public ActionResult <CustomerHelper> Index(CustomerHelper userHelper)
{
CustomerDAO userDAO = new CustomerDAO(_db);
Customer existingUser = userDAO.GetByEmail(userHelper.email);
if (existingUser == null)
{
HashSalt hashSalt = GenerateSaltedHash(64, userHelper.password);
userHelper.password = ""; // flush the string, no need for plain password.
Customer user = new Customer();
user.FirstName = userHelper.firstName;
user.LastName = userHelper.lastName;
user.Email = userHelper.email;
user.Hash = hashSalt.Hash;
user.Salt = hashSalt.Salt;
user = userDAO.Register(user);
if (user.Id > 0)
{
userHelper.token = "User registration success.";
}
else
{
userHelper.token = "User registration failed.";
}
}
else
{
userHelper.token = "User registration failed: user is already existing.";
}
return(userHelper);
}
private static HashSalt GenerateSaltedHash(int size, string plainPassword)
{
var saltBytes = new byte[size];
var provider = new RNGCryptoServiceProvider();
// Fills an array of bytes with a cryptographically strong sequence of random nonzero values.
provider.GetNonZeroBytes(saltBytes);
var salt = Convert.ToBase64String(saltBytes);
// A password, salt, and iteration count, then generates a binary key
var rfc2898DeriveBytes = new Rfc2898DeriveBytes(plainPassword, saltBytes, 10000);
var hashPassword = Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256));
HashSalt hashSalt = new HashSalt {
Hash = hashPassword, Salt = salt
};
return(hashSalt);
}
