DotNet-302-Core
  • Introduction
  • 1 - Intro and Setup
    • 1.0: Overview
    • 1.1: Setting Up Dev Environment
    • 1.2: Introduction to CLI
    • 1.3: API Project Creation
    • 1.4: Overview of API Project Files
    • 1.5: Adding Other Projects and References
  • 2 - Add Users and Authentication
    • 2.0: Add User Entity and DbContext
    • 2.1: Add Migration and Database
    • 2.2: Salting and Hashing Passwords
    • 2.3: Adding Auth Service
    • 2.4: Registering Auth Service
    • 2.5: Add DTO and AuthController
    • 2.6: Add Register Functionality
    • 2.7: Validating User Submitted Data
    • 2.8: Token Authentication
    • 2.9: Adding Login Functionality
    • 2.10: Testing Login and Authentication
  • 3 - Client-side Login and Register
    • 3.0: Enable CORS
    • 3.1: Angular Layout
    • 3.2: Client-side Login
    • 3.3: NavBar Login Toggle
    • 3.4: Add Register and Home Components
    • 3.5: Add Register Functionality
    • 3.6: Improving Authentication
  • 4 - Improving the User Model
    • 4.0: Extending User Entity
    • 4.1: Run Migration
    • 4.2: Generating Seed Data
    • 4.3: Seeding the Database
    • 4.4: Adding User DTOs
    • 4.5: Adding Extension Method
    • 4.6: Adding User Service
    • 4.7: Adding Users Controller
  • 5 - Displaying Users on the Client
    • 5.0: Adding Components and Routing
    • 5.1: Dropdown Functionality
    • 5.2: Adding Router Guards
    • 5.3: Updating Interfaces
    • 5.4: Retrieving Users from the Database
    • 5.5: Add Member Cards
    • 5.6: Styling Member Cards
    • 5.7: Member Profile
    • 5.8: Adding Route Resolvers
    • 5.9: Layout and Styling Member Profiles
    • 5.10: Adding Photo Gallery
  • 6 - Handling Errors
    • 6.0: Handling Errors in the API
    • 6.1: Handling Errors in Angular
    • 6.2: Adding Alertify
    • 6.3: Using Alertify in Components
  • 7 - Editing Profiles and Uploading Photos
    • 7.0: Member Edit Component
    • 7.1: Profile Template
    • 7.2: Add CanDeactivate Guard
    • 7.3: Persisting Profile Changes
    • 7.4: Hosting Photos on Cloudinary
    • 7.5: Adding PhotoService
    • 7.6: Adding PhotosController
    • 7.7: Adding Photo Upload in Angular
    • 7.8: Setting Main Photo in the API
    • 7.9: Setting Main Photo in Angular
    • 7.10: Displaying Profile Photo in the NavBar
    • 7.11: Updating Profile Photo in NavBar
    • 7.12: Deleting Photos
  • 8 - Pagination, Sorting, and Filtering
    • 8.0: TimeAgo Pipe
    • 8.1: Adding an Action Filter to the API
    • 8.2: Paging in the API
    • 8.3: Paging in the Angular Project
    • 8.4: Filtering in the API
    • 8.5: Filtering in the Angular Project
    • 8.6: Sorting Users
  • 9 - Following Users
    • 9.0: Adding the Follow Entity
    • 9.1: Follow a User in API
    • 9.2: Retrieve Followees in API
    • 9.3: Following Functionality in Angular
    • 9.4: Displaying Followers in Followers Component
  • 10 - Messaging
    • 10.0: Adding Message Entity
    • 10.1: Add Service Method and DTOs
    • 10.2: Add Messages Controller
    • 10.3: Add Inbox and Outbox Service Methods
    • 10.4: Getting Message Threads/Conversations
    • 10.5: Building the Message Component in Angular
    • 10.6: Inbox / Outbox Template
    • 10.7: Adding Conversations to MemberDetailComponent
    • 10.8: Sending Messages
    • 10.9: Deleting Messages
    • 10.10: Marking Messages as Read
  • 11 - Appendix
    • 11.0: Wrap-up
    • 11.1: Configuring for Deployment
    • 11.2: Deploying to Azure
    • 11.3: References and Resources
  • Eleven Fifty Style Guide
Powered by GitBook
On this page
  • Add Authentication Interface
  • Add Concrete AuthService
  • Add CreatePasswordHash Method
  • Implement Register Method
  • Add VerifyPasswordHash Method
  • Implement Login Method
  • Implement UserExists() method
  1. 2 - Add Users and Authentication

