Partially its work whenever i give required credential(Email and password) it works fine.if i give wrong email its show 404 error means its fine.if i give wrong password also its accepting means it not show any error.
My code is given below please help me:-
using System;
using System.Collections.Generic;
using System.Data;
using System.Data.Entity;
using System.Data.Entity.Infrastructure;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Description;
using WebApplication5.Models;
using System.Security.Cryptography;
using System.Text;
namespace WebApplication5.Controllers
{
public class UsersController : ApiController
{
private ChatDatabaseEntities1 db = new ChatDatabaseEntities1();
// GET: api/Users
public IQueryable<user> GetUsers()
{
return db.Users;
}
SymmetricAlgorithm desobj = Rijndael.Create();
string key;
// GET: api/Users/5
[ResponseType(typeof(User))]
public IHttpActionResult GetUser(string Email, string password)
{
User user = db.Users.Find(Email);
if (user == null)
{
return NotFound();
}
string temp =Decrypt(user.Password, user.PasswordSalt);
if (password == temp)
{
// return Ok(user.Email);
}
return Ok(user.Email);
}
// PUT: api/Users/5
[ResponseType(typeof(void))]
public IHttpActionResult PutUser(string id, User user)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
if (id != user.Email)
{
return BadRequest();
}
db.Entry(user).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!UserExists(id))
{
return NotFound();
}
else
{
throw;
}
}
return StatusCode(HttpStatusCode.NoContent);
}
// POST: api/Users
[ResponseType(typeof(User))]
public IHttpActionResult PostUser(User user)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
string temp_password = Encrypt("text", Key());
user.Password = temp_password;
user.PasswordSalt = Key();
user.UserType = "user";
db.Users.Add(user);
try
{
db.SaveChanges();
}
catch (DbUpdateException)
{
if (UserExists(user.Email))
{
return Conflict();
}
else
{
throw;
}
}
return CreatedAtRoute("DefaultApi", new { id = user.Email }, user);
}
// DELETE: api/Users/5
[ResponseType(typeof(User))]
public IHttpActionResult DeleteUser(string id)
{
User user = db.Users.Find(id);
if (user == null)
{
return NotFound();
}
db.Users.Remove(user);
db.SaveChanges();
return Ok(user);
}
protected override void Dispose(bool disposing)
{
if (disposing)
{
db.Dispose();
}
base.Dispose(disposing);
}
private bool UserExists(string id)
{
return db.Users.Count(e => e.Email == id) > 0;
}
public static string Encrypt(string strToEncrypt, string strKey)
{
try
{
TripleDESCryptoServiceProvider objDESCrypto =
new TripleDESCryptoServiceProvider();
MD5CryptoServiceProvider objHashMD5 = new MD5CryptoServiceProvider();
byte[] byteHash, byteBuff;
string strTempKey = strKey;
byteHash = objHashMD5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(strTempKey));
objHashMD5 = null;
objDESCrypto.Key = byteHash;
objDESCrypto.Mode = CipherMode.ECB; //CBC, CFB
byteBuff = ASCIIEncoding.ASCII.GetBytes(strToEncrypt);
return Convert.ToBase64String(objDESCrypto.CreateEncryptor().
TransformFinalBlock(byteBuff, 0, byteBuff.Length));
}
catch (Exception ex)
{
return "Wrong Input. " + ex.Message;
}
}
private string Key()
{
{
Random random = new Random();
key = "" + random.Next(0, 9) + random.Next(0, 9) + random.Next(0, 9) + random.Next(0, 9) + random.Next(0, 9) + random.Next(0, 9) + random.Next(0, 9) + random.Next(0, 9) + random.Next(0, 9) + random.Next(0, 9) + random.Next(0, 9) + random.Next(0, 9) + random.Next(0, 9) + random.Next(0, 9) + random.Next(0, 9) + random.Next(0, 9);
return key;
}
}
public static string Decrypt(string strEncrypted, string strKey)
{
try
{
TripleDESCryptoServiceProvider objDESCrypto =
new TripleDESCryptoServiceProvider();
MD5CryptoServiceProvider objHashMD5 = new MD5CryptoServiceProvider();
byte[] byteHash, byteBuff;
string strTempKey = strKey;
byteHash = objHashMD5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(strTempKey));
objHashMD5 = null;
objDESCrypto.Key = byteHash;
objDESCrypto.Mode = CipherMode.ECB; //CBC, CFB
byteBuff = Convert.FromBase64String(strEncrypted);
string strDecrypted = ASCIIEncoding.ASCII.GetString
(objDESCrypto.CreateDecryptor().TransformFinalBlock
(byteBuff, 0, byteBuff.Length));
objDESCrypto = null;
return strDecrypted;
}
catch (Exception ex)
{
return "Wrong Input. " + ex.Message;
}
}
}
}