Esempio n. 1
0
        public async Task <IActionResult> Edit(string id, [Bind("UserName,Password,IsAdmin")] MyOwnUser myOwnUser)
        {
            if (id != myOwnUser.UserName)
            {
                return(NotFound());
            }

            if (ModelState.IsValid)
            {
                try
                {
                    _context.Update(myOwnUser);
                    await _context.SaveChangesAsync();
                }
                catch (DbUpdateConcurrencyException)
                {
                    if (!MyOwnUserExists(myOwnUser.UserName))
                    {
                        return(NotFound());
                    }
                    else
                    {
                        throw;
                    }
                }
                return(RedirectToAction(nameof(Index)));
            }
            return(View(myOwnUser));
        }
Esempio n. 2
0
        public async Task <IActionResult> SignIn([Bind("UserName,Password")] MyOwnUser user)
        {
            if (!ModelState.IsValid)
            {
                // Blank out the password so we don't send it back
                user.Password = null;
                return(View(user));
            }
            if (!await LoginIsValid(user))
            {
                ModelState.AddModelError("", "Invalid UserName/Password");
                return(View());
            }
            var claims = new List <Claim>
            {
                new Claim(ClaimTypes.Name, user.UserName),
                new Claim(ClaimTypes.Role, user.IsAdmin ? "Admin" : "User"),
            };
            var identity  = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
            var principal = new ClaimsPrincipal(identity);
            await HttpContext.SignInAsync(
                CookieAuthenticationDefaults.AuthenticationScheme,
                principal,
                new AuthenticationProperties
            {
                IsPersistent = true,
                AllowRefresh = true,
                ExpiresUtc   = DateTime.Now.AddMinutes(10)
            });

            return(RedirectToAction("Index", "Issue"));
        }
Esempio n. 3
0
        public async Task <IActionResult> Create([Bind("UserName,Password,IsAdmin")] MyOwnUser myOwnUser)
        {
            if (ModelState.IsValid)
            {
                _context.Add(myOwnUser);
                await _context.SaveChangesAsync();

                return(RedirectToAction(nameof(Index)));
            }
            return(View(myOwnUser));
        }
Esempio n. 4
0
 private async Task <bool> LoginIsValid(MyOwnUser user)
 {
     using (var cancellationTokenSource = new CancellationTokenSource(1000))
     {
         var foundUserTask    = _context.Users.FirstOrDefaultAsync(x => x.UserName == user.UserName && x.Password == user.Password, cancellationTokenSource.Token);
         var loginTookTooLong = false;
         try
         {
             // crude way of making sure no one knows if the user exists or not.
             // this also lets the login process take a while so no one can brute force it quickly
             await Task.WhenAll(foundUserTask, Task.Delay(1000));
         }
         catch (TaskCanceledException) { loginTookTooLong = true; }
         // here we check if login took longer than expected or if the username and password were wrong (aka: didn't return a record)
         return(!loginTookTooLong && foundUserTask.Result != null);
     }
 }