Exemplo n.º 1
        public IActionResult Login(LoginRegFormModel userVM)
            if (TryValidateModel(userVM.loginVM))
                    // Entity PostGres Code First command
                    // retrieve user by submitted username
                    User logging_user = _context.Users.SingleOrDefault(user => user.Email == userVM.loginVM.Email);
                    // salt the submitted password and hash
                    string SaltedPasswd = userVM.loginVM.Password + logging_user.Salt;
                    var    Hasher       = new PasswordHasher <User>();

                    if (0 != Hasher.VerifyHashedPassword(logging_user, logging_user.Password, SaltedPasswd))
                        // the passwords match!
                        HttpContext.Session.SetInt32(LOGGED_IN_ID, logging_user.UserId);
                        HttpContext.Session.SetString(LOGGED_IN_USERNAME, userVM.loginVM.Email);
                        HttpContext.Session.SetString(LOGGED_IN_FIRSTNAME, logging_user.FirstName);
                    // else (password failed) -- place error in ModelState below
                catch (Exception ex)
                    // the username and password combination were not found
            // if login was not successful, return to index with errors exported in modelstate
            TempData["login_errors"] = true;
Exemplo n.º 2
        public IActionResult Register(LoginRegFormModel userVM)
            if (TryValidateModel(userVM.registerVM))
                // model validated correctly --> success
                // confirm that a user does not exist with the selected username
                    // Dapper connection commands
                    // User testUser = userFactory.FindByUsername(userVM.registerVM.Username);

                    // Entity PostGres Code First command
                    User testUser = _context.Users.SingleOrDefault(user => user.Email == userVM.registerVM.Email);
                    if (testUser != null)
                        // the username currently exists in the database
                        string key          = "Username";
                        string errorMessage = "This username already exists. Please select another or login.";
                        ModelState.AddModelError(key, errorMessage);
                        TempData["errors"] = true;
                    // if username was not found - do nothing and proceed
                // confirm that a user does not exist with the selected email
                    // Dapper connection commands
                    // User testUser = userFactory.FindByEmail(userVM.registerVM.Email);

                    // Entity PostGres Code First command
                    User testUser = _context.Users.SingleOrDefault(user => user.Email == userVM.registerVM.Email);
                    if (testUser != null)
                        // the email currently exists in the database
                        string key          = "Email";
                        string errorMessage = "This email address already exists. Please select another or login.";
                        ModelState.AddModelError(key, errorMessage);
                        TempData["errors"] = true;
                    // if email was not found - do nothing and proceed
                // Dapper factory command
                // userFactory.Add(userVM.registerVM);

                // Entity PostGres Code First command
                User NewUser = new User(userVM.registerVM);

                // generate a 128-bit salt using a secure PRNG
                byte[] newSalt = new byte[128 / 8];
                using (var rng = RandomNumberGenerator.Create())
                string newSaltString = Convert.ToBase64String(newSalt);
                NewUser.Salt = newSaltString;
                // hash password
                string SaltedPasswd          = NewUser.Password + newSaltString;
                PasswordHasher <User> Hasher = new PasswordHasher <User>();
                NewUser.Password = Hasher.HashPassword(NewUser, SaltedPasswd);

                string userSerialized = JsonConvert.SerializeObject(userVM.registerVM);
                TempData["user"] = (string)userSerialized;

                // store user id, first name, and username in session
                // run query to gather id number generated by the database
                // Dapper connection command
                // User NewUser = userFactory.FindByUsername(userVM.registerVM.Username);

                // Entity PostGres Code First command
                User UserFromDb = _context.Users.SingleOrDefault(user => user.Email == userVM.registerVM.Email);

                // login to the application
                HttpContext.Session.SetInt32(LOGGED_IN_ID, UserFromDb.UserId);
                HttpContext.Session.SetString(LOGGED_IN_USERNAME, UserFromDb.Email);
                HttpContext.Session.SetString(LOGGED_IN_FIRSTNAME, UserFromDb.FirstName);
            // model did not validate correctly --> show errors to user
            TempData["errors"] = true;