protected void btnSignUp_Click(object sender, EventArgs e)
{
//connect
using (DefaultConnection1 db = new DefaultConnection1())
{
//create a new user
user objI = new user();
//fill the properties from the form inputs
objI.first_name = txtFName.Text;
objI.last_name = txtLName.Text;
objI.email = txtEmail.Text;
//salt and hash the plan text password.
String password = txtPassword.Text;
String salt = CreateSalt(8);
String pass_and_salt = password + salt;
// Create a new instance of the hash crypto service provider.
HashAlgorithm hashAlg = new SHA256CryptoServiceProvider();
// Convert the data to hash to an array of Bytes.
byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(pass_and_salt);
// Compute the Hash. This returns an array of Bytes.
byte[] bytHash = hashAlg.ComputeHash(bytValue);
// Optionally, represent the hash value as a base64-encoded string,
// For example, if you need to display the value or transmit it over a network.
string base64 = Convert.ToBase64String(bytHash);
objI.password = base64;
objI.salt = salt;
//save
db.users.Add(objI);
db.SaveChanges();
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
//connect
using (DefaultConnection1 db = new DefaultConnection1())
{
//create user object in memory
user objI = new user();
//first get the salt value for this username
String email = txtEmailLogin.Text;
objI = (from em in db.users
where em.email == email
select em).FirstOrDefault();
//did the email find a match?
if (objI != null)
{
String salt = objI.salt;
//salt and hash the plan text password.
String password = txtPasswordLogin.Text;
String pass_and_salt = password + salt;
// Create a new instance of the hash crypto service provider.
HashAlgorithm hashAlg = new SHA256CryptoServiceProvider();
// Convert the data to hash to an array of Bytes.
byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(pass_and_salt);
// Compute the Hash. This returns an array of Bytes.
byte[] bytHash = hashAlg.ComputeHash(bytValue);
// Optionally, represent the hash value as a base64-encoded string,
// For example, if you need to display the value or transmit it over a network.
string base64 = Convert.ToBase64String(bytHash);
//check if the password that was just salted and hashed matches the password in the database.
if (objI.password == base64)
{
//Checking if the password was the same, Showing a valid login.
//lblError.Text = "Valid Login";
//store the identity in the session object
Session["user_id"] = objI.user_id;
Session["user_name"] = objI.first_name = " " + objI.last_name;
//rediect to logged in homepage.
Response.Redirect("login_landing.aspx");
}
else
{
lblError.Text = "Invaild Login";
}
}
else
{
lblError.Text = "Invalid Login";
}
}
}