// POST api/CustomLogin public HttpResponseMessage Post(LoginRequest loginRequest) { homesecurityContext context = new homesecurityContext(); Account account = context.Accounts .Where(a => a.Email == loginRequest.Email).SingleOrDefault(); if (account != null) { byte[] incoming = CustomLoginProviderUtils .hash(loginRequest.Password, account.Salt); if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword)) { ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.Email)); LoginResult loginResult = new CustomLoginProvider(handler) .CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); var customLoginResult = new CustomLoginResult() { UserId = loginResult.User.UserId, MobileServiceAuthenticationToken = loginResult.AuthenticationToken, Verified = account.Verified }; return this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult); } } var message = "Fail"; return this.Request.CreateResponse(HttpStatusCode.Unauthorized, new { message }); }
// POST api/CustomRegistration public HttpResponseMessage Post(RegistrationRequest registrationRequest) { var message = "Fail"; homesecurityContext context = new homesecurityContext(); if(registrationRequest != null) { Account account = context.Accounts.Where(a => a.Email == registrationRequest.email).SingleOrDefault(); if (account != null) { //account already exists return this.Request.CreateResponse(HttpStatusCode.BadRequest, new { message }); } else { //create new account byte[] salt = CustomLoginProviderUtils.generateSalt(); Account newAccount = new Account { Id = Guid.NewGuid().ToString(), Email = registrationRequest.email, Salt = salt, SaltedAndHashedPassword = CustomLoginProviderUtils.hash(registrationRequest.password, salt), Verified = false }; context.Accounts.Add(newAccount); context.SaveChanges(); rm.message = "Created"; rm.verified = false; try { //send email to this email address so that a user may verify it VerifyAccountEmail(registrationRequest.email); }catch(Exception e) { ApiServices.Log.Error("ERROR SENDING EMAIL"); } return this.Request.CreateResponse(HttpStatusCode.Created, rm); } } message = "Failed"; return this.Request.CreateResponse(HttpStatusCode.BadRequest, new { message }); }