public HttpResponseMessage Login(LoginModel loginModel) { try { var user = DBContext.Employee.FirstOrDefault(x => x.UserName == loginModel.Username); if (user != null) { var hash = new HashModel() { Password = loginModel.Password, Salt = user.Salt }; var hashedPassword = PasswordHashHelper.PasswordHasher(hash); if (hashedPassword == user.Pword) { return(new HttpResponseMessage(HttpStatusCode.OK)); } } } catch (Exception) { throw; } return(new HttpResponseMessage(HttpStatusCode.Forbidden)); }
public IHttpActionResult AddUser(EmployeeModel employee) { var findUser = DBContext.Employee.FirstOrDefault(x => x.UserName == employee.UserName); if (findUser != null) { } var newEmployee = new Employee(); newEmployee.Admin = employee.IsAdmin; newEmployee.UserName = employee.UserName; newEmployee.FirstName = employee.FirstName; newEmployee.LastName = employee.LastName; newEmployee.Salt = PasswordHashHelper.CreateSalt(employee.UserName); newEmployee.Pword = PasswordHashHelper.PasswordHasher(new HashModel() { Password = employee.Password, Salt = newEmployee.Salt }); try { DBContext.Employee.Add(newEmployee); DBContext.SaveChanges(); return(Ok()); } catch (Exception) { return(BadRequest()); throw; } }
/*// TODO: Here is where you would validate the username and password. * private static bool CheckPassword(string username, string password) * { * return username == "user" && password == "password"; * }*/ private static void AuthenticateUser(string credentials) { try { //var encoding = Encoding.GetEncoding("iso-8859-1"); var encoding = Encoding.UTF8; credentials = encoding.GetString(Convert.FromBase64String(credentials)); int separator = credentials.IndexOf(':'); string name = credentials.Substring(0, separator); string password = credentials.Substring(separator + 1); /*if (CheckPassword(name, password)) * { * var identity = new GenericIdentity(name); * SetPrincipal(new GenericPrincipal(identity, null)); * } * else * { * // Invalid username or password. * HttpContext.Current.Response.StatusCode = 401; * }*/ // name och password är variablerna du ska jobba med här var user = DBContext.Employee.FirstOrDefault(x => x.UserName == name); if (user != null && user.Pword == PasswordHashHelper.PasswordHasher(new HashModel() { Password = password, Salt = user.Salt })) { var identity = new GenericIdentity(name); if (user.Admin) { SetPrincipal(new GenericPrincipal(identity, new[] { "Admin" })); } else { SetPrincipal(new GenericPrincipal(identity, new[] { "Driver" })); } } else { // Invalid username or password. HttpContext.Current.Response.StatusCode = 401; } } catch (FormatException) { // Credentials were not formatted correctly. HttpContext.Current.Response.StatusCode = 401; } }