public HttpResponseMessage Login(LoginModel loginModel)
{
try
{
var user = DBContext.Employee.FirstOrDefault(x => x.UserName == loginModel.Username);
if (user != null)
{
var hash = new HashModel()
{
Password = loginModel.Password, Salt = user.Salt
};
var hashedPassword = PasswordHashHelper.PasswordHasher(hash);
if (hashedPassword == user.Pword)
{
return(new HttpResponseMessage(HttpStatusCode.OK));
}
}
}
catch (Exception)
{
throw;
}
return(new HttpResponseMessage(HttpStatusCode.Forbidden));
}
public IHttpActionResult AddUser(EmployeeModel employee)
{
var findUser = DBContext.Employee.FirstOrDefault(x => x.UserName == employee.UserName);
if (findUser != null)
{
}
var newEmployee = new Employee();
newEmployee.Admin = employee.IsAdmin;
newEmployee.UserName = employee.UserName;
newEmployee.FirstName = employee.FirstName;
newEmployee.LastName = employee.LastName;
newEmployee.Salt = PasswordHashHelper.CreateSalt(employee.UserName);
newEmployee.Pword = PasswordHashHelper.PasswordHasher(new HashModel()
{
Password = employee.Password, Salt = newEmployee.Salt
});
try
{
DBContext.Employee.Add(newEmployee);
DBContext.SaveChanges();
return(Ok());
}
catch (Exception)
{
return(BadRequest());
throw;
}
}
/*// TODO: Here is where you would validate the username and password.
* private static bool CheckPassword(string username, string password)
* {
* return username == "user" && password == "password";
* }*/
private static void AuthenticateUser(string credentials)
{
try
{
//var encoding = Encoding.GetEncoding("iso-8859-1");
var encoding = Encoding.UTF8;
credentials = encoding.GetString(Convert.FromBase64String(credentials));
int separator = credentials.IndexOf(':');
string name = credentials.Substring(0, separator);
string password = credentials.Substring(separator + 1);
/*if (CheckPassword(name, password))
* {
* var identity = new GenericIdentity(name);
* SetPrincipal(new GenericPrincipal(identity, null));
* }
* else
* {
* // Invalid username or password.
* HttpContext.Current.Response.StatusCode = 401;
* }*/
// name och password är variablerna du ska jobba med här
var user = DBContext.Employee.FirstOrDefault(x => x.UserName == name);
if (user != null &&
user.Pword ==
PasswordHashHelper.PasswordHasher(new HashModel()
{
Password = password, Salt = user.Salt
}))
{
var identity = new GenericIdentity(name);
if (user.Admin)
{
SetPrincipal(new GenericPrincipal(identity, new[] { "Admin" }));
}
else
{
SetPrincipal(new GenericPrincipal(identity, new[] { "Driver" }));
}
}
else
{
// Invalid username or password.
HttpContext.Current.Response.StatusCode = 401;
}
}
catch (FormatException)
{
// Credentials were not formatted correctly.
HttpContext.Current.Response.StatusCode = 401;
}
}
