//this method checks that passwords match in a login attempt
public bool checkPassword()
{
Credentials userCredentials = SecurityUserDAO.getUserCredentials(username);
if (userCredentials != null)
{
byte[] dbPass = Convert.FromBase64String(userCredentials.getPassword());
byte[] userPass = createByteArrayFromString(password);
byte[] dbSalt = createByteArrayFromString(userCredentials.getSalt());
byte[] userSaltedPass = userPass.Concat(dbSalt).ToArray();
HashAlgorithm algorithm = new SHA256Managed();
byte[] hasheduserPass = algorithm.ComputeHash(userSaltedPass);
bool match = compareByteArrays(dbPass, hasheduserPass);
if (match)
{
userId = userCredentials.getUserId();
}
return(match);
}
else
{
return(false);
}
}
