private void Guardar_Click() { try { string areasDeAcceso = string.Empty; foreach (string s in _AreasDeAcceso) { areasDeAcceso += s; } switch (_Operation) { case 1: { //Anadir IntPtr passwordBSTR = default(IntPtr); string insecurePassword = ""; passwordBSTR = Marshal.SecureStringToBSTR(Password); insecurePassword = Marshal.PtrToStringBSTR(passwordBSTR); IntPtr passwordVerificationBSTR = default(IntPtr); string insecurePasswordVerification = string.Empty; passwordVerificationBSTR = Marshal.SecureStringToBSTR(PasswordVerification); insecurePasswordVerification = Marshal.PtrToStringBSTR(passwordVerificationBSTR); if (!insecurePassword.Equals(insecurePasswordVerification)) { throw new Exception("Error con el Password"); } //Policy if (!userMeetsPolicy(CbUser_Text, UserPolicy)) { return; } if (!PasswordMeetsPolicy(insecurePassword, PwdPolicy)) { return; } //Hash password _salt = PWDTK.GetRandomSalt(saltSize); string salt = PWDTK.GetSaltHexString(_salt); _hash = PWDTK.PasswordToHash(_salt, insecurePassword, iterations); var hashedPassword = PWDTK.HashBytesToHexString(_hash); List <tblUser> u = new List <tblUser> { new tblUser { UserId = System.Guid.NewGuid(), UserName = CbUser_Text, PasswordHash = hashedPassword, SecurityStamp = salt, Email = CbUser_Text + "@jolpr.com", AreasDeAcceso = areasDeAcceso } }; using (SqlExcuteCommand exe = new SqlExcuteCommand() { DBCnnStr = DBEndososCnnStr }) { exe.MyInsertUsers(u[0].UserId, u[0].UserName, u[0].PasswordHash, u[0].SecurityStamp, u[0].Email, u[0].AreasDeAcceso); } MyRefresh(); // u.ForEach(m => _db.tblUsers.Add(m)); // _db.SaveChanges(); } break; case 2: //Editar Areas De Acceso { using (SqlExcuteCommand exe = new SqlExcuteCommand() { DBCnnStr = DBEndososCnnStr }) { exe.MyUpdateUser(_Id, areasDeAcceso); } MyRefresh(); // tblUser tbluser = _db.tblUsers.Find(_Id); // _db.Entry(tbluser).State = System.Data.Entity.EntityState.Modified; // // tbluser.AreasDeAcceso = areasDeAcceso; // // _db.SaveChanges(); } break; case 3: //Delete { string msg = "You are about to delete 1 user\r"; msg += "Click yes to permanently delete this user( " + CbUser_Text + " ).\r"; msg += "You won't be able to undo those changes."; var response = MessageBox.Show("!!!" + msg, "Delete...", MessageBoxButton.YesNo, MessageBoxImage.Exclamation); if (response == MessageBoxResult.Yes) { using (SqlExcuteCommand exe = new SqlExcuteCommand() { DBCnnStr = DBEndososCnnStr }) { exe.MyDeleteUsers(_Id); } MyRefresh(); //Users tbluser = _db.tblUsers.Find(_Id); // // //_db.tblUsers.Remove(tbluser); //_db.SaveChanges(); } } break; case 4: //Edit Pass { // tblUser tbluser = _db.tblUsers.Find(_Id); // _db.Entry(tbluser).State = System.Data.Entity.EntityState.Modified; // IntPtr passwordBSTR = default(IntPtr); string insecurePassword = ""; passwordBSTR = Marshal.SecureStringToBSTR(Password); insecurePassword = Marshal.PtrToStringBSTR(passwordBSTR); IntPtr passwordVerificationBSTR = default(IntPtr); string insecurePasswordVerification = string.Empty; passwordVerificationBSTR = Marshal.SecureStringToBSTR(PasswordVerification); insecurePasswordVerification = Marshal.PtrToStringBSTR(passwordVerificationBSTR); if (!insecurePassword.Equals(insecurePasswordVerification)) { throw new Exception("Error con el Password"); } //Policy if (!userMeetsPolicy(CbUser_Text, UserPolicy)) { return; } if (!PasswordMeetsPolicy(insecurePassword, PwdPolicy)) { return; } //Hash password _salt = PWDTK.GetRandomSalt(saltSize); string salt = PWDTK.GetSaltHexString(_salt); _hash = PWDTK.PasswordToHash(_salt, insecurePassword, iterations); var hashedPassword = PWDTK.HashBytesToHexString(_hash); using (SqlExcuteCommand exe = new SqlExcuteCommand() { DBCnnStr = DBEndososCnnStr }) { exe.MyUpdateUser(_Id, hashedPassword, salt); } MyRefresh(); // tbluser.SecurityStamp = salt; // tbluser.PasswordHash = hashedPassword; // // _db.SaveChanges(); } break; } Cancelar_Click(); } catch (Exception ex) { MethodBase site = ex.TargetSite; MessageBox.Show(ex.ToString(), site.Name, MessageBoxButton.OK, MessageBoxImage.Error); } }