protected override void Initialize(HttpControllerContext controllerContext) { base.Initialize(controllerContext); TalkerContext context = new TalkerContext(); DomainManager = new EntityDomainManager <User>(context, Request, Services); }
public HttpResponseMessage Post(LoginRequest pLoginRequest) { TalkerContext talkerContext = new TalkerContext(); User user = talkerContext.Users.Where(a => a.mName == pLoginRequest.mUserName).SingleOrDefault(); if (user != null) { byte[] incomingPd = PasswordUtility.hash(pLoginRequest.mPassword, user.mSalt); if (PasswordUtility.slowEquals(incomingPd, user.mSaltedAndHashedPd)) { ClaimsIdentity claimsId = new ClaimsIdentity(); claimsId.AddClaim(new Claim(ClaimTypes.NameIdentifier, pLoginRequest.mUserName)); LoginResult loginResult = new CustomLoginProvider(handler).CreateLoginResult(claimsId, Services.Settings.MasterKey); return(this.Request.CreateResponse(HttpStatusCode.OK, loginResult)); } } return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid Username or Password")); }
//Shuran: Notice that a pop-out window will still appear in this case to input username and password, just click cancel. //POST api/LoginRequest public HttpResponseMessage Post(RegisterRequest pRegisterRequest) { //Check if the Username is valid if (!Regex.IsMatch(pRegisterRequest.mUserName, "^[a-zA-Z0-9]{4,}$")) { return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Username")); } //Check if the Password is valid else if (pRegisterRequest.mPassword.Length < 8) { return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Password")); } //Check if the user exists already TalkerContext context = new TalkerContext(); User user = context.Users.Where(a => a.mName == pRegisterRequest.mUserName).SingleOrDefault(); if (user != null) { return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "User already exists")); } //Register the user else { byte[] salt = PasswordUtility.generateSalt(); User newUser = new User { Id = Guid.NewGuid().ToString(), mName = pRegisterRequest.mUserName, mSalt = salt, mSaltedAndHashedPd = PasswordUtility.hash(pRegisterRequest.mPassword, salt), mUserType = pRegisterRequest.mUserType }; context.Users.Add(newUser); context.SaveChanges(); //Return the success code return(this.Request.CreateResponse(HttpStatusCode.Created)); } }