// https://github.com/shawnmclean/SimpleCrypto.net
        public static bool IsPasswordValid(string password, string storedPasswordHash, string salt)
        {
            ICryptoService cryptoService   = new PBKDF2();
            string         hashedPassword2 = cryptoService.Compute(password, salt);

            return(cryptoService.Compare(storedPasswordHash, hashedPassword2));
        }
Exemplo n.º 2
0
 public override void Validate(string userName, string password)
 {
     using (var context = new AF_Context())
     {
         const string   pepper        = "50.L1`(f761OJdG6fc835M(5(+Ju2!P6,4330_N*/%xz<j7(N15KC'8l997'0c0CEg";
         ICryptoService cryptoService = new PBKDF2();
         try
         {
             User u = context.Users.FirstOrDefault(c => c.Login == userName);
             if (u == null)
             {
                 throw new SecurityTokenException("Wrong Username or Password");
             }
             bool verified = cryptoService.Compare(cryptoService.Compute(cryptoService.Compute(password, u.Salt), pepper), u.Password);
             if (!verified)
             {
                 throw new SecurityTokenException("Wrong Username or Password");
             }
         }
         catch (Exception ex)
         {
             throw;
         }
     }
 }
Exemplo n.º 3
0
        private void btnAuth_Click(object sender, EventArgs e)
        {
            if (string.IsNullOrEmpty(PasswordUser))
            {
                MessageBox.Show("Пароль пустий.");
                return;
            }
            var user = GetUserByEmail(EmailLogin);

            if (user != null)
            {
                ICryptoService cryptoService = new PBKDF2();
                // validate user
                string password        = PasswordUser;
                string salt            = user.PasswordHash;
                string hashedPassword2 = cryptoService.Compute(password, salt);
                bool   isPasswordValid = cryptoService.Compare(user.Password, hashedPassword2);
                if (isPasswordValid)
                {
                    DialogResult = DialogResult.OK;
                }
                else
                {
                    MessageBox.Show("Неправильний пароль або емейл, спробуйте ще раз.");
                }
            }
            else
            {
                MessageBox.Show("Неправильний пароль або емейл, спробуйте ще раз.");
            }
        }
Exemplo n.º 4
0
        private static bool ValidatePassword(string password, string salt, string hashedPassword)
        {
            ICryptoService cryptoService   = new PBKDF2();
            string         hashedPassword2 = cryptoService.Compute(password, salt);

            return(cryptoService.Compare(hashedPassword, hashedPassword2));
        }
Exemplo n.º 5
0
        protected bool IsValidNuGetApiKey(INancyModule module, IFeed feed)
        {
            if (!string.IsNullOrWhiteSpace(feed.ApiKeyHashed))
            {
                if (module.Request.Headers[NuGetHeaderApiKeyName].FirstOrDefault() == null)
                {
                    return(false);
                }

                ICryptoService cryptoService = new PBKDF2();

                var feedApiKeyHashed = feed.ApiKeyHashed;
                var feedApiKeySalt   = feed.ApiKeySalt;

                var requestApiKey = module.Request.Headers[NuGetHeaderApiKeyName].FirstOrDefault();

                if (string.IsNullOrWhiteSpace(requestApiKey))
                {
                    return(false);
                }

                string requestApiKeyHashed = cryptoService.Compute(requestApiKey, feedApiKeySalt);
                bool   isValidApiKey       = cryptoService.Compare(requestApiKeyHashed, feedApiKeyHashed);

                if (!isValidApiKey)
                {
                    return(false);
                }
            }
            return(true);
        }
Exemplo n.º 6
0
        protected void btnIniciar_Click(object sender, EventArgs e)
        {
            string user = txtUser.Text.Trim();
            string pas  = txtPass.Text.Trim();

            if (user != "" && pas != "")
            {
                var persona = instaciaBD.tbl_persona.Where(x => x.usuarioPersona == user).FirstOrDefault();


