private bool VerifyPassword(User user, string Password)
{
CustomPasswordHasher passwordHasher = new CustomPasswordHasher();
if (passwordHasher.VerifyHashedPassword(user.Password, Password) == PasswordVerificationResult.Success)
{
return(true);
}
return(false);
}
static void Main(string[] args)
{
string password = "******";
IdentityUser user = new IdentityUser();
CustomPasswordHasher hasher = new CustomPasswordHasher();
string hashedValue = hasher.HashPassword(user, password);
Console.WriteLine("HashedValue > " + hashedValue);
Console.WriteLine("Verify > " + hasher.VerifyHashedPassword(user, hashedValue, password));
}
public HttpResponseMessage Login(string LoginType, string UserName, string Password, string PushNotificationID, string MobilePlatform)
{
using (DBDataContext db = new DBDataContext())
{
List <usp_GetUserInformationResult> res = db.usp_GetUserInformation(LoginType, UserName).ToList();
if (res.Count() > 0 && LoginType.ToUpper() == "EMAIL" && CustomPasswordHasher.VerifyHashedPassword(res.ElementAt(0).Password, Password))
{
usp_GetUserInformationResult t = res.ElementAt(0);
db.usp_UpdateUserMobileDeviceInformation(t.ID, MobilePlatform, PushNotificationID);
PenYourPrayerUser user = new PenYourPrayerUser();
user.ID = t.ID;
user.DisplayName = t.DisplayName;
user.LoginType = t.LoginType;
user.UserName = t.UserName;
user.MobilePlatform = MobilePlatform;
user.ProfilePictureURL = t.ProfilePictureURL;
user.PushNotificationID = PushNotificationID;
user.HMACHashKey = t.HMACHashKey;
user.EmailVerification = t.EmailVerification;
if (!t.EmailVerification)
{
user.HMACHashKey = "";
}
//
return(Request.CreateResponse(HttpStatusCode.OK, user));
}
//else if (res.Count() > 0 && LoginType.ToUpper() == "FACEBOOK")
//{
// bool result = SocialMediaAuthentication.CheckFacebookAccessToken("CAAXXIYv53qcBABWf4lQvRT0Rm3UgBXcF1foQ4SRTNDp7eaSvDFLe4fZC4BFqsE1YYTcdUQw3UvZCRkmdWZAFbu2hav9UuHZAoE9VcpLkKvsSZC3IfLUrHglCygQ5XbZBcH0ORI9t2QzKAjggPsrORxmVgovoHZCzl4wV56mv9cQPxvZBxTCiOJlrcdbh5JigAxXnQ2h5Yc0WinZAjcypHhrgZAL8BnwiKOECTDNFXgOtfbDQZDZD");
//}
//else if (res.Count() > 0 && LoginType.ToUpper() == "TWITTER")
//{
// bool result = SocialMediaAuthentication.checkTwitterAccessToken(UserName, "806837785-trTr0ObdqaW0owy1N0WXJFh6OGSlgUH74nh3qoHO", "w5j7WPwHWwY4DSfJ82tRVZF7SBogZJ6XABptVt431uOowvwFKC");
//}
//else if (res.Count() > 0 && LoginType.ToUpper() == "GOOGLEPLUS")
//{
