// POST api/CustomRegistration public HttpResponseMessage Post(RegistrationRequest registrationRequest) { if (!Regex.IsMatch(registrationRequest.username, "^[a-zA-Z0-9]{4,}$")) { return this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid username (at least 4 chars, alphanumeric only)"); } else if (registrationRequest.password.Length < 8) { return this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid password (at least 8 chars required)"); } MobileServiceContext context = new MobileServiceContext(); User account = context.Users.Where(a => a.Username == registrationRequest.username).SingleOrDefault(); if (account != null) { return this.Request.CreateResponse(HttpStatusCode.BadRequest, "Username already exists"); } else { byte[] salt = CustomLoginProviderUtils.generateSalt(); User newAccount = new User { Id = Guid.NewGuid().ToString(), Username = registrationRequest.username, Salt = salt, SaltedAndHashedPassword = CustomLoginProviderUtils.hash(registrationRequest.password, salt), FacebookUser = false, Name = registrationRequest.Name, Email = registrationRequest.Email }; context.Users.Add(newAccount); context.SaveChanges(); return this.Request.CreateResponse(HttpStatusCode.Created); } }
// POST api/CustomLogin public HttpResponseMessage Post(LoginRequest loginRequest) { MobileServiceContext context = new MobileServiceContext(); User account = context.Users.Where(a => a.Username == loginRequest.username).SingleOrDefault(); if (account != null) { byte[] incoming = CustomLoginProviderUtils.hash(loginRequest.password, account.Salt); if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword)) { ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username)); LoginResult loginResult = new CustomLoginProvider(handler).CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); return this.Request.CreateResponse(HttpStatusCode.OK, loginResult); } } return this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password"); }