                if (persona != null)
                {
                    ICryptoService encripto      = new PBKDF2();//INSTANCIO EL ALGORITMO
                    string         pasEncriptada = encripto.Compute(pas, persona.salt);
                    if (encripto.Compare(persona.contrasenaPersona, pasEncriptada))
                    {
                        FormsAuthentication.SetAuthCookie(persona.nombrePersona + " " + persona.apellidoPersona, true);
                        Response.Redirect("Inicio.aspx");
                    }
                    else
                    {
                        ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "aletarLoginFail", "window.onload = function(){ alert ('Contraseña incorrecta');};", true);
                    }
                }
                else
                {
                    ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "aletarLoginFail", "window.onload = function(){ alert ('no existe ');};", true);
                }
            }
            else
            {
                ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "aletarLoginFail", "window.onload = function(){ alert ('debe ingresar datos');};", true);
            }
        }
Exemplo n.º 7
0
        // GET: Moviles
        public ActionResult Acceso(string correo, string password)

        {
            string constr  = conexion;
            string constr1 = conexion1;

            vista = "../Login/Login";
            System.Web.HttpContext.Current.Session["acceso"] = "Usuario no encontrado";
            using (MySqlConnection con = new MySqlConnection(constr))
            {
                string query = "select * from web_usuarios_login WHERE Cod_Usuario = '" + correo + "'";
                using (MySqlCommand cmd = new MySqlCommand(query))
                {
                    cmd.Connection = con;
                    con.Open();
                    using (MySqlDataReader sdr = cmd.ExecuteReader())
                    {
                        while (sdr.Read())
                        {
                            ICryptoService cryptoService      = new PBKDF2();
                            string         PasswordEncriptada = cryptoService.Compute(password, sdr["Salt"].ToString());
                            if (sdr.HasRows)
                            {
                                System.Web.HttpContext.Current.Session["sessionClosed"] = null;
                                if (cryptoService.Compare(sdr["Password"].ToString(), PasswordEncriptada))
                                {
                                    System.Web.HttpContext.Current.Session["sessionString"] = sdr["Nombre"].ToString() + " " + sdr["Apellido"].ToString();
                                    System.Web.HttpContext.Current.Session["perfil"]        = sdr["Cod_Perfil"].ToString();
                                    System.Web.HttpContext.Current.Session["correo"]        = sdr["Cod_Usuario"].ToString();
                                    vista = "../Principal/Principal";
                                }
                            }
                        }
                    }
                    con.Close();
                }
            }
            using (MySqlConnection con1 = new MySqlConnection(constr1))
            {
                string querypararm = "select * from web_vparam_sys";
                using (MySqlCommand cmd1 = new MySqlCommand(querypararm))
                {
                    cmd1.Connection = con1;
                    con1.Open();
                    using (MySqlDataReader sdr1 = cmd1.ExecuteReader())
                    {
                        while (sdr1.Read())
                        {
                            System.Web.HttpContext.Current.Session["conductoresConf"] = sdr1["Varios_Conductores"].ToString();
                        }
                    }
                    con1.Close();
                }
            }
            return(RedirectToAction(vista));
        }
Exemplo n.º 8
0
        protected void btnIniciar_Click1(object sender, EventArgs e)
        {
            //Se pasan los valor de los textbox a integer y string
            int    cedulaAsociado = int.Parse(txtUsuario.Text.Trim());
            string contrasenna    = txtPassword.Text.Trim();

            //Cuando la contrasena no es nula
            if (contrasenna != "")
            {
                //Se busca el usuario que coincida con la cedula digitada
                var usuario = db.Usuarios.Where(x => x.cedulaAsociado == cedulaAsociado).FirstOrDefault();

                //Si el usuario existe
                if (usuario != null)
                {
                    //se llama a la liberia de encriptacion
                    ICryptoService cryptoService = new PBKDF2();
                    //se le da la llave de encriptacion
                    string contraseniaEncriptada = cryptoService.Compute(contrasenna, usuario.salt);

