protected void SignInButton_Click(object sender, EventArgs e) { string Emailadress = SignInEmailTB.Text.ToLower(); string PassWord = SignInPasswordTB.Text; Entities.User result1 = new Entities.User(); //vul user credentials met email en wachtwoord+hashtouniqueid string uniqueId = ""; using (MD5 md5 = MD5.Create()) { byte[] hash = md5.ComputeHash(Encoding.Default.GetBytes(Emailadress)); uniqueId = PassWordSecurity.NameUUIDFromBytes(hash); } UserCredentials = new Entities.User(); UserCredentials.PassWordHash = uniqueId + BLL.PassWordSecurity.Hash(PassWord); UserCredentials.EmailAdress = Emailadress; if (UserCredentials != null) { if (!string.IsNullOrEmpty(UserCredentials.EmailAdress) && !string.IsNullOrEmpty(UserCredentials.PassWordHash)) { BLL.LogInHelper logInHelper = new BLL.LogInHelper(); try { //probeer in te loggen met ingevulde gegevens result1 = logInHelper.LoginAtPageLoad(UserCredentials); if (result1 != null || result1.ID != 0) { //inlog geaccepteerd ShowMessagerAlert("U bent ingelogd"); Session["User"] = result1; SiteMaster.setLoggedInText(UserCredentials.EmailAdress, "/Account"); Response.Redirect("/Account.aspx"); } else { SiteMaster.setLoggedInText("Inloggen", "/SignIn"); ShowMessagerAlert("Deze combinatie van gebruikersnaam en wachtwoord is niet gevonden"); } } catch (Exception ex) { ShowMessagerAlert("Probleem bij ophalen van gebruikergegevens: " + ex.Message); } } else { ShowMessagerAlert("Er zijn geen gebruikersnaam of wachtwoord ingevuld"); } } else { SiteMaster.setLoggedInText("Inloggen", "/SignIn"); ShowMessagerAlert("Er zijn geen gebruikersnaam of wachtwoord ingevuld"); } //do postback zodat inloggen vervangen wordt door emailadress ScriptManager.RegisterStartupScript(this.Page, this.Page.GetType(), "DoPostBack", "__doPostBack(sender, e)", true); }
public Entities.User GetUserSignInCredentials(string username, string passwordHash) { string uniqueId; using (MD5 md5 = MD5.Create()) { byte[] hash = md5.ComputeHash(Encoding.Default.GetBytes(username.ToLower())); uniqueId = PassWordSecurity.NameUUIDFromBytes(hash); } using (MySql.Data.MySqlClient.MySqlCommand cmd = new MySql.Data.MySqlClient.MySqlCommand("Select * from user where Lower(user.EmailAdress) =Lower(@Username) and user.PasswordHash =@password", con)) { cmd.Parameters.AddWithValue("@Username", username ?? throw new Exception("Username is leeg")); cmd.Parameters.AddWithValue("@password", passwordHash ?? throw new Exception("Password is leeg")); Entities.User usercredentials = new Entities.User(); try { con.Open(); MySqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { usercredentials.EmailAdress = (string)reader["EmailAdress"]; usercredentials.PassWordHash = (string)reader["PasswordHash"]; usercredentials.Confirmed = (bool)reader["Confirmed"]; usercredentials.UniqueUserID = (string)reader["UniqueID"]; usercredentials.PhoneNumber = (string)reader["PhoneNumber"]; usercredentials.FirstName = (string)reader["FirstName"]; usercredentials.LastName = (string)reader["LastName"]; usercredentials.BsnNumber = (string)reader["BsnNumber"]; usercredentials.RoleID = (int)reader["RoleID"]; usercredentials.ID = (int)reader["ID"]; } } catch (Exception ex) { if (con.State != System.Data.ConnectionState.Closed) { con.Close(); } throw new Exception(ex.Message); } if (con.State != System.Data.ConnectionState.Closed) { con.Close(); } if (!string.IsNullOrEmpty(usercredentials.EmailAdress) && !string.IsNullOrEmpty(usercredentials.PassWordHash)) { return(usercredentials); } else { return(null); } } }
