public AuthenticationResult Authenticate(string username, string password) { IsAuthenticated = false; Username = username; UserAccountID = DarkFunctionManager.GetUserAccountID(username); if (UserAccountID == -1) { return(0); } Dictionary <string, byte[]> passInfo = DarkFunctionManager.GetPasswordInfo(UserAccountID); byte[] userPassHash = DarkSecurity.CreateHashWithSalt(password, passInfo["Salt"], DarkSecurity.HashLength); bool result = DarkSecurity.CompareHashToHash(passInfo["Hash"], userPassHash); if (result) { if (Begin()) { IsAuthenticated = true; return(AuthenticationResult.Success); } else { Logoff(); return(AuthenticationResult.InvalidSession); } } return(AuthenticationResult.InvalidLogin); }
public static int CreateUserAccount(string username, bool enabled, string password, string accountType, string answer, string questionType) { using (SqlConnection conn = DarkSQLManager.Connection) { using (SqlCommand cmd = new SqlCommand("dbo.CreateUserAccount", conn)) { cmd.CommandType = CommandType.StoredProcedure; DateTime dateCreated = DateTime.Today; byte[] passSalt = DarkSecurity.CreateRandomSalt(DarkSecurity.SaltLength); byte[] passHash = DarkSecurity.CreateHashWithSalt(password, passSalt, DarkSecurity.HashLength); byte[] ansSalt = DarkSecurity.CreateRandomSalt(DarkSecurity.SaltLength); byte[] ansHash = DarkSecurity.CreateHashWithSalt(answer, ansSalt, DarkSecurity.HashLength); cmd.Parameters.AddWithValue("@USERNAME", username); cmd.Parameters.AddWithValue("@ENABLED", enabled); cmd.Parameters.AddWithValue("@DATECREATED", dateCreated); cmd.Parameters.AddWithValue("@PASSHASH", passHash); cmd.Parameters.AddWithValue("@PASSSALT", passSalt); cmd.Parameters.AddWithValue("@ACCTYPE", accountType); cmd.Parameters.AddWithValue("@ANSHASH", ansHash); cmd.Parameters.AddWithValue("@ANSSALT", ansSalt); cmd.Parameters.AddWithValue("@QUESTYPE", questionType); cmd.Parameters.Add("@RVAL", SqlDbType.Int).Direction = ParameterDirection.Output; int rowsEffected = cmd.ExecuteNonQuery(); return((int)cmd.Parameters["@RVAL"].Value); } } }