                    //si la contrasena encriptada es igual a la contrasenna guardada en el sistema
                    if (cryptoService.Compare(usuario.contrasenna, contraseniaEncriptada))
                    {
                        //se guarda en la bitacora un inicio exitoso con los datos de usuario utilizados para ingresar
                        logger.Info("Inicio de sesion exitoso: " + cedulaAsociado + ", " + contraseniaEncriptada);
                        //Crea una cookie permanente con el nombre de usuario
                        string correoAsociado = usuario.cedulaAsociado + " " + usuario.correoElectronico;
                        FormsAuthentication.RedirectFromLoginPage(correoAsociado, false);

                        // Se hace la sesion con el id del rol del usuarios
                        Session["UserRole"] = usuario.idRol.ToString();
                    }
                    else
                    {
                        //se guarda en la bitacora un inicio fallido con los datos de usuario utilizados para ingresar
                        logger.Info("Inicio de sesion fallido, usuario ingresado: " + cedulaAsociado + ", contrasenna ingresada:" + contraseniaEncriptada);
                        ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "AlertaLoginContrasenia", "window.onload = function(){ alert('La contraseña es incorrecta.'); };", true);
                    }
                }
                else
                {
                    //se guarda en la bitacora un fallido exitoso con los datos de usuario utilizados para ingresar
                    logger.Info("Inicio de sesion fallido, usuario ingresado: " + cedulaAsociado);
                    ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "AlertaLoginUsuario", "window.onload = function(){ alert('El usuario no existe.'); };", true);
                }
            }
        }
Exemplo n.º 9
0
        public static bool Validate(string savedPasswordHash, string savedPasswordSalt, string plainTextPassword)
        {
            if (string.IsNullOrEmpty(savedPasswordHash))
            {
                throw new ArgumentNullException("savedPasswordHash");
            }
            if (string.IsNullOrEmpty(savedPasswordHash))
            {
                throw new ArgumentNullException("savedPasswordSalt");
            }
            if (string.IsNullOrEmpty(savedPasswordHash))
            {
                throw new ArgumentNullException("plainTextPassword");
            }
            var cryptoService = new PBKDF2();
            var passwordHash  = cryptoService.Compute(plainTextPassword, savedPasswordSalt);

            return(cryptoService.Compare(passwordHash, savedPasswordHash));
        }
Exemplo n.º 10
0
        /// <summary>
        /// Check if the password is valid
        /// </summary>
        /// <param name="username">Username</param>
        /// <param name="password">Password</param>
        /// <returns>If password matches</returns>
        public bool IsPasswordValid(string username, string password)
        {
            var user = _userFactory.CreateNewUser(username, password);

            Validate(user);

            var foundUser = _userRepository.GetBy(x => x.UserName == user.UserName);

            if (foundUser == null)
            {
                return(false);
            }

            var    cryptoService  = new PBKDF2();
            string hashedPassword = cryptoService.Compute(password, foundUser.Salt);

            bool isPasswordValid = cryptoService.Compare(foundUser.Password, hashedPassword);

            return(isPasswordValid);
        }
Exemplo n.º 11
0
        private void Btn_login_Click(object sender, EventArgs e)
        {
            if (!string.IsNullOrEmpty(txtBoxPassword.Text))
            {
                string loginUser = txtBoxUser.Text;
                string passUser  = txtBoxPassword.Text;

                var user = GetUserByEmail(loginUser);

                if (loginUser == "admin")
                {
                    if (passUser == "admin")
                    {
                        AdminPanelForm adp = new AdminPanelForm();
                        adp.ShowDialog();
                    }
                }
                else if (user != null || loginUser == "noconnection")
                {
                    if (loginUser == "noconnection")
                    {
                        ChangeAccSettingForm casf = new ChangeAccSettingForm();

                        if (casf.ShowDialog() == DialogResult.OK)
                        {
                        }
                    }
                    else if (user.Deleted == false)
                    {
                        ICryptoService cryptoService   = new PBKDF2();
                        string         salt            = user.PasswordHash;
                        string         hashPassword2   = cryptoService.Compute(passUser, salt);
                        bool           isPasswordValid = cryptoService.Compare(user.Password, hashPassword2);

