public ActionResult CreateAccount(string username, string password, string name) { username = username.Trim(); if (string.IsNullOrWhiteSpace(username)) { return(Json(new { status = false, message = "Failed to create user. Username cannot be empty." })); } if (string.IsNullOrWhiteSpace(password)) { return(Json(new { status = false, message = "Failed to create user. Password cannot be empty." })); } if (string.IsNullOrWhiteSpace(name)) { return(Json(new { status = false, message = "Failed to create user. Name cannot be empty." })); } var account = AccountRepository.GetAccount(username); if (account != null && account != default(Account)) { return(Json(new { status = false, message = "Failed to create user. Username already exists." })); } var salt = PasswordHelper.CreateRandomSalt(); var saltedPassword = PasswordHelper.ComputeSaltedHash(password, salt); AccountRepository.CreateAccount(username, saltedPassword, salt.ToString(), name); return(Json(new { status = true, message = $"User {username} created." })); }
public ActionResult Validate(string username, string password) { var account = AccountRepository.GetAccountWithPassword(username); if (account != null && account != default(AccountWithPassword)) { if (account.Password == PasswordHelper.ComputeSaltedHash(password, account.Salt)) { HttpContext.Session.Set(SessionHelper.SessionKeyAccountId, account.AccountId); return(Json(new { status = true, message = "Login Successfull!" })); } else { return(Json(new { status = false, message = "Invalid Password" })); } } else { return(Json(new { status = false, message = "Invalid Username" })); } }