public ActionResult <CustomerHelper> Index(CustomerHelper helper)
{
CustomerDAO dao = new CustomerDAO(_db);
Customer already = dao.GetByEmail(helper.email);
if (already == null)
{
HashSalt hashSalt = GenerateSaltedHash(64, helper.password);
helper.password = ""; // don’t need the string anymore
Customer dbCustomer = new Customer();
dbCustomer.Firstname = helper.firstname;
dbCustomer.Lastname = helper.lastname;
dbCustomer.Email = helper.email;
dbCustomer.Hash = hashSalt.Hash;
dbCustomer.Salt = hashSalt.Salt;
dbCustomer = dao.Register(dbCustomer);
if (dbCustomer.Id > 0)
{
helper.token = "customer registered";
}
else
{
helper.token = "customer registration failed";
}
}
else
{
helper.token = "customer registration failed - email already in use";
}
return(helper);
}
private static HashSalt GenerateSaltedHash(int size, string password)
{
var saltBytes = new byte[size];
var provider = new RNGCryptoServiceProvider();
// Fills an array of bytes with a cryptographically strong sequence of random nonzero values.
provider.GetNonZeroBytes(saltBytes);
var salt = Convert.ToBase64String(saltBytes);
// a password, salt, and iteration count, then generates a binary key
var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, saltBytes, 10000);
var hashPassword = Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256));
HashSalt hashSalt = new HashSalt {
Hash = hashPassword, Salt = salt
};
return(hashSalt);
}
