public void AddUser(string username, string password)
{
string salt = PasswordHelper.GenerateRandomSalt();
string hash = PasswordHelper.HashPassword(password, salt);
User user = new User
{
Username = username,
PasswordHash = hash,
PasswordSalt = salt
};
using (SqlConnection connection = new SqlConnection(_connectionString))
{
var command = connection.CreateCommand();
command.CommandText =
"INSERT INTO Users (Username, PasswordHash, PasswordSalt) VALUES (@username, @hash, @salt)";
command.Parameters.AddWithValue("@username", user.Username);
command.Parameters.AddWithValue("@hash", user.PasswordHash);
command.Parameters.AddWithValue("@salt", user.PasswordSalt);
connection.Open();
command.ExecuteNonQuery();
}
}
public User Login(string username, string password)
{
using (SqlConnection connection = new SqlConnection(_connectionString))
{
var command = connection.CreateCommand();
command.CommandText = "SELECT * FROM Users WHERE Username = @username";
command.Parameters.AddWithValue("@username", username);
connection.Open();
var reader = command.ExecuteReader();
if (!reader.Read())
{
return null;
}
User user = new User();
user.Id = (int)reader["Id"];
user.PasswordHash = (string)reader["PasswordHash"];
user.PasswordSalt = (string)reader["PasswordSalt"];
user.Username = (string)reader["Username"];
if (!PasswordHelper.PasswordMatch(password, user.PasswordSalt, user.PasswordHash))
{
return null;
}
return user;
}
}