public ActionResult Create(UserProfile userProfile)
{
byte[] salt = PasswordEncryption.GenerateSalt();
var password = Encoding.UTF8.GetBytes(userProfile.Password);
var hashedPassword = PasswordEncryption.HashPasswordWithSalt(password, salt);
userProfile.Password = Convert.ToBase64String(hashedPassword);
if (userProfile.Image != null)
{
string fileName = Path.GetFileNameWithoutExtension(userProfile.ImageFile.FileName);
string extension = Path.GetExtension(userProfile.ImageFile.FileName);
string imageFolderPath = "~/Images/";
fileName = fileName + DateTime.Now.ToString("yymmssfff") + extension;
userProfile.Image = imageFolderPath + fileName;
fileName = Path.Combine(Server.MapPath(imageFolderPath), fileName);
userProfile.ImageFile.SaveAs(fileName);
}
if (ModelState.IsValid)
{
db.UserProfile.Add(userProfile);
db.SaveChanges();
ModelState.Clear();
return(RedirectToAction("Index"));
}
return(View(userProfile));
}
public void IsStringEqualToHash_SamePasswordAndSalt_ReturnsTrue()
{
byte[] salt = PasswordEncryption.GenerateSalt();
byte[] hash = PasswordEncryption.GenerateHash("pa55word", salt);
var isEqual = PasswordEncryption.IsStringEqualToHash("pa55word", hash, salt);
Assert.True(isEqual);
}
public void IsStringEqualToHash_DifferentPasswordSameSalt_ReturnsFalse()
{
byte[] salt = PasswordEncryption.GenerateSalt();
byte[] hash = PasswordEncryption.GenerateHash("pa55word", salt);
var isNotEqual = PasswordEncryption.IsStringEqualToHash("an0therpa55word", hash, salt);
Assert.False(isNotEqual);
}
public void IsStringEqualToHash_SamePasswordDifferentSalt_ReturnsTrue()
{
byte[] salt1 = PasswordEncryption.GenerateSalt();
byte[] hash = PasswordEncryption.GenerateHash("pa55word", salt1);
byte[] salt2 = PasswordEncryption.GenerateSalt();
var isNotEqual = PasswordEncryption.IsStringEqualToHash("pa55word", hash, salt2);
Assert.False(isNotEqual);
}
private void SeedUsers()
{
var salt = PasswordEncryption.GenerateSalt();
var hash = PasswordEncryption.GenerateHash("test", salt);
_context.Users.Add(new User()
{
Id = 2, Username = "******", Password = hash, Salt = salt
});
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
var config = Configuration.GetConfiguration();
var adminUsername = config["ADMIN_USERNAME"];
var adminPassword = config["ADMIN_PASSWORD"];
var salt = PasswordEncryption.GenerateSalt();
var hash = PasswordEncryption.GenerateHash(adminPassword, salt);
modelBuilder.Entity <User>().HasData(
new User()
{
Id = 1, Username = adminUsername, Password = hash, Salt = salt
}
);
}
public ActionResult Edit(UserProfile userProfile)
{
byte[] salt = PasswordEncryption.GenerateSalt();
var password = Encoding.UTF8.GetBytes(userProfile.Password);
var hashedPassword = PasswordEncryption.HashPasswordWithSalt(password, salt);
userProfile.Password = Convert.ToBase64String(hashedPassword);
if (ModelState.IsValid)
{
db.Entry(userProfile).State = EntityState.Modified;
db.SaveChanges();
return(RedirectToAction("Index"));
}
return(View(userProfile));
}