public HttpResponseMessage Authenticate()
 {
     var credentials = Request.Content.ReadAsStringAsync().Result;
     var postData = JObject.Parse(credentials);
     var username = postData["Username"].ToString().Trim();
     var password = postData["Password"].ToString().Trim();
     var match = DynamoDBConnection.Instance.GetUser(username);
     if (match == null) {
         return Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Unrecognized username or password");
     }
     var data = JObject.Parse(match["UserInfo"]);
     var hashedPassword = data["Password"].ToString();
     bool authenticated;
     if (hashedPassword != "test") {
         byte[] charArray = hashedPassword.Select(i => (byte)i).ToArray();
         var passwordHash = new PasswordHash(charArray);
         authenticated = passwordHash.Verify(password);
     } else {
         authenticated = true;
     }
     if (authenticated) {
         var toReturn = new HttpResponseMessage(HttpStatusCode.OK);
         FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(username, true, 525600);
         var sessionKey = FormsAuthentication.Encrypt(ticket);
         toReturn.Headers.Add("Set-Cookie", string.Format("session_id={0}; Path=/", sessionKey));
         toReturn.Headers.Add("Set-Cookie", string.Format("user_id={0}; Path=/", username));
         toReturn.Content = new StringContent(sessionKey.ToString());
         return toReturn;
     } else {
         return Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Unrecognized username or password");
     }
 }
Exemplo n.º 2
0
 internal static UserModel Create(string username, string password)
 {
     var pass = new PasswordHash(password);
     var arr = pass.ToArray();
     return new UserModel() {
         UserId = username,
         Password = string.Concat(arr.Select(i => (char)i)),
         Role = "user",
         Created = DateTime.Now.Ticks
     };
 }