int code_analysis_method()
{
int x = 0, y = 0;
Cryptograpy crypt = null;
bool check = true;
x = 100;
if (x == 300)
{
y = y + 100;
}
crypt.compute_hash("pippo");
while (check != false)
{
y = y + 1;
if (x == 0)
{
check = false;
}
}
string[] s = new string[4];
s[1000] = "cavallo";
int w = 5, v = 0;
int z = w / v;
return(y);
}
public User Authenticate(Authenticate userDetails)
{
var decryptedUserNameString = Cryptograpy.Decrypt(userDetails.Username);
var aspNetUserDetails = _aspNetUserRepo.GetUserDetailsByIdPassword(decryptedUserNameString, userDetails.Password);
if (aspNetUserDetails == null)
{
return(null);
}
var user = new User()
{
Id = aspNetUserDetails.Id,
Username = aspNetUserDetails.UserName,
Password = aspNetUserDetails.PasswordHash,
FirstName = aspNetUserDetails.FirstName,
LastName = aspNetUserDetails.LastName
};
// authentication successful so generate jwt token
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
string userid = user.Id.ToString();
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, userid)
}),
Expires = DateTime.UtcNow.AddMinutes(15),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
user.Token = tokenHandler.WriteToken(token);
return(user.WithoutPassword());
}
//Add
protected void Button1_Click(object sender, EventArgs e)
{
string nometabella, ConnectionString, QueryString;
string hash = "";
SqlConnection cn;
SqlCommand cmd;
SqlParameter param1, param2, param3;
Cryptograpy crypt = new Cryptograpy();
nometabella = "TUtenti";
Label3.Text = "";
// try
// {
cmd = new SqlCommand();
cn = new SqlConnection();
param1 = new SqlParameter();
param2 = new SqlParameter();
param3 = new SqlParameter();
cmd.CommandTimeout = 15;
cmd.CommandType = CommandType.Text;
param1.ParameterName = "@utente";
param1.DbType = DbType.String;
param2.ParameterName = "@password";
param2.DbType = DbType.String;
param1.SqlDbType = SqlDbType.NVarChar;
param1.Value = TextBox1.Text;
param1.Direction = ParameterDirection.Input;
param2.SqlDbType = SqlDbType.NVarChar;
param2.Value = TextBox2.Text;
param2.Direction = ParameterDirection.Input;
param3.ParameterName = "@id";
param3.DbType = DbType.Int32;
cmd.Parameters.Add(param1);
cmd.Parameters.Add(param2);
//ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source = " + pathDB + "; Persist Security Info= False";
ConnectionString = "Data Source=(LocalDb)\\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\\users.mdf;Initial Catalog=users;Integrated Security=True";
cn.ConnectionString = ConnectionString;
cn.Open();
cmd.Connection = cn;
hash = crypt.compute_hash(TextBox2.Text);
QueryString = "INSERT INTO " + nometabella + " (id, utente, password) VALUES (" + TextBox4.Text + ",'"
+ TextBox1.Text + "','" + hash + "')";
/*
* QueryString = "SELECT * FROM " + nometabella +
* " WHERE utente=@utente and password=@password";
*/
cmd.CommandText = QueryString;
cmd.ExecuteNonQuery();
cn.Close();
//}
// catch(Exception excp)
// {
// Response.Write(excp.Message);
// }
}
protected void Button1_Click(object sender, EventArgs e)
{
string nometabella, ConnectionString, QueryString;
string strTemp = "";
SqlConnection cn;
SqlCommand cmd;
SqlDataReader rs;
SqlParameter param1, param2;
int num;
string hash = "", hash_retrieved = "";
nometabella = "TUtenti";
Label3.Text = "";
// try
// {
Cryptograpy crypt = new Cryptograpy();
cmd = new SqlCommand();
cn = new SqlConnection();
param1 = new SqlParameter();
param2 = new SqlParameter();
cmd.CommandTimeout = 15;
cmd.CommandType = CommandType.Text;
hash = crypt.compute_hash(username.Text);
param1.ParameterName = "@utente";
param1.DbType = DbType.String;
param2.ParameterName = "@password";
param2.DbType = DbType.String;
param1.SqlDbType = SqlDbType.NVarChar;
param1.Value = username.Text;
param1.Direction = ParameterDirection.Input;
param2.SqlDbType = SqlDbType.NVarChar;
param2.Value = hash;
param2.Direction = ParameterDirection.Input;
cmd.Parameters.Add(param1);
cmd.Parameters.Add(param2);
//ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source = " + pathDB + "; Persist Security Info= False";
ConnectionString = "Data Source=(LocalDb)\\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\\users.mdf;Initial Catalog=users;Integrated Security=True";
cn.ConnectionString = ConnectionString;
cn.Open();
cmd.Connection = cn;
hash = crypt.compute_hash(paswd.Text);
QueryString = "SELECT * FROM " + nometabella +
" WHERE utente='" + username.Text + "' and password='******'";
/*
* QueryString = "SELECT * FROM " + nometabella +
* " WHERE utente='" + username.Text + "' and password='******'";
*/
/*
* QueryString = "SELECT * FROM " + nometabella +
* " WHERE utente=@utente and password=@password";
*/
cmd.CommandText = QueryString;
rs = cmd.ExecuteReader();
num = 0;
while (rs.Read())
{
num++;
if (!rs.IsDBNull(1))
{
strTemp = rs.GetString(1); //strTemp = rs[“codice”].toString()
}
if (!rs.IsDBNull(2))
{
strTemp = strTemp + " - " + rs.GetString(2);
hash_retrieved = rs.GetString(2);
}
//listBox1.Items.Add(strTemp);
Label3.Text = strTemp;
}
rs.Close();
cn.Close();
if (num > 0)
{
//Response.Redirect("LoginOK.aspx");
FormsAuthentication.RedirectFromLoginPage(username.Text, false);
}
else
{
//Response.Redirect("LoginErr.aspx");
Label3.Text = "Login Error: authentication failed!";
}
//}
// catch(Exception excp)
// {
// Response.Write(excp.Message);
// }
}