public ActionResult LogOn() { ViewBag.Title = Resources.Account.LogonTitle; return View("~/Views/Dotnet/Logon.cshtml"); } [HttpPost] public ActionResult LogOn(LogOnModel model, string returnUrl) { if (ModelState.IsValid) { if (MembershipService.ValidateUser(model.UserName, model.Password)) { FormsService.SignIn(model.UserName, model.RememberMe); if (Url.IsLocalUrl(returnUrl)) { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Dotnet"); } } else { ModelState.AddModelError("", ""); } } // If we got this far, something failed, redisplay form return View("~/Views/Dotnet/Logon.cshtml", model); } public ActionResult LogOff() { FormsService.SignOut(); return RedirectToAction("Index", "Dotnet"); } public ActionResult Register() { ViewBag.Title = Resources.Account.RegisterTitle; ViewBag.PasswordLength = MembershipService.MinPasswordLength; return View("~/Views/Dotnet/Register.cshtml"); } [HttpPost] public ActionResult Register(RegisterModel model) { if (ModelState.IsValid) { // Attempt to register the user MembershipCreateStatus createStatus = MembershipService.CreateUser(model.UserName, model.Email, model.Password, model.ConfirmPassword); if (createStatus == MembershipCreateStatus.Success) { FormsService.SignIn(model.UserName, false /* createPersistentCookie */); return RedirectToAction("Index", "Dotnet"); } else { ModelState.AddModelError("", AccountValidation.ErrorCodeToString(createStatus)); } } // If we got this far, something failed, redisplay form ViewBag.PasswordLength = MembershipService.MinPasswordLength; return View("~/Views/Dotnet/Register.cshtml", model); }
FormsService.SignOut
and FormsService.SignIn
not so interesting as they are redirected to the standard methods: FormsAuthentication.SignOut
and FormsAuthentication.SetAuthCookie
.AccountMembershipService
class accesses the MSSQL database.CreateUser
method is CreateUser
. First, possible errors are checked: empty login, password, e-mail, duplicate login / e-mail, password match and password confirmation. Next, fill in the user field. The link is assigned a new Guid, the number is searched for as the maximum number + 1. The password is stored as a checksum in a closed one, the checksum is calculated from the user's password and a unique prefix that is stored here in the record. public MembershipCreateStatus CreateUser(string userName, string email, string password, string confirmPassword) { if (String.IsNullOrEmpty(userName)) throw new ArgumentException("Value cannot be null or empty.", "userName"); if (String.IsNullOrEmpty(password)) throw new ArgumentException("Value cannot be null or empty.", "password"); if (String.IsNullOrEmpty(email)) throw new ArgumentException("Value cannot be null or empty.", "email"); MembershipCreateStatus status = MembershipCreateStatus.ProviderError; using (var dataContext = new ElisyCMS(ConfigurationManager.ConnectionStrings["ElisyCMS"].ConnectionString)) { if (dataContext..Where(m => m. == userName && m. == new Binary(new byte[]{0})).Count() != 0) return MembershipCreateStatus.DuplicateUserName; if (dataContext..Where(m => m.Email == email && m. == new Binary(new byte[] { 0 })).Count() != 0) return MembershipCreateStatus.DuplicateEmail; if (password != confirmPassword) return MembershipCreateStatus.InvalidPassword; try { user = new (); user. = Guid.NewGuid().ToByteArray(); user. = new byte[] { 0 }; user. = new byte[] { 0 }; var codeRequest = from a in dataContext. where Convert.ToInt32(a.) > 0 orderby Convert.ToInt32(a.) descending select Convert.ToInt32(a.); var lastCode = codeRequest.Take(1).FirstOrDefault(); user. = (lastCode + 1).ToString().PadLeft(9, '0'); user. = userName; byte[] saltBytes = new byte[8]; new RNGCryptoServiceProvider().GetBytes(saltBytes); user. = Convert.ToBase64String(saltBytes); byte[] passwordBytes = System.Text.Encoding.UTF8.GetBytes(user. + password); byte[] hash = new SHA1CryptoServiceProvider().ComputeHash(passwordBytes); user. = Convert.ToBase64String(hash); user. = DateTime.Now; user. = DateTime.Now; user. = new Binary(new byte[] { 1 }); user. = System.Threading.Thread.CurrentThread.CurrentUICulture.Name; //user. = Guid.NewGuid().ToString(); user.Email = email; dataContext..InsertOnSubmit(user); dataContext.SubmitChanges(); return MembershipCreateStatus.Success; } catch (Exception ex) { return MembershipCreateStatus.ProviderError; } } return status; }
public bool ValidateUser(string userName, string password) { if (String.IsNullOrEmpty(userName)) throw new ArgumentException("Value cannot be null or empty.", "userName"); if (String.IsNullOrEmpty(password)) throw new ArgumentException("Value cannot be null or empty.", "password"); using (var dataContext = new ElisyCMS(ConfigurationManager.ConnectionStrings["ElisyCMS"].ConnectionString)) { var = dataContext..Where(m => m..ToUpper() == userName.ToUpper()).FirstOrDefault(); if ( == null) return false; if (..ToArray()[0] == 0) return false; if (String.IsNullOrWhiteSpace(.)) return true; byte[] passwordBytes = System.Text.Encoding.UTF8.GetBytes(. + password); byte[] hash = new SHA1CryptoServiceProvider().ComputeHash(passwordBytes); return Convert.ToBase64String(hash).Equals(.); } }
Source: https://habr.com/ru/post/210654/
All Articles