                        if (isPasswordValid)
                        {
                            MessageBox.Show("You login success", "Success!", MessageBoxButtons.OK, MessageBoxIcon.Information);

                            ChangeAccSettingForm casf = new ChangeAccSettingForm();
                            casf.FillForm(user);
                            casf.FillLoginUser(user);

                            if (casf.ShowDialog() == DialogResult.OK)
                            {
                                if (casf.IsDel)
                                {
                                    user.Deleted = true;
                                }

                                if (casf.FirstName != null && casf.FirstName != user.FirstName)
                                {
                                    user.FirstName = casf.FirstName;
                                }

                                if (casf.FileSelect != null && casf.FileSelect.ToString() != user.UserImage.ToString())
                                {
                                    //string extension = Path.GetExtension(casf.FileSelect);
                                    //string nameFile = Path.GetRandomFileName() + extension;
                                    //var path = Path.Combine(Directory.GetCurrentDirectory(),
                                    //    "user_images", Path.GetFileName(casf.FileSelect));

                                    //var bmp = ImageHelper.ComprressImage(Image.FromFile(casf.FileSelect), 120, 80);

                                    //try
                                    //{
                                    //  bmp.Save(path, ImageFormat.Jpeg);
                                    //}
                                    //catch (Exception ex)
                                    //{
                                    //  MessageBox.Show(ex.Message);
                                    //}

                                    user.UserImage = casf.ImageToByteArray(Image.FromFile(casf.FileSelect));
                                }

                                if (casf.LastName != null && casf.LastName != user.LastName)
                                {
                                    user.LastName = casf.LastName;
                                }

                                if (casf.MobilePhone != null && casf.MobilePhone != user.MobilePhoneNumber)
                                {
                                    user.MobilePhoneNumber = casf.MobilePhone;
                                }

                                if (casf.Password != "")
                                {
                                    ICryptoService new_cryptoService = new PBKDF2();

                                    //New User
                                    string new_password = casf.Password;

                                    //save this salt to the database
                                    string new_salt = cryptoService.GenerateSalt();

                                    //save this hash to the database
                                    string new_hashedPassword = cryptoService.Compute(new_password);

                                    user.Password     = new_hashedPassword;
                                    user.PasswordHash = new_salt;
                                }

                                context.SaveChanges();
                            }
                        }
                        else
                        {
                            MessageBox.Show("Inccorect login or password!", "Please try again!", MessageBoxButtons.OK, MessageBoxIcon.Error);
                        }
                    }
                    else
                    {
                        MessageBox.Show("This account not exist or be deleted!");
                    }
                }
                else
                {
                    MessageBox.Show("Inccorect login or password!", "Please try again!", MessageBoxButtons.OK, MessageBoxIcon.Error);
                }
            }


            this.Close();
        }
Exemplo n.º 12
0
        protected void btnIngresar_Click(object sender, EventArgs e)
        {
            try
            {
                string usuario     = txtUsuario.Text.Trim();
                string contrasenna = txtContrasena.Text.Trim();

                if (usuario != "" && contrasenna != "")
                {
                    var            persona              = db.Persona.Where(x => x.usuario == usuario).FirstOrDefault();
                    ICryptoService cryptoService        = new PBKDF2();
                    string         contrasenaEncriptada = cryptoService.Compute(contrasenna, persona.salt);


                    if (persona != null)
                    {
                        if (cryptoService.Compare(persona.contrasenna, contrasenaEncriptada))
                        {
                            string nombreCompleto = persona.nombrePersona + " " + persona.apellidoPersona;

                            Session["Persona"] = persona.idPersona;
                            FormsAuthentication.RedirectFromLoginPage(nombreCompleto, true);
                            Session["anything"] = txtUsuario.Text;
                            Response.Redirect("inicio1.aspx");
                        }
                        else
                        {
                            ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaPassFail", "window.onload = function(){alert('contraseña es incorrecta');};", true);
                        }
                    }

                    var            persona2              = db.Persona.Where(x => x.usuario == usuario).FirstOrDefault();
                    ICryptoService cryptoService2        = new PBKDF2();
                    string         contrasenaEncriptada2 = cryptoService2.Compute(contrasenna, persona.salt);


                    if (persona != null)
                    {
                        if (cryptoService.Compare(persona.contrasenna, contrasenaEncriptada))
                        {
                            string nombreCompleto = persona.nombrePersona + " " + persona.apellidoPersona;

