// POST api/CustomRegistration public HttpResponseMessage Post(RegistrationRequest registrationRequest) { if (!Regex.IsMatch(registrationRequest.username, "^[a-zA-Z0-9]{4,}$")) { return this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid username (at least 4 chars, alphanumeric only)"); } else if (registrationRequest.password.Length < 8) { return this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid password (at least 8 chars required)"); } XamarinPushDemoContext context = new XamarinPushDemoContext(); Account account = context.Accounts.Where(a => a.Username == registrationRequest.username).SingleOrDefault(); if (account != null) { return this.Request.CreateResponse(HttpStatusCode.BadRequest, "That username already exists."); } else { byte[] salt = CustomLoginProviderUtils.generateSalt(); Account newAccount = new Account { Id = Guid.NewGuid().ToString(), Username = registrationRequest.username, Salt = salt, SaltedAndHashedPassword = CustomLoginProviderUtils.hash(registrationRequest.password, salt) }; context.Accounts.Add(newAccount); context.SaveChanges(); return this.Request.CreateResponse(HttpStatusCode.Created); } }
// POST api/CustomLogin public HttpResponseMessage Post(LoginRequest loginRequest) { XamarinPushDemoContext context = new XamarinPushDemoContext(); Account account = context.Accounts .Where(a => a.Username == loginRequest.username).SingleOrDefault(); if (account != null) { byte[] incoming = CustomLoginProviderUtils .hash(loginRequest.password, account.Salt); if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword)) { ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username)); LoginResult loginResult = new CustomLoginProvider(handler) .CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); var customLoginResult = new CustomLoginResult() { UserId = loginResult.User.UserId, MobileServiceAuthenticationToken = loginResult.AuthenticationToken }; return this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult); } } return this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password"); }