For starters, let's begin with our Sign In and Sign Out mechanism. We need a User entity for that. So far we haven't created one. Let's create it.
Follow these steps to begin working with our Sign In and Sign Out mechanism:
- Use the following code:
Go to https://goo.gl/cD8tDQ to access the code.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
namespace RestBuy.Entities
{
public class User : BaseEntity
{
...
...
}
}
The interesting thing is that we have defined a hash password algorithm. We also make use of a secret salt. This way, even if our database for passwords is breached, our user passwords will not be easily recovered (of course combined with a strong password policy). By using salt, in this case secretBytes and a username, we achieve two things:
-
- Even if different users have same password, their hashed password values will be different since we include their
username. - We also added a secret keyword directly in the code file, so it will make existing rainbow tables nullified if somebody wants to crack the hash by brute force. We made it a static method because it is more like a utility:
- Even if different users have same password, their hashed password values will be different since we include their
- Update our RestBuyContext by adding the following code:
Go to https://goo.gl/wWvhiL to access the code.
void ConfigureUser(EntityTypeBuilder <User> builder)
{
builder.ToTable(userTable);
builder.HasKey(ci => ci.Id);
builder.Property(ci => ci.UserName)
.IsRequired()
.HasMaxLength(50);
builder.Property(ci => ci.Password)
.IsRequired();
}
Our class now looks like this:
Go to https://goo.gl/CjSv8g to access the code.
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata.Builders;
using RestBuy.Entities;
using System;
using System.Collections.Generic;
using System.Text;
namespace RestBuy.Infrastructure.EF
{
public class RestBuyContext : DbContext
{
...
...
}
}
- Finally, we add the migration by using Add-Migration User in the package manager console:
Do not forget to change the default project to Infrastructure; otherwise, you will get an error.
- Then we finally update our database:
PM> Update-Database
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
User profile is available. Using 'C:\Users\Onur.Gumus\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
Applying migration '20170909141639_User'.
Done.
PM>