                            Session["Persona"] = persona2.idPersona;
                            FormsAuthentication.RedirectFromLoginPage(nombreCompleto, true);
                            Session["anything"] = txtUsuario.Text;
                            Response.Redirect("inicio1.aspx");
                        }
                        else
                        {
                            ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaPassFail", "window.onload = function(){alert('contraseña es incorrecta');};", true);
                        }
                    }



                    else
                    {
                        ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('usuario no existe');};", true);
                    }
                }
                else
                {
                    ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginFail", "window.onload = function(){alert('usuario o contraseña deben estar llenos');};", true);
                }
            }
            catch {
                ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('usuario no existe');};", true);
            }
        }
Exemplo n.º 13
0
        public LoginResponse LoginStudent(string login, string haslo)
        {
            ICryptoService cryptoService = new PBKDF2();

            var st   = new Models.Student();
            var resp = new LoginResponse();

            using (SqlConnection con = new SqlConnection(DataSQLCon))
                using (SqlCommand com = new SqlCommand())
                {
                    com.Connection  = con;
                    com.CommandText = "select IndexNumber,Password,salt from Student WHERE IndexNumber=@Index";
                    com.Parameters.AddWithValue("Index", login);

                    con.Open();
                    SqlDataReader sqlRead = com.ExecuteReader();
                    if (sqlRead.Read())
                    {
                        st.IndexNumber = sqlRead["IndexNumber"].ToString();
                        string BaseSalt        = sqlRead["salt"].ToString();
                        string password        = sqlRead["Password"].ToString();
                        string hasloLocal      = cryptoService.Compute(haslo, BaseSalt);
                        bool   isPasswordValid = cryptoService.Compare(password, hasloLocal);
                        if (!isPasswordValid)
                        {
                            return(null);
                        }
                    }
                    else
                    {
                        return(null);
                    }
                    con.Close();

                    var claims = new[]
                    {
                        new Claim(ClaimTypes.NameIdentifier, "1"),
                        new Claim(ClaimTypes.Name, st.IndexNumber),
                        new Claim(ClaimTypes.Role, "student")
                    };

                    var key   = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
                    var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

                    var token = new JwtSecurityToken
                                (
                        issuer: "Gakko",
                        audience: "Students",
                        claims: claims,
                        expires: DateTime.Now.AddMinutes(10),
                        signingCredentials: creds
                                );

                    resp.accessToken  = new JwtSecurityTokenHandler().WriteToken(token);
                    resp.refreshToken = Guid.NewGuid();

                    con.Open();
                    com.CommandText = "UPDATE Student SET refreshToken=@Refresh WHERE IndexNumber=@Index";
                    com.Parameters.AddWithValue("Refresh", resp.refreshToken);

                    com.ExecuteNonQuery();
                    con.Close();
                }

            return(resp);
        }
        protected void btnCambiarContrasena_Click(object sender, EventArgs e)
        {
            int    idPersona          = int.Parse(Session["Persona"].ToString());
            string contrasenaAnterior = txtContrasenaAnterior.Text.Trim();
            string contrasenaNueva    = txtNuevaContrasena.Text.Trim();


            var persona = db.Persona.Where(x => x.idPersona == idPersona).FirstOrDefault();



            try
            {
                if (persona != null)
                {
                    ICryptoService cryptoService = new PBKDF2();

                    string contrasenaEncriptada = cryptoService.Compute(contrasenaAnterior, persona.salt);

                    if (cryptoService.Compare(persona.contrasenna, contrasenaEncriptada))
                    {
                        string salt = cryptoService.GenerateSalt();
                        string contrasenaNuevaEncriptada = cryptoService.Compute(contrasenaNueva);

