public static async Task <bool> VerifyLogin(string email, string password) { string storedHash = string.Empty; using (SqlConnection conn = new SqlConnection(await AzureKeyVaultService.GetKeyFromVault())) { await conn.OpenAsync(); using (SqlCommand cmd = new SqlCommand("SELECT userPass from UserAccounts WHERE emailAddress = @email", conn)) { cmd.Parameters.AddWithValue("email", email); storedHash = (await cmd.ExecuteScalarAsync()).ToString(); if (storedHash == null || storedHash == string.Empty) { return(false); } } //Hash the entered password var result = PasswordHasher.HashPassword(password); //Compare hashes return((storedHash == result.Item1) ? true : false); } }
/// <summary> /// Retrieves the hash and salt stored in the database for a given email /// </summary> /// <param name="email"></param> /// <returns>Tuple of (hash, salt)</returns> public static async Task <(string, string)> GetDBHashAndSalt(string email) { string hash = string.Empty; string salt = string.Empty; using (SqlConnection conn = new SqlConnection(await AzureKeyVaultService.GetKeyFromVault())) { await conn.OpenAsync(); using (SqlCommand cmd = new SqlCommand("SELECT userPass, userSalt from UserAccounts WHERE emailAddress = @email", conn)) { cmd.Parameters.AddWithValue("email", email); using (SqlDataReader reader = await cmd.ExecuteReaderAsync()) { while (await reader.ReadAsync()) { hash = reader.GetString(0); salt = reader.GetString(1); } } } } return(hash, salt); }
public static async Task <bool> IsGUIDConflict(Guid id) { using (SqlConnection conn = new SqlConnection(await AzureKeyVaultService.GetKeyFromVault())) { await conn.OpenAsync(); using (SqlCommand cmd = new SqlCommand("SELECT userID FROM UserAccounts WHERE userID = @id", conn)) { cmd.Parameters.AddWithValue("id", id); var match = await cmd.ExecuteScalarAsync(); return((match != null) ? true : false); } } }
public static async Task InsertUser(Guid id, string pass, string salt, string email, string first, string last) { using (SqlConnection conn = new SqlConnection(await AzureKeyVaultService.GetKeyFromVault())) { await conn.OpenAsync(); using (SqlCommand cmd = new SqlCommand("INSERT INTO UserAccounts(userID, userPass, userSalt, emailAddress, firstName, lastName) VALUES(@id, @pass, @salt, @email, @first, @last);", conn)) { cmd.Parameters.AddWithValue("id", id.ToString()); cmd.Parameters.AddWithValue("pass", pass); cmd.Parameters.AddWithValue("salt", salt); cmd.Parameters.AddWithValue("email", email); cmd.Parameters.AddWithValue("first", first); cmd.Parameters.AddWithValue("last", last); await cmd.ExecuteNonQueryAsync(); } } }
/// <summary> /// Determines if a user has already registered an email address /// </summary> /// <param name="email"></param> /// <returns>Boolean</returns> public static async Task <bool> IsEmailTaken(string email) { using (SqlConnection conn = new SqlConnection(await AzureKeyVaultService.GetKeyFromVault())) { await conn.OpenAsync(); using (SqlCommand cmd = new SqlCommand("SELECT COUNT(emailAddress) from UserAccounts WHERE emailAddress = @email", conn)) { cmd.Parameters.AddWithValue("email", email); using (SqlDataReader reader = await cmd.ExecuteReaderAsync()) { await reader.ReadAsync(); return((reader.GetInt32(0) > 0) ? true : false); } } } }