public int RegisterUser(RegisterRequest model) { int id = 0; string salt; string hashedPassword; string password = model.Password; CryptographyService svc = new CryptographyService(); salt = svc.GenerateRandomString(16); hashedPassword = svc.Hash(password, salt); model.HashedPassword = hashedPassword; model.Salt = salt; using (SqlConnection conn = new SqlConnection(connString)) { conn.Open(); using (SqlCommand cmd = new SqlCommand("Users_Insert", conn)) { cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@Email", model.Email); cmd.Parameters.AddWithValue("@HashedPassword", model.HashedPassword); cmd.Parameters.AddWithValue("@Salt", model.Salt); SqlParameter parm = new SqlParameter("@Id", SqlDbType.Int); parm.Direction = ParameterDirection.Output; cmd.Parameters.Add(parm); cmd.ExecuteNonQuery(); id = (int)cmd.Parameters["@Id"].Value; }; conn.Close(); } return(id); }
public LoginData Login(LoginRequest model) { LoginData res = new LoginData(); res.IsLoggedIn = false; using (SqlConnection conn = new SqlConnection(connString)) { conn.Open(); using (SqlCommand cmd = new SqlCommand("Users_SelectByEmail", conn)) { cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@Email", model.Email); SqlDataReader reader = cmd.ExecuteReader(); if (reader.Read()) { LoginRequest responseModel = Mapper(reader); res.Id = responseModel.Id; res.Email = responseModel.Email; int multOf4 = responseModel.Salt.Length % 4; if (multOf4 > 0) { responseModel.Salt += new string('=', 4 - multOf4); } CryptographyService cryptSvc = new CryptographyService(); string passwordHash = cryptSvc.Hash(model.Password, responseModel.Salt); if (passwordHash == responseModel.EncryptedPass) { res.IsLoggedIn = true; } } } conn.Close(); } if (res.IsLoggedIn == false) { res.Id = 0; res.Email = "Failed to login"; return(res); } return(res); }
public void ChangePassword(UpdatePasswordRequest model) { CryptographyService svc = new CryptographyService(); string salt = svc.GenerateRandomString(16); string hashedPassword = svc.Hash(model.NewPassword, salt); using (SqlConnection conn = new SqlConnection(connString)) { conn.Open(); using (SqlCommand cmd = new SqlCommand("Users_ChangePassword", conn)) { cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@Id", model.UserId); cmd.Parameters.AddWithValue("@HashedPassword", hashedPassword); cmd.Parameters.AddWithValue("@Salt", salt); cmd.ExecuteNonQuery(); }; conn.Close(); } }