public HttpResponseMessage Authenticate() { var credentials = Request.Content.ReadAsStringAsync().Result; var postData = JObject.Parse(credentials); var username = postData["Username"].ToString().Trim(); var password = postData["Password"].ToString().Trim(); var match = DynamoDBConnection.Instance.GetUser(username); if (match == null) { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Unrecognized username or password"); } var data = JObject.Parse(match["UserInfo"]); var hashedPassword = data["Password"].ToString(); bool authenticated; if (hashedPassword != "test") { byte[] charArray = hashedPassword.Select(i => (byte)i).ToArray(); var passwordHash = new PasswordHash(charArray); authenticated = passwordHash.Verify(password); } else { authenticated = true; } if (authenticated) { var toReturn = new HttpResponseMessage(HttpStatusCode.OK); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(username, true, 525600); var sessionKey = FormsAuthentication.Encrypt(ticket); toReturn.Headers.Add("Set-Cookie", string.Format("session_id={0}; Path=/", sessionKey)); toReturn.Headers.Add("Set-Cookie", string.Format("user_id={0}; Path=/", username)); toReturn.Content = new StringContent(sessionKey.ToString()); return toReturn; } else { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Unrecognized username or password"); } }
internal static UserModel Create(string username, string password) { var pass = new PasswordHash(password); var arr = pass.ToArray(); return new UserModel() { UserId = username, Password = string.Concat(arr.Select(i => (char)i)), Role = "user", Created = DateTime.Now.Ticks }; }