Example #1
0
        public ActionResult <CustomerHelper> Index(CustomerHelper userHelper)
        {
            CustomerDAO userDAO      = new CustomerDAO(_db);
            Customer    existingUser = userDAO.GetByEmail(userHelper.email);

            if (existingUser == null)
            {
                HashSalt hashSalt = GenerateSaltedHash(64, userHelper.password);
                userHelper.password = ""; // flush the string, no need for plain password.
                Customer user = new Customer();
                user.FirstName = userHelper.firstName;
                user.LastName  = userHelper.lastName;
                user.Email     = userHelper.email;
                user.Hash      = hashSalt.Hash;
                user.Salt      = hashSalt.Salt;
                user           = userDAO.Register(user);
                if (user.Id > 0)
                {
                    userHelper.token = "User registration success.";
                }
                else
                {
                    userHelper.token = "User registration failed.";
                }
            }
            else
            {
                userHelper.token = "User registration failed: user is already existing.";
            }
            return(userHelper);
        }
Example #2
0
        private static HashSalt GenerateSaltedHash(int size, string plainPassword)
        {
            var saltBytes = new byte[size];
            var provider  = new RNGCryptoServiceProvider();

            // Fills an array of bytes with a cryptographically strong sequence of random nonzero values.
            provider.GetNonZeroBytes(saltBytes);
            var salt = Convert.ToBase64String(saltBytes);
            // A password, salt, and iteration count, then generates a binary key
            var      rfc2898DeriveBytes = new Rfc2898DeriveBytes(plainPassword, saltBytes, 10000);
            var      hashPassword       = Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256));
            HashSalt hashSalt           = new HashSalt {
                Hash = hashPassword, Salt = salt
            };

            return(hashSalt);
        }