public ActionResult Create(Models.CreateUser info) { try { //using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) //{ if (!ModelState.IsValid) { return(View(info)); } using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) { BusinessLogicLayer.UserBLL user = ctx.FindUserByUserName(info.UserName); //if (user != null) //{ // info.Message = $"The EMail Address '{info.Email}' already exists in the database"; // return View(info); //} user = new UserBLL(); user.FirstName = info.FirstName; user.LastName = info.LastName; user.UserName = info.UserName; user.DateOfBirth = info.DateOfBirth; user.RoleID = info.RoleID; user.SALT = System.Web.Helpers.Crypto. GenerateSalt(Constants.SaltSize); user.HASH = System.Web.Helpers.Crypto. HashPassword(info.Password + user.SALT); user.Email = info.Email; ctx.CreateUser(user); Session["AUTHUserName"] = user.UserName; Session["AUTHRoles"] = user.RoleName; Session["AUTHTYPE"] = "HASHED"; } return(RedirectToAction("Index")); } catch (Exception Ex) { ViewBag.Exception = Ex; return(View("Error")); } }
public ActionResult Login(Models.LoginModel info) { if (!ModelState.IsValid) { return(View(info)); } using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) { BusinessLogicLayer.UserBLL user = ctx.FindUserByUserName(info.UserName); if (user == null) { info.Message = $"The UserName '{info.UserName}' does not exist in the database"; return(View(info)); } string actual = user.HASH; string potential = info.Password; string ValidationType = $"ClearText:({user.UserID})"; //bool validateduser = potential == actual; bool validateduser = potential == actual; if (!validateduser) { potential = info.Password + user.SALT; validateduser = System.Web.Helpers.Crypto.VerifyHashedPassword(actual, potential); ValidationType = $"HASHED:({user.UserID})"; } if (validateduser) { Session["AUTHUserName"] = user.UserName; Session["AUTHRoles"] = user.RoleName; Session["AUTHTYPE"] = ValidationType; return(Redirect(info.ReturnURL)); } info.Message = "The UserName or Password was incorrect"; return(View(info)); } }
//public ActionResult Register() //{ // return View(); //} //[HttpPost] //public ActionResult Register(Models.RegistrationModel info) //{ // if (!ModelState.IsValid) // { // return View(info); // } // using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) // { // BusinessLogicLayer.UserBLL user = ctx.FindUserByUserName(info.UserName); // //if (user != null) // //{ // // info.Message = $"The EMail Address '{info.Email}' already exists in the database"; // // return View(info); // //} // user = new UserBLL(); // user.FirstName = info.FirstName; // user.LastName = info.LastName; // user.UserName = info.UserName; // user.DateOfBirth = info.DateOfBirth; // user.SALT = System.Web.Helpers.Crypto. // GenerateSalt(Constants.SaltSize); // user.HASH = System.Web.Helpers.Crypto. // HashPassword(info.Password + user.SALT); // user.Email = info.Email; // user.RoleID = 3; // ctx.CreateUser(user); // Session["AUTHUserName"] = user.UserName; // Session["AUTHRoles"] = user.RoleName; // Session["AUTHTYPE"] = "HASHED"; // return RedirectToAction("Index"); // } //} public ActionResult Hash() { if (!User.Identity.IsAuthenticated) { return(View("NotLoggedIn")); } if (User.Identity.AuthenticationType.StartsWith("HASHED")) { return(View("AlreadyHashed")); } if (User.Identity.AuthenticationType.StartsWith("IMPERSONATED")) { return(View("ActionNotAllowed")); } using (BusinessLogicLayer.ContextBLL ctx = new BusinessLogicLayer.ContextBLL()) { BusinessLogicLayer.UserBLL user = ctx.FindUserByUserName(User.Identity.Name); if (user == null) { Exception Message = new Exception($"The UserName '{User.Identity.Name}' does not exist in the database"); ViewBag.Exception = Message; return(View("Error")); } user.SALT = System.Web.Helpers.Crypto.GenerateSalt(Constants.SaltSize); user.HASH = System.Web.Helpers.Crypto.HashPassword(user.HASH + user.SALT); ctx.UpdateUser(user); string ValidationType = $"HASHED:({user.UserID})"; Session["AUTHUserName"] = user.UserName; Session["AUTHRoles"] = user.RoleName; Session["AUTHTYPE"] = ValidationType; return(RedirectToAction("Index", "Home")); } }