//=========================================================================================== //Login //=========================================================================================== protected void btnAdminLogin_Click(object sender, EventArgs e) { //Connecting to the Database. using (DefaultConnection1 db = new DefaultConnection1()) { //Creating user in memory. admin_users objI = new admin_users(); //First get the salt value for this username String username = txtUsernameLogin.Text; objI = (from em in db.admin_users where em.admin_username == username select em).FirstOrDefault(); //Did the username match? if (objI != null) { //Grabing salt. String salt = objI.admin_salt; //Salt and hash the plan text password. String password = txtPasswordLogin.Text; String pass_and_salt = password + salt; // Create a new instance of the hash crypto service provider. HashAlgorithm hashAlg = new SHA256CryptoServiceProvider(); // Convert the data to hash to an array of Bytes. byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(pass_and_salt); // Compute the Hash. This returns an array of Bytes. byte[] bytHash = hashAlg.ComputeHash(bytValue); // Optionally, represent the hash value as a base64-encoded string, // For example, if you need to display the value or transmit it over a network. string base64 = Convert.ToBase64String(bytHash); //Check if the password that was just salted and hashed matches the password in the database. if (objI.admin_password == base64) { //Checking if the password was the same, Showing a valid login. lblSubmitLoginMessage.Text = "Valid Login"; //Store the indentity in the session object. Session["admin_user_id"] = objI.admin_user_id; //Rediect to logged in homepage. Response.Redirect("admin_grid.aspx"); } else { lblSubmitLoginMessageError.Text = "Invaild Login, the Email or Password may be wrong."; } } } }
/** * Name: protected void Page_Load(object sender, EventArgs e) * Description: Called to authenticate the admin credentials and redirects to admin default page if theyre correct. * Arguments: sender: Object being sent. Not currently used. * e: Any events being sent. Not currently used. * Return: Nothing being returned. * Author: Johnathan Falbo * Date: 16/04/2015 * */ protected void Authenticate_Login(object sender, EventArgs e) { string username = usernameTextBox.Text; string password = passwordTextBox.Text; SearchEntities db = new SearchEntities(); admin_users adminUsr = new admin_users(); adminUsr.username = usernameTextBox.Text; adminUsr.password = passwordTextBox.Text; List <admin_users> adminList = db.admin_users.ToList <admin_users>(); admin_users tempAdmin; admin_users tempAdmin2 = null; for (int i = 0; i < adminList.Count; i++) { tempAdmin = adminList.ElementAt <admin_users>(i); if (Encryption.Decrypt(tempAdmin.username) == usernameTextBox.Text) { tempAdmin2 = tempAdmin; break; } } if (tempAdmin2 != null) { if (Encryption.Decrypt(tempAdmin2.password) == Encryption.GetSHA256Hash(passwordTextBox.Text)) { messageLabel1.Text = "authenticated"; AdminObject aO = new AdminObject(); aO.SetUserName(Encryption.Decrypt(tempAdmin2.username)); Session["Admin"] = aO; Response.Redirect("Default.aspx"); } else { messageLabel1.Text = "authentication failed"; } } //string enusr = Encryption.Encrypt(usernameTextBox.Text); //string enusr = Encryption.GetSHA256Hash(usernameTextBox.Text); //messageLabel1.Text = Server.HtmlEncode(enusr); }
public ActionResult Index(admin_users u) { if (ModelState.IsValid) { using (AdminContext ac = new AdminContext()) { var v = ac.admin_users.Where(a => a.email.Equals(u.email) && a.password.Equals(u.password)).SingleOrDefault(); if (v != null) { Session["id"] = u.id; Response.Redirect("~/Account/Index"); } else { ViewBag.Message = "Invalid Credentials."; } } } return(View()); }
//=========================================================================================== //Signup //=========================================================================================== protected void btnAdminSignUp_Click(object sender, EventArgs e) { //Connect to the Database. using (DefaultConnection1 db = new DefaultConnection1()) { //Creating a new user. admin_users objI = new admin_users(); //Fill the properties from the form inputs. objI.admin_username = txtUsernameSignUp.Text; //Salt and Hash the plan text Password. String password = txtPasswordSignUp.Text; String salt = CreateSalt(8); String pass_and_salt = password + salt; // Create a new instance of the hash crypto service provider. HashAlgorithm hashAlg = new SHA256CryptoServiceProvider(); // Convert the data to hash to an array of Bytes. byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(pass_and_salt); // Compute the Hash. This returns an array of Bytes. byte[] bytHash = hashAlg.ComputeHash(bytValue); // Optionally, represent the hash value as a base64-encoded string, // For example, if you need to display the value or transmit it over a network. string base64 = Convert.ToBase64String(bytHash); //Filling the properties of password to Database. objI.admin_password = base64; objI.admin_salt = salt; //Saving information into Database. db.admin_users.Add(objI); db.SaveChanges(); } }