2.3: Adding Auth Service

Add Authentication Interface

Add an interface to your .Contracts project by right clicking on the folder name and selecting "New C# Interface" called IAuthService.cs.

Add method signatures for register, login, and checking whether the user already exists in the database.

using System.Threading.Tasks;
using EFConnect.Data.Entities;

namespace EFConnect.Contracts
{
    public interface IAuthService
    {
         Task<User> Register(User user, string password);
         Task<User> Login(string username, string password);
         Task<bool> UserExists(string username);
    }
}

Add Concrete AuthService

In the .Services project - create a new C# class called AuthService.cs that implements IAuthService.

Start by adding a constructor to inject our DbContext:

public AuthService(EFConnectContext context)
{
}

Ctrl + . on the context parameter and choose Generate field from parameter.

private readonly EFConnectContext _context;
public AuthService(EFConnectContext context)
{
    _context = context;
}

Now, ctrl + . on IAuthRepository and select Implement interface

public class AuthService : IAuthService
{
    private readonly EFConnectContext _context;
    public AuthService(EFConnectContext context)
    {
        _context = context;
    }

    public Task<User> Login(string username, string password)
    {
        throw new System.NotImplementedException();
    }

    public Task<User> Register(User user, string password)
    {
        throw new System.NotImplementedException();
    }

    public Task<bool> UserExists(string username)
    {
        throw new System.NotImplementedException();
    }
}

Add CreatePasswordHash Method

We'll add a private method below the public methods to create a password hash.

It will take three parameters: one will be passed by value: password, and two will be passed by reference: passwordHash and passwordSalt - this will allow our method to directly alter the values held by the passwordHash and passwordSalt variables.

private void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt)
{
    using (var hmac = new System.Security.Cryptography.HMACSHA512())    //  hmac will generate salt key
    {
        passwordSalt = hmac.Key;
        passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
    }
}

Implement Register Method

Now that we have a method to create our salted hash, we can implement our register method.

public async Task<User> Register(User user, string password)
{
    byte[] passwordHash, passwordSalt;
    CreatePasswordHash(password, out passwordHash, out passwordSalt);

    user.PasswordHash = passwordHash;
    user.PasswordSalt = passwordSalt;

    await _context.Users.AddAsync(user);
    await _context.SaveChangesAsync();

    return user;
}

Add VerifyPasswordHash Method

Next, we need another private helper method to check the password a user enters against the hashed password saved to the database in order to implement our Login() method.

This method will work in the opposite direction of our CreatePasswordHash() method.

We'll loop through the computed hash and compare each byte against what's stored in our database. If anything doesn't match, we'll return false - otherwise, we'll return true.

private bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt)
{
    using (var hmac = new System.Security.Cryptography.HMACSHA512(passwordSalt))
    {
        var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));

        for (int i = 0; i < computedHash.Length; i++)
        {
            if (computedHash[i] != passwordHash[i]) return false;
        }

        return true;
    }
}

Implement Login Method

In this method, we need to compare what's stored in our database to what is entered by the user using our VerifyPasswordHash() method.

public async Task<User> Login(string username, string password)
{
    var user = await _context.Users.FirstOrDefaultAsync(x => x.Username == username);

    if (user == null)
        return null;

    if (!VerifyPasswordHash(password, user.PasswordHash, user.PasswordSalt))
        return null;

    return user;
}

Implement UserExists() method

public async Task<bool> UserExists(string username)
{
    if (await _context.Users.AnyAsync(x => x.Username == username))
        return true;

    return false;
}
Previous2.2: Salting and Hashing PasswordsNext2.4: Registering Auth Service

Last updated 7 years ago