public int RegisterUser(RegisterModel registerModel)
{
int id = 0;
string salt;
string hashedPassword;
string password = registerModel.Password;
CryptographyService svc = new CryptographyService();
salt = svc.GenerateRandomString(16);
hashedPassword = svc.Hash(password, salt);
registerModel.HashedPassword = hashedPassword;
registerModel.Salt = salt;
//Make sure to add a reference to the project "System.Configuration" under assemblies
//Set the connection string equal the name of the string in the web config "DefaultConnection"
//anything that is filebased or connection based that is using outside resources, always check to see if there is a dispose method available
//if there is, then that means it is eligable to be put inside of a using statement
//whatever clean up that needs to occur, the using statement will automatically do that for us
using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
{
conn.Open();
//sqlcommand is where we can enter the name of our stored proceedure, and our connection
//again going to check to see if there is a dispose method, and since there is, put inside of using statement
using (SqlCommand cmd = new SqlCommand("dbo.Users_Insert", conn))
{
//tell the command that it is a stored proceedure
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@Email", registerModel.Email);
cmd.Parameters.AddWithValue("@HashedPassword", registerModel.HashedPassword);
cmd.Parameters.AddWithValue("@Salt", registerModel.Salt);
SqlParameter parm = new SqlParameter("@Id", SqlDbType.Int);
parm.Direction = ParameterDirection.Output;
cmd.Parameters.Add(parm);
cmd.ExecuteNonQuery();
id = (int)cmd.Parameters["@Id"].Value;
};
conn.Close();
}
return(id);
}
public bool Login(LoginModel loginModel)
{
CryptographyService svc = new CryptographyService();
//i want to get the salt from the database that goes with the login email
var dboModel = GetDboModel(loginModel.Email);
//i want to take the login password and apply the salt to that password and hash it
string hashedPassword = svc.Hash(loginModel.Password, dboModel.Salt);
loginModel.HashedPassword = hashedPassword;
//then i want to see if the hashed password in the database for that user is the same as the new hased password
//if they are the same, then successfull login
if (loginModel.HashedPassword == dboModel.HashedPassword)
{
return(true);
}
else
{
return(false);
}
}