public Administrators NewAdmin([FromBody] Administrators admin)
{
Administrators newAdmin = admin;
Administrators returnAdmin = null;
PasswordHasher.PasswordHasher hasher = new PasswordHasher.PasswordHasher();
newAdmin.PasswordSalt = hasher.RandomSalt;
newAdmin.Password = hasher.GenerateSaltedHash(admin.Password);
newAdmin.RegisteredDate = DateTime.Now;
using (SqlConnection conn = new SqlConnection(_dbOptions.Value.ConnectionString))
{
try
{
conn.Open();
var sql = "INSERT INTO Administrators (LoginName, Email, Password, PasswordSalt, RegisteredDate)" +
"VALUES(@LoginName, @Email, @Password, @PasswordSalt, @RegisteredDate);";
conn.Execute(sql, newAdmin);
}
catch (SqlException exc)
{
Console.WriteLine(exc.Message);
}
var getSql = "SELECT * FROM Administrators WHERE LoginName = @loginName;";
returnAdmin = conn.Query <Administrators>(getSql, new { newAdmin.LoginName }).FirstOrDefault();
}
return(returnAdmin);
}
public Administrators Login([FromBody] Administrators admin)
{
Administrators returnAdmin = null;
PasswordHasher.PasswordHasher hasher = new PasswordHasher.PasswordHasher();
using (SqlConnection conn = new SqlConnection(_dbOptions.Value.ConnectionString))
{
try
{
conn.Open();
var sql = "SELECT Password, PasswordSalt FROM Administrators WHERE LoginName = @loginName;";
var result = conn.Query(sql, new { admin.LoginName }).FirstOrDefault();
if (hasher.VerifyPassword(admin.Password, result.PasswordSalt, result.Password))
{
var getSql = "SELECT * FROM Administrators WHERE LoginName = @LoginName;";;
returnAdmin = conn.Query <Administrators>(getSql, new { admin.LoginName }).FirstOrDefault();
}
}
catch (SqlException exc)
{
Console.WriteLine(exc.Message);
}
}
return(returnAdmin);
}
