public SealegsAuthResponse GetAuthenticationToken(SealegsCredentials credentials) { SealegsContext Context = new SealegsContext(); // Validate user against database using email and password. IList <SealegsUser> users = Context.SealegsUser.Include("Role").Where(u => u.Email.ToLower() == credentials.Email.ToLower()).ToList(); SealegsUser user = (users.Count() > 0) ? users.First() : null; // Other possible algorithms - HashAlgorithm.Create("SHA256"), new HMACSHA1(), new HMACSHA256() string password = String.Empty; bool ret = false; if (user.PasswordFormat == 1) { password = EncryptPassword(credentials.Password, user.PasswordFormat, user.PasswordSalt, HashAlgorithm.Create("SHA1")); } else { SimpleHash hash = new SimpleHash(); string salt = string.Empty; ret = hash.Verify(credentials.Password, user.Password); } return((user != null) ? new SealegsAuthResponse() { Success = (password == user.Password || "ns+" + password == user.Password || ret), User = user } : new SealegsAuthResponse() { Success = false, User = null }); }
// POST api/Announcement public async Task <HttpResponseMessage> Post(string password, [FromBody] string message) { HttpStatusCode ret = HttpStatusCode.InternalServerError; if (string.IsNullOrWhiteSpace(message) || password != ConfigurationManager.AppSettings["NotificationsPassword"]) { return(Request.CreateResponse(ret)); } try { var announcement = new Notification { Date = DateTime.UtcNow, Text = message }; var context = new SealegsContext(); context.Notifications.Add(announcement); await context.SaveChangesAsync(); } catch { return(Request.CreateResponse(ret)); } return(Request.CreateResponse(HttpStatusCode.OK)); }