Esempio n. 1
0
        public int RegisterUser(RegisterRequest model)
        {
            int    id = 0;
            string salt;
            string hashedPassword;
            string password = model.Password;

            CryptographyService svc = new CryptographyService();

            salt                 = svc.GenerateRandomString(16);
            hashedPassword       = svc.Hash(password, salt);
            model.HashedPassword = hashedPassword;
            model.Salt           = salt;

            using (SqlConnection conn = new SqlConnection(connString))
            {
                conn.Open();
                using (SqlCommand cmd = new SqlCommand("Users_Insert", conn))
                {
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.AddWithValue("@Email", model.Email);
                    cmd.Parameters.AddWithValue("@HashedPassword", model.HashedPassword);
                    cmd.Parameters.AddWithValue("@Salt", model.Salt);

                    SqlParameter parm = new SqlParameter("@Id", SqlDbType.Int);
                    parm.Direction = ParameterDirection.Output;
                    cmd.Parameters.Add(parm);
                    cmd.ExecuteNonQuery();
                    id = (int)cmd.Parameters["@Id"].Value;
                };
                conn.Close();
            }
            return(id);
        }
Esempio n. 2
0
        public LoginData Login(LoginRequest model)
        {
            LoginData res = new LoginData();

            res.IsLoggedIn = false;
            using (SqlConnection conn = new SqlConnection(connString))
            {
                conn.Open();
                using (SqlCommand cmd = new SqlCommand("Users_SelectByEmail", conn))
                {
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.AddWithValue("@Email", model.Email);
                    SqlDataReader reader = cmd.ExecuteReader();

                    if (reader.Read())
                    {
                        LoginRequest responseModel = Mapper(reader);
                        res.Id    = responseModel.Id;
                        res.Email = responseModel.Email;

                        int multOf4 = responseModel.Salt.Length % 4;
                        if (multOf4 > 0)
                        {
                            responseModel.Salt += new string('=', 4 - multOf4);
                        }
                        CryptographyService cryptSvc = new CryptographyService();
                        string passwordHash          = cryptSvc.Hash(model.Password, responseModel.Salt);

                        if (passwordHash == responseModel.EncryptedPass)
                        {
                            res.IsLoggedIn = true;
                        }
                    }
                }
                conn.Close();
            }
            if (res.IsLoggedIn == false)
            {
                res.Id    = 0;
                res.Email = "Failed to login";
                return(res);
            }
            return(res);
        }
Esempio n. 3
0
        public void ChangePassword(UpdatePasswordRequest model)
        {
            CryptographyService svc = new CryptographyService();
            string salt             = svc.GenerateRandomString(16);
            string hashedPassword   = svc.Hash(model.NewPassword, salt);

            using (SqlConnection conn = new SqlConnection(connString))
            {
                conn.Open();
                using (SqlCommand cmd = new SqlCommand("Users_ChangePassword", conn))
                {
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.AddWithValue("@Id", model.UserId);
                    cmd.Parameters.AddWithValue("@HashedPassword", hashedPassword);
                    cmd.Parameters.AddWithValue("@Salt", salt);

                    cmd.ExecuteNonQuery();
                };
                conn.Close();
            }
        }