static void CreateUser() { Console.WriteLine("Welcome"); Console.WriteLine("Create a new user"); Console.WriteLine("Enter a username:"******"Enter a password"); string password = Console.ReadLine(); HashManager hm = new HashManager(); byte[] bytes = Encoding.ASCII.GetBytes(password); byte[] salt = hm.GenerateSalt(); password = Convert.ToBase64String(hm.GenerateSHA256(bytes, salt)); //Make a new user object User user = new User(username, password, Convert.ToBase64String(salt)); UserManager um = new UserManager(); um.InsertUserToDB(user); Console.WriteLine("The user has succesfully been created"); Console.ReadKey(); }
public User VerifyUser(string username, string password) { using (SqlConnection sql = new SqlConnection(cs)) { sql.Open(); SqlCommand cmd = new SqlCommand("SELECT salt FROM users WHERE username = @username", sql); cmd.Parameters.Add(new SqlParameter("@username", username)); SqlDataReader rdr = cmd.ExecuteReader(); string s = ""; while (rdr.Read()) { s = (string)rdr["salt"]; } rdr.Close(); HashManager hm = new HashManager(); byte[] pass = Encoding.UTF8.GetBytes(password); byte[] salt = Convert.FromBase64String(s); string hash = Convert.ToBase64String(hm.GenerateSHA256(pass, salt)); SqlCommand cmd2 = new SqlCommand("SELECT * FROM users WHERE username = @username AND password = @password", sql); cmd2.Parameters.Add(new SqlParameter("@username", username)); cmd2.Parameters.Add(new SqlParameter("@password", hash)); SqlDataReader rdr2 = cmd2.ExecuteReader(); while (rdr2.Read()) { return(new User( (string)rdr2["username"], (string)rdr2["password"], (string)rdr2["salt"] )); } rdr2.Close(); return(null); } }