protected void CustomValidator1_ServerValidate(object source, ServerValidateEventArgs args) { UsersLogic users = new UsersLogic(); IEnumerable <User> usersList = users.GetUsers(); foreach (User user in usersList) { // convert the password to bytes array byte[] passBytes = Convert.FromBase64String(user.Password); // get the salt array with the default SaltSize in 'MyWebAuthentication' byte[] salt = new byte[MyWebAuthentication.SaltSize]; // fill the salt array with the values from passBytes Array.Copy(passBytes, 0, salt, 0, 16); // now i have the salt and i can hash the password that the user enterd string password = txtPassword.Text; string hashedPassword = MyWebAuthentication.HashPassword(password, salt); // the email that was entered string email = txtEmail.Text.ToLower(); // compare the two hashed passwords if (MyWebAuthentication.CompareHashedPasswords(hashedPassword, user.Password) == true && email == user.Email) // check if the email is correct also { // if password founds equal set the validator to valid and finish! args.IsValid = true; // set userID in the session MyWebAuthentication.UserID = user.UserID; return; } } // if no found equal password args.IsValid = false; }
protected void btnSignUp_Click(object sender, EventArgs e) { if (IsValid == false) { return; } User user = new User() { FirstName = txtFirstName.Text, LastName = txtLastName.Text, Email = txtEmail.Text.ToLower(), Phone = txtPhone.Text, UserName = txtUserName.Text }; string password = txtPassword.Text; user.Password = MyWebAuthentication.HashPassword(password); // hash the pass with 16 SaltSize (default set) try { users.CreateNewUser(user); } catch { } MyWebAuthentication.UserID = users.GetUser(user.Email).UserID; Response.Redirect("Member?u=" + MyWebAuthentication.UserID); // need to create a page called "memeber" }