public async Task <GoodFoodUser> GetUser(string username) { var user = new GoodFoodUser(); bool isUserExist = false; string selectCommandText = "dbo.getUser"; SqlParameter parameterUsername = new SqlParameter("@username", SqlDbType.VarChar); parameterUsername.Value = username; using (SqlDataReader reader = await SqlHelper.ExecuteReaderAsync(conStr, selectCommandText, CommandType.StoredProcedure, parameterUsername)) { while (reader.Read()) { isUserExist = true; user.Username = reader["user_name"].ToString(); var pass = ObjectToByteArray(reader["user_password_hash"]); user.PasswordHash = pass; var salt = ObjectToByteArray(reader["user_password_salt"]); user.PasswordSalt = salt; user.Id = (int)reader["user_id"]; } await reader.CloseAsync(); } return(isUserExist ? user : null); }
public async Task <GoodFoodUser> GetUser(string userName) { try { var user = new GoodFoodUser(); bool isUserExist = false; string selectCommandText = @"SELECT * FROM GoodFoodUser WHERE UserName=@userName"; SqlParameter user_name = new SqlParameter("@userName", SqlDbType.VarChar); user_name.Value = userName; using (SqlDataReader reader = await SqlHelper.ExecuteReaderAsync(conStr, selectCommandText, CommandType.Text, user_name)) { while (reader.Read()) { isUserExist = true; user.Username = (string)reader["UserName"]; user.Password = (byte[])reader["UserPassword"]; user.PasswordSalt = (byte[])reader["UserPasswordSalt"]; user.Id = (int)reader["UserId"]; } await reader.CloseAsync(); } return(isUserExist ? user : null); } catch (System.Exception) { throw new Exception("Problem get user"); } }
public async Task <GoodFoodUser> Register(string userName, string password) { try { byte[] passwordHash, passwordSalt; CreatePasswordHash(password, out passwordHash, out passwordSalt); string insertCommandText = @"INSERT INTO GoodFoodUser (UserName, UserPassword, UserPasswordSalt) VALUES (@userName,@passwordHash,@passwordSalt)"; SqlParameter user_name = new SqlParameter("@userName", userName); SqlParameter user_password = new SqlParameter("@passwordHash", passwordHash); SqlParameter user_password_salt = new SqlParameter("@passwordSalt", passwordSalt); Int32 rows = await SqlHelper.ExecuteNonQueryAsync( conStr, insertCommandText, CommandType.Text, user_name, user_password, user_password_salt); if (rows >= 1) { var user = new GoodFoodUser { Username = userName }; return(user); } return(null); } catch (System.Exception) { throw new Exception("Problem creating user"); } }
public string CreateToken(GoodFoodUser user) { var claims = new List <Claim> { new Claim(JwtRegisteredClaimNames.NameId, user.Username) }; // generate signing credentials var creds = new SigningCredentials(_key, SecurityAlgorithms.HmacSha512Signature); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.Now.AddMonths(1), SigningCredentials = creds }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); return(tokenHandler.WriteToken(token)); }
public async Task <GoodFoodUser> VerifyUser(string userName, string password) { try { string selectCommandText = @"SELECT * FROM GoodFoodUser WHERE UserName=@userName"; SqlParameter user_name = new SqlParameter("@userName", SqlDbType.VarChar); user_name.Value = userName; var userFromDB = new GoodFoodUser(); bool isUserInDb = false; using (SqlDataReader reader = await SqlHelper.ExecuteReaderAsync(conStr, selectCommandText, CommandType.Text, user_name)) { while (reader.Read()) { isUserInDb = true; var pass = reader["UserPassword"]; var salt = reader["UserPasswordSalt"]; if (!verifyPasswordHash(password, (byte[])pass, (byte[])salt)) { throw new RestException(HttpStatusCode.Unauthorized, new { User = "******" }); } userFromDB.Username = reader["UserName"].ToString(); } await reader.CloseAsync(); } return(isUserInDb ? userFromDB : null); } catch (System.Exception) { throw new Exception("Problem get user"); } }