public static UsernamePasswordPair Create(string usernameLine, string passwordLine) { UsernamePasswordPair pair = new UsernamePasswordPair(); pair.Username = usernameLine?.Split('\t')[1]; pair.Password = passwordLine?.Split('\t')[1]; pair.HasValue = !string.IsNullOrEmpty(pair.Username) && !string.IsNullOrEmpty(pair.Password); return(pair); }
public ActionResult Post([FromBody] UsernamePasswordPair auth) { AuthenticationService svc = new AuthenticationService(); User user = svc.Authenticate(auth); if (user.Id != 0) { return(Ok(user)); } else { return(Unauthorized()); } }
private void AuthenticateUser(HttpListenerContext con, out byte[] message) { string data = ""; bool dataAvaliable = true; bool validationOK = true; uint uid = 0; while (dataAvaliable) { char c = (char)con.Request.InputStream.ReadByte(); if (c != (char)UInt16.MaxValue) { data += c; } else { dataAvaliable = false; con.Request.InputStream.Close(); } } UsernamePasswordPair uandp = new UsernamePasswordPair(); try { uandp = JsonConvert.DeserializeObject <UsernamePasswordPair>(data); } catch (JsonException) { con.Response.StatusCode = 406; validationOK = false; } if (!uandp.Equals(default(UsernamePasswordPair))) { if (uandp.username.Length <= 4 || uandp.username.Length > 128) { validationOK = false; } else if (uandp.password.Length <= 4 || uandp.password.Length > 128) { validationOK = false; } DbDataReader reader = DBHelper.ExecuteReader( "SELECT id,password FROM user WHERE username = @username", new Dictionary <string, object> { { "@username", uandp.username } }, true); if (reader.HasRows) { reader.Read(); uid = (uint)reader.GetInt32(0); string passsalt = (string)reader.GetValue(1); string salt = passsalt.Substring(0, 64); string checkhash = HashPassword(uandp.password, salt); if (checkhash != passsalt) { validationOK = false; } } else { validationOK = false; } reader.Close(); if (!validationOK) { message = System.Text.UTF8Encoding.Default.GetBytes("{\"error\":\"Wrong Username/Password\"}"); con.Response.StatusCode = (int)HttpStatusCode.Unauthorized; } else { SessionObject session = new SessionObject(); session.agent = con.Request.UserAgent; session.host = con.Request.RemoteEndPoint.Address.ToString(); session.timestamp = Util.GetEpoch(); session.token = GenerateToken(); session.uid = uid; currentSessions.Add(session.token, session); con.Response.StatusCode = (int)HttpStatusCode.OK; //TokenReply reply; //reply.token = session.token; con.Response.Cookies.Add(new Cookie("sToken", session.token)); con.Response.ContentType = "text/plain"; message = System.Text.UTF8Encoding.Default.GetBytes("Ok"); DBHelper.ExecuteQuery("INSERT INTO accesslog VALUES(now(),@uid,@host)", new Dictionary <string, object> { { "@uid", uid }, { "@host", session.host } }); //Now we wait a little bit to throw off any brute forcers. Thread.Sleep(new Random(DateTime.Now.Millisecond).Next(0, 250)); } } else { message = System.Text.UTF8Encoding.Default.GetBytes("{\"error\":\"Invalid JSON\"}"); con.Response.StatusCode = (int)HttpStatusCode.BadRequest; } }