public async Task <IActionResult> UserLogin([Bind] UserModel user)
{
WebDbContext db = HttpContext.RequestServices.GetService(typeof(Web.Utils.WebDbContext)) as WebDbContext;
ModelState.Remove("Firstname");
ModelState.Remove("Lastname");
ModelState.Remove("Address");
ModelState.Remove("City");
ModelState.Remove("Postcode");
ModelState.Remove("Telephone");
if (ModelState.IsValid)
{
// Set empty variables incase invalid user
user.Salt = "";
// Fetch salt for user
MySqlDataReader getValues = db.GetLoginData(user);
if (getValues.Read())
{
user.UserID = getValues.GetString(0);
user.Salt = getValues.GetString(1);
}
getValues.Dispose();
// Hash password with salt
var salt = user.Salt.ToString();
var password = user.Password.ToString();
PasswordHasher pwHasher = new PasswordHasher();
HashResult hashedPassword = pwHasher.HashStoredSalt(password, salt, SHA512.Create());
user.Password = hashedPassword.Digest;
int LoginStatus = db.LoginValidate(user);
// Login success
if (LoginStatus > 0)
{
// Create claims
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, user.UserID)
};
// Create identity
ClaimsIdentity userIdentity = new ClaimsIdentity(claims, "cookie");
// Create principal
ClaimsPrincipal principal = new ClaimsPrincipal(userIdentity);
await HttpContext.SignInAsync(
scheme : "LRSecurityScheme",
principal : principal);
return(RedirectToAction("Index", "User"));
}
// Login fail
else
{
return(RedirectToAction("UserLoginFailed"));
}
}
// Model data invalid
return(RedirectToAction("UserModelFailed"));
}