// bool result = SocialMediaAuthentication.CheckGooglePlusAccessToken("eyJhbGciOiJSUzI1NiIsImtpZCI6Ijk2MmM2NTc0MjVhNGE3YWE0ZGFhM2FiNGNlNjU0NWZhOGM0ZTAxYmYifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiYXVkIjoiMTAzNjE4MjAxODU4OS1xcTVlNDlhNzNzYzRwMHE5ZjAyaXNmaW41NnNuYmNzZC5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsInN1YiI6IjExNzg4NzA0NTM3ODc4ODY4NTMyOCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhenAiOiIxMDM2MTgyMDE4NTg5LWtxMjZmMnFpM2dhZGlvMWFnZ3QwcWFvYzEzZ3Z2NjQ2LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZW1haWwiOiJ6bml0ZXI4MUBnbWFpbC5jb20iLCJpYXQiOjE0NDYxNzcxMDgsImV4cCI6MTQ0NjE4MDcwOCwibmFtZSI6IktpYW4gU2VuZyIsInBpY3R1cmUiOiJodHRwczovL2xoNi5nb29nbGV1c2VyY29udGVudC5jb20vLWNKRVp5aUk5N05VL0FBQUFBQUFBQUFJL0FBQUFBQUFBQnkwLzdGU2dMYmIxd21ZL3M5Ni1jL3Bob3RvLmpwZyIsImdpdmVuX25hbWUiOiJLaWFuIiwiZmFtaWx5X25hbWUiOiJTZW5nIn0.Ja-18lzCKorBORYExsjLcZpjhgMzYKLB4Vx9QCzyEt1dqPlg7uzAVmqy0O6i3CzKB2i5bt6jCarBTh5Vnt4OdaVjeDyqAu1sz1v9r6VBCzqmtgDsJa1HLs_NZUK19uLPIIIPobAlAcryPGIDBsnIoDe0sVcs57dkbZXjpohnc8M8nnPNrYkFMQaG1yEuz8MwbgoXRqEKjt0gCetavSU2stAR21QrC4ojfXeAcF1EHvrZgv3UceejtI5Qu3ytajc2YYPCvRcPX6iE5JJUz4sHIu0GMfG-fri5CLgP9PkgpH36-uJpo14gqFMSeg21yXBJnQBhCDmrc4MLm0-I-w9E_g");
//}
return(Request.CreateResponse(HttpStatusCode.BadRequest, new CustomResponseMessage()
{
StatusCode = (int)HttpStatusCode.BadRequest, Description = "Invalid UserID/Password"
}));
}
}
public IActionResult Login([FromBody] MemberDTO user)
{
CustomPasswordHasher ph = new CustomPasswordHasher();
if (user == null)
{
return(BadRequest("Invalid client request"));
}
//Lookup user by given username
MemberDTO DbUser = MembersManager.GetMemberByUsername(user.Username);
if (DbUser != null)
{
//Check if given password matches
if (ph.VerifyHashedPassword(DbUser.PasswordHash, user.Password, DbUser.PasswordSalt) == PasswordVerificationResult.Success)
{
//Create token
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("keycryptstring123"));
var signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);
var tokeOptions = new JwtSecurityToken(
issuer: "https://localhost:44398",
audience: "https://localhost:44398",
claims: new List <Claim>(),
expires: DateTime.Now.AddMinutes(5),
signingCredentials: signinCredentials
);
var tokenString = new JwtSecurityTokenHandler().WriteToken(tokeOptions);
return(Ok(new { Token = tokenString }));
}
else
{
return(Unauthorized());
}
}
return(NotFound());
}
//Login lan dau
public bool IsValidUser(UserAuthen user, bool isLogined)
{
//Check User
bool isValid = false;
string cacheKey = GetCacheKey(user.UserName);
if (CacheUser.Contain(cacheKey))
{
var uc = CacheUser.Get<User>(cacheKey);
if (isLogined)
{
//Fast check
isValid = uc.PasswordHash == user.PasswordHash;
}
else
{
//Very slow
var passHash = new CustomPasswordHasher();
isValid = passHash.VerifyHashedPassword(uc.PasswordHash, user.Password) == PasswordVerificationResult.Success;
if (isValid)
user.PasswordHash = uc.PasswordHash;
}
}
else
{
//Check User
var userDB = UserManager.Find(user.UserName, user.Password);
//Check User
if (userDB != null)
{
SetUserToCache(userDB, cacheKey);
user.PasswordHash = userDB.PasswordHash;
isValid = true;
}
}
return isValid;
}