("NotLoggedIn")); } if (User.Identity.AuthenticationType.StartsWith("HASHED")) { return(View("AlreadyHashed")); } using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) { try { BusinessLogicLayer.UserBLL user = ctx.UserFindByEMail(User.Identity.Name); if (user == null) { Exception Message = new Exception($"The UserName '{User.Identity.Name}' doesn't exist in the database."); ViewBag.Exception = Message; return(View("Error")); } user.Salt = System.Web.Helpers.Crypto.GenerateSalt(MuhConstants.SaltSize); user.Hash = System.Web.Helpers.Crypto.HashPassword(user.Hash + user.Salt); ctx.UserUpdateJust(user); string ValidationType = $"HASHED:({user.UserID})"; Session["AUTHUserName"] = user.Email; Session["AUTHRoles"] = user.RoleID; Session["AUTHTYPE"] = ValidationType; } catch (Exception ex) { Logger.Logger.Log(ex); } return(RedirectToAction("Index", "Home")); } }