public async Task <ActionResult> LoginConfirm(LoginVM loginVM) { // if some the hacking actions with form or someione don't use JS if (!ModelState.IsValid) { ModelState.AddModelError(String.Empty, "Invalid token"); return(View(new LoginVM() { Login = loginVM.Login })); } User user = await dbContext.Users.Where(u => loginVM.Login == u.Login).FirstOrDefaultAsync(); if (user == null) { ModelState.AddModelError(String.Empty, "User not found"); return(View(new LoginVM() { Login = loginVM.Login })); } byte[] password = Encoding.Unicode.GetBytes(user.Salt + loginVM.Password); string hash = CryptoService.ComputeMD5Hash(password).ToHexString(); if (user.Password != hash) { ModelState.AddModelError(String.Empty, "Incorrect login or/and pass"); return(View(new LoginVM() { Login = loginVM.Login })); } IEnumerable <string> userRoles = user.Roles.Select(role => role.Name); Session["User"] = user; Session["Roles"] = userRoles; Session["isAdmin"] = userRoles.Contains("Admin"); Session["UserMenu"] = MenuProvider.BuildMenu(userRoles); return(Redirect(Url.Content("~/"))); }
public async Task <ActionResult> RegisterConfirm(RegisterVM registerModel) { // if some the hacking actions with form. Or someone disable JS? if (!ModelState.IsValid) { ModelState.AddModelError(String.Empty, "Invalid token"); return(View(registerModel)); } // check for already registred if (await dbContext.Users.Where(u => registerModel.Login == u.Login).CountAsync() > 0) { ModelState.AddModelError(String.Empty, "Login is already taken(and pass maybe too?)"); return(View(registerModel)); } string salt = CryptoService.GetRandomBytes(AppConstants.PASSOWORD_SALT_LENGTH).ToHexString(); byte[] password = Encoding.Unicode.GetBytes(salt + registerModel.Password); string hash = CryptoService.ComputeMD5Hash(password).ToHexString(); User newUser = new User() { Login = registerModel.Login, Password = hash, Salt = salt }; newUser.Roles.Add(await dbContext.UserRoles.Where(role => role.Name == "Authenticated").FirstAsync()); dbContext.Users.Add(newUser); await dbContext.SaveChangesAsync(); return(RedirectToAction("Login")); }
internal static async Task <byte[]> CreatePasswordAsync(string userId, byte[] salt, string password) { var passwd = PreparePassword(userId, salt, password); return(CryptoService.ComputeMD5Hash(await CryptoService.EncryptAsync(passwd))); }
protected override void Seed(MusicPortalDbContext context) { Genre ambientGenre = new Genre() { Name = "Ambient" }; Genre hiphopGenre = new Genre() { Name = "Hip-Hop" }; Genre instrumentalGenre = new Genre() { Name = "Instrumental" }; Genre soundtrackGenre = new Genre() { Name = "Soundtrack" }; Genre pianoGenre = new Genre() { Name = "Piano" }; context.Genres.AddRange(new List <Genre>() { ambientGenre, hiphopGenre, instrumentalGenre, soundtrackGenre, pianoGenre, new Genre() { Name = "Alternative" }, new Genre() { Name = "Blues" }, new Genre() { Name = "Background" }, new Genre() { Name = "Chanson" }, new Genre() { Name = "Classical" }, new Genre() { Name = "Club" }, new Genre() { Name = "Country" }, new Genre() { Name = "Dance" }, new Genre() { Name = "Disco" }, new Genre() { Name = "Drum & Bass" }, new Genre() { Name = "Electro" }, new Genre() { Name = "Folk" }, new Genre() { Name = "Funk" }, new Genre() { Name = "Hardcore" }, new Genre() { Name = "House" }, new Genre() { Name = "Industrial" }, new Genre() { Name = "Jazz" }, new Genre() { Name = "Metal" }, new Genre() { Name = "Minimal" }, new Genre() { Name = "Pop-Rock" }, new Genre() { Name = "Punk" }, new Genre() { Name = "Rap" }, new Genre() { Name = "Reggae" }, new Genre() { Name = "Retro" }, new Genre() { Name = "R&B" }, new Genre() { Name = "Rock" }, new Genre() { Name = "Soul" }, new Genre() { Name = "Techno" }, new Genre() { Name = "Trance" } }); UserRole authorized = new UserRole() { Name = "Admin" }; UserRole admin = new UserRole() { Name = "Authorized" }; context.UserRoles.AddRange(new List <UserRole>() { authorized, admin, new UserRole() { Name = "Authenticated" } }); var salt = CryptoService.GetRandomBytes(AppConstants.PASSOWORD_SALT_LENGTH).ToHexString(); context.Users.Add(new User() { Login = "******", Password = CryptoService.ComputeMD5Hash(Encoding.Unicode.GetBytes((salt + "admin"))).ToHexString(), Salt = salt, Roles = new List <UserRole>() { authorized, admin } }); context.Songs.Add(new Song() { Name = "Lo-fi chill cover OST", FileName = "ba814cc1-5de9-494c-b46e-c171e5fec6ab.mp3", Genres = new List <Genre>() { ambientGenre, hiphopGenre, soundtrackGenre } }); context.Songs.Add(new Song() { Name = "After Dark piano cover", FileName = "ceas4cc1-5de9-494c-b46e-c171e5feceas.mp3", Genres = new List <Genre>() { instrumentalGenre, pianoGenre } }); context.SaveChanges(); base.Seed(context); }
internal static byte[] CreatePassword(string userId, byte[] salt, string password) { var passwd = PreparePassword(userId, salt, password); return(CryptoService.ComputeMD5Hash(CryptoService.Encrypt(passwd))); }