public HttpResponseMessage Login(LoginModel model) { var dbUser = _db.Users.SingleOrDefault(u => u.UserName == model.UserName); if (dbUser != null) { var passwordHash = _encryptionService.CreateHash(model.Password, dbUser.Salt); if (passwordHash == dbUser.PasswordHash) { var response = new LoginResponseViewModel { IsAuthenticated = true, Username = dbUser.UserName, Role = dbUser.UserRole }; return Success(response); } return Error("Invalid credentials"); } return Error("Invalid credentials"); }
public HttpResponseMessage Register(RegisterModel model) { if (model.Password != model.ConfirmPassword) { return Error("Passwords must match"); } var policyTest = _encryptionService.TestPasswordPolicy(model.Password); if (string.IsNullOrEmpty(policyTest)) { var salt = _encryptionService.GenerateSalt(); var passwordHash = _encryptionService.CreateHash(model.Password, salt); var user = new User { ID = Guid.NewGuid(), PasswordHash = passwordHash, Salt = salt, UserName = model.UserName, UserRole = "User" }; _db.Users.Add(user); _db.SaveChanges(); var response = new LoginResponseViewModel { IsAuthenticated = true, Username = user.UserName, Role = user.UserRole }; return Success(response); } return Error(policyTest); }