Beispiel #1
0
        /// <summary>
        /// Asynchronously authenticate this user.
        /// </summary>
        /// <param name="auth">Type of authentication requested.</param>
        /// <param name="queryRestrictions">Used to specify extra conditions of the query where clause. The key corresponds to the db field name, and the value corresponds to its value (you have to specify also '', ##, etc... to wrap the value)</param>
        /// <returns>Returns true if authenticated, otherwise false.</returns>
        public async Task <AuthenticationType> AuthenticateAsync(AuthenticationType auth, Dictionary <string, object> queryRestrictions = null)
        {
            if (auth != AuthenticationType.Unregistered)
            {
                string                table               = auth.ToTableName();
                List <string>         requiredFields      = AuthenticationRequiredFields.Get(auth);
                List <OleDbParameter> queryParametersList = new List <OleDbParameter>();

                //THER MAY BE A PROBLEM WITH SHORTDATE FORMAT
                string queryText = "SELECT * FROM Users INNER JOIN " + table + " ON Users.ID = " + table + ".USER_ID WHERE";

                foreach (string field in requiredFields)
                {
                    if (Properties.ContainsKey(field))
                    {
                        //queryParametersList.Add(new OleDbParameter(field, field == "Password" ? Cryptography.ComputeMD5Hash(Properties["Password"].ToString()) : Properties[field]));
                        queryParametersList.Add(new OleDbParameter(field, Properties[field]));
                        queryText += " " + field + "=@" + field + " AND";
                    }
                    else
                    {
                        return(AuthenticationType.Unregistered);
                    }
                }
                queryText = queryText.Remove(queryText.Length - 4);

                if (queryRestrictions != null)
                {
                    //TODO: add restrictions in sql query with different operators
                    throw new NotImplementedException();
                }

                using (OleDbConnection conn = new OleDbConnection(AppConfiguration.connectionString))
                    using (OleDbCommand command = new OleDbCommand())
                    {
                        conn.Open();
                        command.Connection  = conn;
                        command.CommandText = queryText;
                        command.Parameters.AddRange(queryParametersList.ToArray());
                        using (DbDataReader reader = await command.ExecuteReaderAsync())
                        {
                            if (reader.Read())
                            {
                                //Authenticated, fetching properties
                                //WARNING! Check for double ID resulting from INNER JOIN (problem if Fields are not preceded by table name)
                                for (int i = 0; i < reader.FieldCount; i++)
                                {
                                    string fieldName = reader.GetSchemaTable().Rows[i].ItemArray[0].ToString();
                                    //not fetching md5 checksum of Password field
                                    if (fieldName != "Password")
                                    {
                                        if (!Properties.ContainsKey(fieldName))
                                        {
                                            Properties.Add(fieldName, reader.GetValue(i));
                                        }
                                        else
                                        {
                                            Properties[fieldName] = reader.GetValue(i);
                                        }
                                    }
                                }
                                return(auth);
                            }
                            else
                            {
                                //Not authenticated, credentials not found.
                                return(AuthenticationType.Unregistered);
                            }
                        }
                    }
            }
            else
            {
                //Asking for AuthenticationType.UNREGISTERED authentication
                return(AuthenticationType.Unregistered);
            }
        }