Exemple #1
0
        public IActionResult Register(UserRegisterEditModel model)
        {
            if (ModelState.IsValid)
            {
                var user = context.Users.FirstOrDefault(u => u.Email == model.Email);
                if (user != null)
                {
                    UserRegisterViewModel m = new UserRegisterViewModel();
                    m.EmailAvailable = false;
                    return(View(m));
                }

                var names = model.FullName.Split(" ");

                // generate a 128-bit salt using a secure PRNG
                byte[] salt = new byte[128 / 8];
                using (var rng = RandomNumberGenerator.Create())
                {
                    rng.GetBytes(salt);
                }

                // derive a 256-bit subkey (use HMACSHA1 with 10,000 iterations)
                string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
                                                           password: model.Password,
                                                           salt: salt,
                                                           prf: KeyDerivationPrf.HMACSHA1,
                                                           iterationCount: 10000,
                                                           numBytesRequested: 256 / 8));

                User newUser = new User()
                {
                    FirstName        = names[0],
                    LastName         = names[1],
                    Email            = model.Email,                                               // do zmiany na email w bazie danych
                    PasswordHashCode = Encoding.BigEndianUnicode.GetString(salt) + " : " + hashed // w praktyce używa się znacznie bardziej rozbudowanych hashowań - zmienić
                };

                context.Users.Add(newUser);
                context.SaveChanges();
                return(RedirectToAction("Login"));
            }
            else
            {
                UserRegisterViewModel m = new UserRegisterViewModel();
                m.EmailAvailable = true;
                return(View(m));
            }
        }