protected override void Initialize(HttpControllerContext controllerContext)
        {
            base.Initialize(controllerContext);
            dhcchardwareContext context = new dhcchardwareContext();

            DomainManager = new EntityDomainManager <HardwareItemDTO>(context, Request, Services);
        }
        // POST api/CustomLogin
        public HttpResponseMessage Post(LoginRequest loginRequest)
        {
            var context = new dhcchardwareContext();
            var account = context.Accounts.SingleOrDefault(a => a.Username == loginRequest.username);

            if (account == null)
            {
                return(this.Request.CreateResponse(HttpStatusCode.Unauthorized,
                                                   "Invalid username or password"));
            }
            byte[] incoming = CustomLoginProviderUtils
                              .hash(loginRequest.password, account.Salt);

            if (!CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword))
            {
                return(this.Request.CreateResponse(HttpStatusCode.Unauthorized,
                                                   "Invalid username or password"));
            }
            var claimsIdentity = new ClaimsIdentity();

            claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username));
            var loginResult = new CustomLoginProvider(handler)
                              .CreateLoginResult(claimsIdentity, Services.Settings.MasterKey);
            var customLoginResult = new CustomLoginResult()
            {
                UserId = loginResult.User.UserId,
                MobileServiceAuthenticationToken = loginResult.AuthenticationToken
            };

            return(this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult));
        }
예제 #3
0
        // POST api/CustomRegistration
        public HttpResponseMessage Post(RegistrationRequest registrationRequest)
        {
            if (!Regex.IsMatch(registrationRequest.username, "^[a-zA-Z0-9]{4,}$"))
            {
                return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid username (at least 4 chars, alphanumeric only)"));
            }
            else if (registrationRequest.password.Length < 8)
            {
                return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid password (at least 8 chars required)"));
            }

            dhcchardwareContext context = new dhcchardwareContext();
            Account             account = context.Accounts.SingleOrDefault(a => a.Username == registrationRequest.username);

            if (account != null)
            {
                return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "That username already exists."));
            }
            else
            {
                byte[]  salt       = CustomLoginProviderUtils.generateSalt();
                Account newAccount = new Account
                {
                    Id       = Guid.NewGuid().ToString(),
                    Username = registrationRequest.username,
                    Salt     = salt,
                    SaltedAndHashedPassword = CustomLoginProviderUtils.hash(registrationRequest.password, salt)
                };
                context.Accounts.Add(newAccount);
                context.SaveChanges();
                return(this.Request.CreateResponse(HttpStatusCode.Created));
            }
        }