public AuthenticationResult Authenticate(string username, string password)
{
IsAuthenticated = false;
Username = username;
UserAccountID = DarkFunctionManager.GetUserAccountID(username);
if (UserAccountID == -1)
{
return(0);
}
Dictionary <string, byte[]> passInfo = DarkFunctionManager.GetPasswordInfo(UserAccountID);
byte[] userPassHash = DarkSecurity.CreateHashWithSalt(password, passInfo["Salt"], DarkSecurity.HashLength);
bool result = DarkSecurity.CompareHashToHash(passInfo["Hash"], userPassHash);
if (result)
{
if (Begin())
{
IsAuthenticated = true;
return(AuthenticationResult.Success);
}
else
{
Logoff();
return(AuthenticationResult.InvalidSession);
}
}
return(AuthenticationResult.InvalidLogin);
}
public static int CreateUserAccount(string username, bool enabled, string password,
string accountType, string answer, string questionType)
{
using (SqlConnection conn = DarkSQLManager.Connection)
{
using (SqlCommand cmd = new SqlCommand("dbo.CreateUserAccount", conn))
{
cmd.CommandType = CommandType.StoredProcedure;
DateTime dateCreated = DateTime.Today;
byte[] passSalt = DarkSecurity.CreateRandomSalt(DarkSecurity.SaltLength);
byte[] passHash = DarkSecurity.CreateHashWithSalt(password, passSalt, DarkSecurity.HashLength);
byte[] ansSalt = DarkSecurity.CreateRandomSalt(DarkSecurity.SaltLength);
byte[] ansHash = DarkSecurity.CreateHashWithSalt(answer, ansSalt, DarkSecurity.HashLength);
cmd.Parameters.AddWithValue("@USERNAME", username);
cmd.Parameters.AddWithValue("@ENABLED", enabled);
cmd.Parameters.AddWithValue("@DATECREATED", dateCreated);
cmd.Parameters.AddWithValue("@PASSHASH", passHash);
cmd.Parameters.AddWithValue("@PASSSALT", passSalt);
cmd.Parameters.AddWithValue("@ACCTYPE", accountType);
cmd.Parameters.AddWithValue("@ANSHASH", ansHash);
cmd.Parameters.AddWithValue("@ANSSALT", ansSalt);
cmd.Parameters.AddWithValue("@QUESTYPE", questionType);
cmd.Parameters.Add("@RVAL", SqlDbType.Int).Direction = ParameterDirection.Output;
int rowsEffected = cmd.ExecuteNonQuery();
return((int)cmd.Parameters["@RVAL"].Value);
}
}
}