                        persona.salt        = salt;
                        persona.contrasenna = contrasenaNuevaEncriptada;

                        try
                        {
                            db.SubmitChanges();
                            ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaErrorCambio", "window.onload = function(){alert('La contraseña se cambio exitosamente');};", true);
                        }
                        catch (Exception ex)
                        {
                            ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaErrorCambio", "window.onload = function(){alert('La contraseña no se cambio');};", true);
                        }
                    }
                    else
                    {
                        ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('La contraseña anterior no coincide');};", true);
                    }
                }
                else
                {
                    ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('El usuario no existe');};", true);
                }
            }
            catch {
                ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('Los campos no se llenaron correctamente');};", true);
            }



            //if (persona != null)
            //{
            //    ICryptoService cryptoService = new PBKDF2();

            //    string contrasenaEncriptada = cryptoService.Compute(contrasenaAnterior, persona.salt);

            //    if (cryptoService.Compare(persona.contrasenna, contrasenaEncriptada))
            //    {
            //        string salt = cryptoService.GenerateSalt();
            //        string contrasenaNuevaEncriptada = cryptoService.Compute(contrasenaNueva);

            //        persona.salt = salt;
            //        persona.contrasenna = contrasenaNuevaEncriptada;

            //        try
            //        {
            //            db.SubmitChanges();
            //        }
            //        catch(Exception ex) {
            //            ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaErrorCambio", "window.onload = function(){alert('La contraseña no se cambio');};", true);

            //        }
            //    }
            //    else
            //    {
            //        ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('La contraseña anterior no coincide');};", true);

            //    }

            //}
            //else {
            //    ScriptManager.RegisterClientScriptBlock(this.Page, this.GetType(), "alertaLoginUsuario", "window.onload = function(){alert('El usuario no existe');};", true);

            //}
        }
Exemplo n.º 15
0
        public LoginResponse Login(string login, string haslo)
        {
            LoginResponse response = new LoginResponse();
            Student       student  = new Student();

            ICryptoService crypto = new PBKDF2();

            using (SqlConnection con = new SqlConnection(ConString))
                using (SqlCommand com = new SqlCommand())
                {
                    com.Connection = con;

                    com.CommandText = "SELECT IndexNumber, Passwd, Salt FROM STUDENT WHERE IndexNumber=@index";
                    com.Parameters.AddWithValue("index", login);

                    string passwd, dbPasswd, dbSalt;

                    con.Open();
                    SqlDataReader loginRead = com.ExecuteReader();
                    if (loginRead.Read())
                    {
                        student.IndexNumber = loginRead["IndexNumber"].ToString();
                        passwd   = loginRead["Passwd"].ToString();
                        dbSalt   = loginRead["Salt"].ToString();
                        dbPasswd = crypto.Compute(haslo, dbSalt);
                        if (!crypto.Compare(passwd, dbPasswd))
                        {
                            return(null);
                        }
                    }
                    else
                    {
                        return(null);
                    }

                    con.Close();

                    var claims = new[] {
                        new Claim(ClaimTypes.NameIdentifier, "1"),
                        new Claim(ClaimTypes.Name, student.IndexNumber),
                        new Claim(ClaimTypes.Role, "student"),
                    };

                    var key   = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
                    var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

                    var token = new JwtSecurityToken
                                (
                        issuer: "Gakko",
                        audience: "Students",
                        claims: claims,
                        expires: DateTime.Now.AddMinutes(10),
                        signingCredentials: creds
                                );

                    response.accessToken  = new JwtSecurityTokenHandler().WriteToken(token);
                    response.refreshToken = Guid.NewGuid();

                    con.Open();

                    com.CommandText = "UPDATE Student SET refToken=@refToken WHERE IndexNumber=@login";
                    com.Parameters.AddWithValue("login", login);
                    com.Parameters.AddWithValue("refToken", response.refreshToken);
                    com.ExecuteNonQuery();

                    con.Close();
                }

            return(response);
        }