public IHttpActionResult Login(LoginVM model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } string OldHASHValue = string.Empty; byte[] SALT = new byte[saltLengthLimit]; string userID = string.Empty; try { using (db = new SSODBEntities()) { //Retrive Stored HASH Value From Database According To Username (one unique field) var userInfo = db.Users.Where(s => s.Username == model.Username.Trim()).FirstOrDefault(); //Assign HASH Value if (userInfo != null) { OldHASHValue = userInfo.HASH; SALT = userInfo.SALT; } bool isLogin = CompareHashValue(model.Password, model.Username, OldHASHValue, SALT); if (isLogin) { SetCookie(userInfo.UserID.ToString()); userInfo.SessionTimeout = DateTime.Now.AddDays(1); db.SaveChanges(); } else { //Login Fail ModelState.AddModelError("ErrorMessage", "Access Denied! Wrong Credential"); return(BadRequest(ModelState)); } } } catch (Exception ex) { ModelState.AddModelError("ErrorMessage", ex.Message); return(BadRequest(ModelState)); } return(Ok(userID)); }
public IHttpActionResult Create(LoginVM model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } try { var userInfo = db.Users.Where(s => s.Username == model.Username.Trim()).FirstOrDefault(); if (userInfo == null) { using (db = new SSODBEntities()) { byte[] usrSalt = Get_SALT(); User usr = new User(); usr.Username = model.Username; usr.SALT = usrSalt; usr.HASH = Get_HASH_SHA512(model.Password, model.Username, usrSalt); usr.SessionTimeout = DateTime.Now; db.Users.Add(usr); db.SaveChanges(); } } else { ModelState.AddModelError("ErrorMessage", "User already exists."); return(BadRequest(ModelState)); } return(Ok(model)); } catch (Exception ex) { ModelState.AddModelError("ErrorMessage", ex.Message); return(BadRequest(ModelState)); } }
public ActionResult Login(LoginVM entity) { string OldHASHValue = string.Empty; byte[] SALT = new byte[saltLengthLimit]; try { using (db = new SSODBEntities()) { // Ensure we have a valid viewModel to work with if (!ModelState.IsValid) { return(View(entity)); } //Retrive Stored HASH Value From Database According To Username (one unique field) var userInfo = db.Users.Where(s => s.Username == entity.Username.Trim()).FirstOrDefault(); //Assign HASH Value if (userInfo != null) { OldHASHValue = userInfo.HASH; SALT = userInfo.SALT; } bool isLogin = CompareHashValue(entity.Password, entity.Username, OldHASHValue, SALT); if (isLogin) { //Login Success //For Set Authentication in Cookie (Remeber ME Option) SignInRemember(entity.Username, entity.isRemember); //Set A Unique ID in session //Session["SSOUserID"] = userInfo.UserID; SetCookie(userInfo.UserID.ToString()); userInfo.SessionTimeout = DateTime.Now.AddDays(1); db.SaveChanges(); // If we got this far, something failed, redisplay form // return RedirectToAction("Index", "Dashboard"); return(RedirectToLocal(entity.ReturnURL)); } else { //Login Fail TempData["ErrorMSG"] = "Access Denied! Wrong Credential"; return(View(entity)); } } } catch { throw; } }