void AddUser(string FirstName, string LastName, string Password, string EmailAdress, string BsnNumber, string PhoneNumber) { Entities.User newUser = new Entities.User(); newUser.FirstName = FirstName; newUser.LastName = LastName; newUser.PassWordHash = Password; newUser.EmailAdress = EmailAdress; newUser.BsnNumber = BsnNumber; newUser.PhoneNumber = PhoneNumber; string input = EmailAdress; string uniqueId; using (MD5 md5 = MD5.Create()) { byte[] hash = md5.ComputeHash(Encoding.Default.GetBytes(input.ToLower())); uniqueId = PassWordSecurity.NameUUIDFromBytes(hash); } newUser.UniqueUserID = uniqueId; DAL.DBUserConnection userDB = new DAL.DBUserConnection(); userDB.AddUser(newUser); }
/// <summary> /// Adds a user /// </summary> /// <param name="user"></param> public void AddUser(Entities.User user) { using (MySql.Data.MySqlClient.MySqlCommand cmd = new MySql.Data.MySqlClient.MySqlCommand("INSERT INTO user VALUES (0,@BsnNumber, @PhoneNumber,@FirstName,@LastName,@EmailAdress,@PasswordHash,@Confirmed,@UniqueID,0,0)", con)) { cmd.Parameters.AddWithValue("@BsnNumber", user.BsnNumber ?? throw new Exception("BSN nummer is leeg")); cmd.Parameters.AddWithValue("@PhoneNumber", user.PhoneNumber ?? ""); cmd.Parameters.AddWithValue("@FirstName", user.FirstName ?? throw new Exception("Voornaam is leeg")); cmd.Parameters.AddWithValue("@LastName", user.LastName ?? throw new Exception("Achternaam is leeg")); cmd.Parameters.AddWithValue("@EmailAdress", user.EmailAdress ?? throw new Exception("EmailAdress is leeg")); if (string.IsNullOrEmpty(user.PassWordHash)) { throw new Exception("Wachtwoord is leeg"); } else { if (user.UniqueUserID == null) { throw new Exception("uniek id is leeg"); } else { cmd.Parameters.AddWithValue("@UniqueID", user.UniqueUserID); } cmd.Parameters.AddWithValue("@PasswordHash", user.UniqueUserID.ToString() + PassWordSecurity.Hash(user.PassWordHash)); } cmd.Parameters.AddWithValue("@Confirmed", user.Confirmed); try { con.Open(); cmd.ExecuteNonQuery(); con.Close(); } catch (Exception ex) { if (con.State != System.Data.ConnectionState.Closed) { con.Close(); } throw new Exception(ex.Message); } } }
private string Login(string Emailadress, string PassWord) { try { try { string uniqueId; using (MD5 md5 = MD5.Create()) { byte[] hash = md5.ComputeHash(Encoding.Default.GetBytes(Emailadress)); uniqueId = PassWordSecurity.NameUUIDFromBytes(hash); } UserCredentials = userDB.GetUserSignInCredentials(Emailadress, uniqueId + BLL.PassWordSecurity.Hash(PassWord)); } catch (Exception) { return("Er is een fout opgetreden bij het ophalen van de gebruiker gegevens uit het database"); } if (UserCredentials != null) { string DBemail = UserCredentials.EmailAdress; string DBpassword = UserCredentials.PassWordHash; bool DBconfirmed = UserCredentials.Confirmed; string DBUniqueId = UserCredentials.UniqueUserID; if (DBconfirmed) { string TBPassword = PassWordSecurity.Hash(PassWord); string uniqueId; using (MD5 md5 = MD5.Create()) { byte[] hash = md5.ComputeHash(Encoding.Default.GetBytes(DBemail)); uniqueId = PassWordSecurity.NameUUIDFromBytes(hash); } if (TBPassword == DBpassword && DBUniqueId == uniqueId) { //wachtwoord is gecontroleerd en goedgekeurd gebruiker mag worden ingelogd. Session["User"] = UserCredentials; Response.Redirect("/"); return("U wordt ingelogd"); } else { // wachtwoord fout return("Combinatie van gebruikersnaam en wachtwoord is niet goed"); } } else { //gebruiker mag niet inloggen!! return("U bent nog niet geaccepteerd door één van de beheerders"); } } else { return("Er is een fout opgetreden: 'UserCredentials was null'"); } } catch (Exception) { return("Er is een fout opgetreden, probeer later opnieuw"); } }