public ActionResult SignIn(SignInViewModel model, string whereToUrl) { if (!ModelState.IsValid) { return(View(model)); } using (MyAuthContext ctx = new MyAuthContext()) { var user = (from u in ctx.Users join r in ctx.Roles on u.RoleID equals r.ID where u.Email == model.Email select new UserProfile { Email = u.Email, Name = u.Name, Role = r.Name, }).FirstOrDefault(); if (user != null && IsPasswordValid(model.Email, model.Password)) { var authTicket = new FormsAuthenticationTicket(1, user.Name, DateTime.Now, DateTime.Now.AddMinutes(20), model.RememberMe, user.Role); string encryptedTicket = FormsAuthentication.Encrypt(authTicket); var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); HttpContext.Response.Cookies.Add(authCookie); return(RedirectToLocal(whereToUrl)); } else { ModelState.AddModelError("", "Invalid login attempt."); return(View(model)); } } }
private bool IsPasswordValid(string email, string passwordInput) { using (MyAuthContext ctx = new MyAuthContext()) { //Fetch the stored hashed password value from the database string savedPasswordHashString = (from u in ctx.Users where u.Email == email select u.Password.ToString()).FirstOrDefault(); byte[] savedPasswordHashBytes = Convert.FromBase64String(savedPasswordHashString); //Retrieve salt byte[] saltBytes = new byte[saltLength]; Array.Copy(savedPasswordHashBytes, 0, saltBytes, 0, saltLength); //Salt the password input with the salt from the password saved in the database var pbkdf2 = new Rfc2898DeriveBytes(passwordInput, saltBytes, numberOfIterations); //Hash the salted input byte[] passwordInputHashBytes = pbkdf2.GetBytes(hashLength); //Compare the obtained hashed value to the hashed password from the database for (int i = 0; i < hashLength; i++) { if (savedPasswordHashBytes[i + saltLength] != passwordInputHashBytes[i]) { return(false); } } return(true); } }
public ActionResult Register(RegistrationViewModel model) { //invalid input data if (!ModelState.IsValid) { return(View(model)); } using (MyAuthContext ctx = new MyAuthContext()) { //user already exists var user = (from u in ctx.Users where u.Email == model.Email select new UserProfile { Email = u.Email }).FirstOrDefault(); if (user != null) { ModelState.AddModelError("", "User with this email address already exists"); return(View(model)); } //create new user Users newUser = new Users() { Email = model.Email, Name = model.Name, RoleID = (int)RoleEnum.Sales, Password = HashPassword(model.Password) }; ctx.Users.Add(newUser); ctx.SaveChanges(); } ViewBag.Message = "You have been successfully registered!"; return(View()); }