protected void btnLogin_Click(object sender, EventArgs e)
{
//connect
using (DefaultConnection db = new DefaultConnection())
{
//create user object
Users objU = new Users();
//get salt for username
String username = txtUsername.Text;
objU = (from u in db.Users
where u.Username == username
select u).FirstOrDefault();
// was user name found
if (objU != null)
{
String salt = objU.Salt;
//salt and hash text password
String password = txtPassword.Text;
String pass_and_salt = password + salt;
// Create a new instance of the hash crypto service provider.
HashAlgorithm hashAlg = new SHA256CryptoServiceProvider();
// Convert the data to hash to an array of Bytes.
byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(pass_and_salt);
// Compute the Hash. This returns an array of Bytes.
byte[] bytHash = hashAlg.ComputeHash(bytValue);
// Optionally, represent the hash value as a base64-encoded string,
// For example, if you need to display the value or transmit it over a network.
string base64 = Convert.ToBase64String(bytHash);
//check if the password is correct
if (objU.Password == base64)
{
//store id in session object
Session["UserID"] = objU.UserID;
Session["UserName"] = objU.Firstname + " " + objU.Lastname;
//redirect to their comic page
Response.Redirect("comics.aspx");
}
else
{
lblError.Text = "Invalid Login";
}
}
else
{
lblError.Text = "Invalid Login";
}
}
}
protected void btnRegister_Click(object sender, EventArgs e)
{
//connect to db
using (DefaultConnection db = new DefaultConnection())
{
//create new user
Users objU = new Users();
//fill the form inputs
objU.Firstname = txtFirstname.Text;
objU.Lastname = txtLastname.Text;
objU.Username = txtUsername.Text;
//salt and hash text password
String password = txtPassword.Text;
String salt = CreateSalt(8);
String pass_and_salt = password + salt;
// Create a new instance of the hash crypto service provider.
HashAlgorithm hashAlg = new SHA256CryptoServiceProvider();
// Convert the data to hash to an array of Bytes.
byte[] bytValue = System.Text.Encoding.UTF8.GetBytes(pass_and_salt);
// Compute the Hash. This returns an array of Bytes.
byte[] bytHash = hashAlg.ComputeHash(bytValue);
// Optionally, represent the hash value as a base64-encoded string,
// For example, if you need to display the value or transmit it over a network.
string base64 = Convert.ToBase64String(bytHash);
objU.Password = base64;
objU.Salt = salt;
//save
db.Users.Add(objU);
db.SaveChanges();
}
}