/// <summary> /// Authenticate using the specified username and password. /// </summary> /// <returns>If the provided username and password matches.</returns> /// <param name="username">Username.</param> /// <param name="password">Password.</param> public static bool Authenticate(string username, string password) { Database.CarWashContext context = new Database.CarWashContext(); User user = context.Users.Where(u => u.Username == username).First(); //if (String.Concat(Hashing.HashPassword(password, user.Salt, 50000).Select(item => item.ToString("x2"))) == user.Password) if (Hashing.HashPassword(password, user.Salt, 50000) == Encoding.Unicode.GetBytes(user.Password)) { return(true); } return(false); }
/// <summary> /// Adds a new user to the database. /// </summary> /// <returns>The new user instance.</returns> /// <param name="username">Username.</param> /// <param name="password">Password.</param> /// <param name="persist">If set to <c>true</c> persist the created user to the database.</param> public static User AddNew(string username, string password, bool persist = true) { using (var context = new Database.CarWashContext()) { StringBuilder sb = new StringBuilder(); byte[] salt = Randomizer.GenerateRandomNumber(32); string salt_string = String.Concat(salt.Select(item => item.ToString("x2"))); byte[] pass = Hashing.HashPassword(password, salt, 50000); foreach (byte item in pass) { sb.Append(item.ToString("x2")); } User user = new User { Username = username, Password = sb.ToString(), Salt = salt_string }; if (persist) { context.Users.Add(user); context.SaveChanges(); } return(user); } }