public ActionResult Login(string username, string password)
{
//Alex's password from database ("123456")
var passwordFromDatabase = "1000:x4EDMqYUMVwARzOGy/KyINiGXJzmAnsj:6tE2G9/X4ZozQP699EKLzhWuf8NiOsEM";
if (PasswordHashHelper.ValidatePassword(password, passwordFromDatabase))
{
FormsAuthentication.SetAuthCookie(username, true);
}
//var ticket = new FormsAuthenticationTicket(
// 2,
// username,
// DateTime.Now,
// DateTime.Now.AddMinutes(1),
// false, // Value of IsPersistent property
// String.Empty,
// FormsAuthentication.FormsCookiePath
//);
//string encryptedTicket = FormsAuthentication.Encrypt(ticket);
//var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
//authCookie.Expires = DateTime.Now.AddMinutes(1);
//Response.Cookies.Add(authCookie);
return(Redirect(FormsAuthentication.GetRedirectUrl(username, false)));
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
using (var db = new EmployeeContext())
{
var user = db.Users.FirstOrDefault(x => x.Email.Equals(context.UserName));
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
if (!PasswordHashHelper.ValidatePassword(context.Password, user.PasswordHash))
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
var roles = db.UserRoles.Where(x => x.UserId.Equals(user.Id)).Select(x => x.RoleName).ToList();
identity.AddClaim(new Claim(ClaimTypes.Email, context.UserName));
identity.AddClaim(roles.Contains(Role.Admin)
? new Claim(ClaimTypes.Role, Role.Admin)
: new Claim(ClaimTypes.Role, Role.User));
context.Validated(identity);
}
}
public Result Login(LoginInfo loginInfo)
{
// Check for null/empty
if (loginInfo == null || string.IsNullOrWhiteSpace(loginInfo.Email) ||
string.IsNullOrWhiteSpace(loginInfo.Password))
{
throw new ValidationException(MsgLoginInfoNotEntered);
}
// Get matching pwd and hash from db
User userInfo =
(from user in dataAccessor.Users.Include(u => u.Roles)
where user.Email == loginInfo.Email
select user).FirstOrDefault();
// Check match
if (userInfo == null || !PasswordHashHelper.ValidatePassword(loginInfo.Password, userInfo.PasswordHash))
{
throw new ValidationException(MsgInvalidUsernameOrPwd);
}
// Login succeeded, set forms cookie
string token = SetAndReturnFormsAuthenticationCookie(userInfo.Email);
// Set up cached user context
UserContext userContext = new UserContext(token, userInfo);
CacheItemPolicy cacheItemPolicy = new CacheItemPolicy {
SlidingExpiration = TimeSpan.FromHours(1)
};
cache.Set(token, cacheItemPolicy, userContext);
return(new Result());
}
public bool ValidateLogin(string email, string password)
{
var user = userRepository.GetOne(x => x.Email.Equals(email));
if (user == null)
{
return(false);
}
if (PasswordHashHelper.ValidatePassword(password, user.PasswordHash))
{
return(true);
}
return(false);
}
