public User TryLogin([FromBody] LoginCredentials cred) { //User is trying to log in try { DBConnect databaseObj = new DBConnect(); SqlCommand commandObj = new SqlCommand(); commandObj.Parameters.Clear(); commandObj.CommandType = CommandType.StoredProcedure; commandObj.CommandText = "TP_LookupUserRecord"; SqlParameter inputUsername = new SqlParameter("@username", cred.username) { Direction = ParameterDirection.Input, SqlDbType = SqlDbType.VarChar }; commandObj.Parameters.Add(inputUsername); DataSet dsUser = databaseObj.GetDataSetUsingCmdObj(commandObj); if (dsUser.Tables[0].Rows.Count > 0) { // //We grab the record from the given username // //And compare the passwords using the CryptoUtilities class // DataRow drUserRecord = dsUser.Tables[0].Rows[0]; byte[] salt = (byte[])drUserRecord["salt"]; byte[] hashedPassword = (byte[])drUserRecord["password"]; if (CryptoUtilities.comparePassword(hashedPassword, salt, cred.password)) { // //If the password matches, we send the account back to the codebehind for storing in the session // User foundUser = new User(); foundUser.userID = drUserRecord["userID"].ToString(); foundUser.firstName = drUserRecord["firstName"].ToString(); foundUser.lastName = drUserRecord["lastName"].ToString(); foundUser.emailAddress = drUserRecord["emailAddress"].ToString(); if ((dsUser.Tables[1].Rows.Count > 0)) { foundUser.seekingGender = dsUser.Tables[1].Rows[0]["seekingGender"].ToString(); } foundUser.isVerified = drUserRecord["isVerified"].ToString(); foundUser.finishedRegistration = drUserRecord["finishedRegistration"].ToString(); // //Here the token is generated and appended to the user account // foundUser.token = GenerateJSONWebToken(); return(foundUser); } else { return(null); } } else { return(null); } } catch { return(null); } }