protected void CustomValidator1_ServerValidate(object source, ServerValidateEventArgs args)
{
UsersLogic users = new UsersLogic();
IEnumerable <User> usersList = users.GetUsers();
foreach (User user in usersList)
{
// convert the password to bytes array
byte[] passBytes = Convert.FromBase64String(user.Password);
// get the salt array with the default SaltSize in 'MyWebAuthentication'
byte[] salt = new byte[MyWebAuthentication.SaltSize];
// fill the salt array with the values from passBytes
Array.Copy(passBytes, 0, salt, 0, 16);
// now i have the salt and i can hash the password that the user enterd
string password = txtPassword.Text;
string hashedPassword = MyWebAuthentication.HashPassword(password, salt);
// the email that was entered
string email = txtEmail.Text.ToLower();
// compare the two hashed passwords
if (MyWebAuthentication.CompareHashedPasswords(hashedPassword, user.Password) == true &&
email == user.Email) // check if the email is correct also
{
// if password founds equal set the validator to valid and finish!
args.IsValid = true;
// set userID in the session
MyWebAuthentication.UserID = user.UserID;
return;
}
}
// if no found equal password
args.IsValid = false;
}
protected void btnSignUp_Click(object sender, EventArgs e)
{
if (IsValid == false)
{
return;
}
User user = new User()
{
FirstName = txtFirstName.Text,
LastName = txtLastName.Text,
Email = txtEmail.Text.ToLower(),
Phone = txtPhone.Text,
UserName = txtUserName.Text
};
string password = txtPassword.Text;
user.Password = MyWebAuthentication.HashPassword(password); // hash the pass with 16 SaltSize (default set)
try
{
users.CreateNewUser(user);
}
catch { }
MyWebAuthentication.UserID = users.GetUser(user.Email).UserID;
Response.Redirect("Member?u=" + MyWebAuthentication.UserID); // need to create a page called "memeber"
}