public string Login(string userId, string pwrd) { Debug.WriteLine("Login userId: " + userId + " pwrd: " + pwrd); LoginInfo loginInfo = new LoginInfo(); loginInfo.RememberMe = false; loginInfo.LoginID = userId; loginInfo.Password = pwrd; LoginStatus loginStatus = UAS_Business_Functions.VerifyUser(loginInfo); SessionHelper.LoginStatus = loginStatus; // SessionHelper.LoginStatus.EnterpriseID = 1; // SessionHelper.LoginStatus.GroupID = 3; if ((loginStatus.Status == 'A') && (loginStatus.UserID > 0) && // !string.IsNullOrEmpty(loginStatus.PermissionSet) (loginStatus.appGroupPermissions.Count > 0) ) { loginInfo.IsLoggedIn = true; SessionHelper.IsUserLoggedIn = true; SessionHelper.LoginInfo = loginInfo; SessionHelper.LoginStatus = loginStatus; return("You are now logged in."); } else { return("Invalid user name or password."); } // *** RRB 10/29/15 Shouldn't this be returning a boolean or integer so it can be tested for a valid login ?? }
public string VerifyUser(string userId, string pwrd, string entId, string grpId) { Debug.WriteLine("Verify userId: " + userId + " pwrd: " + pwrd); int iEntId, iGrpId; try { iEntId = Int32.Parse(entId); } catch { return("Enterprise ID must be a number."); } try { iGrpId = Int32.Parse(grpId); } catch { return("Group ID must be a number."); } bool groupCorrect = false, entCorrect = false; LoginInfo loginInfo = new LoginInfo(); loginInfo.RememberMe = false; loginInfo.LoginID = userId; loginInfo.Password = pwrd; LoginStatus loginStatus = UAS_Business_Functions.VerifyUser(loginInfo); if (loginStatus != null) { if (loginStatus.EnterpriseID == iEntId) { entCorrect = true; } if (loginStatus.appGroupPermissions != null && loginStatus.appGroupPermissions.Count > 0 && loginStatus.appGroupPermissions[0].groupPermissionSets.Count > 0 && loginStatus.appGroupPermissions[0].groupPermissionSets[0].GroupID == iGrpId) { groupCorrect = true; } } if ((loginStatus != null) && (loginStatus.Status == 'A') && (loginStatus.UserID > 0) && // !string.IsNullOrEmpty(loginStatus.PermissionSet) (loginStatus.appGroupPermissions.Count > 0) && entCorrect && groupCorrect ) { using (var context = DataContext.getUasDbContext()) { string enterprise = context.uas_Enterprise.Where(e => e.EnterpriseID == loginStatus.EnterpriseID).Select(e => e.EnterpriseDescription).SingleOrDefault(); return("The User Login: "******" is valid for " + loginStatus.FirstName + " " + loginStatus.LastName + " Enterprise: " + enterprise); } } else { if (loginStatus.appGroupPermissions != null) { if (loginStatus.appGroupPermissions.Count == 0 || loginStatus.appGroupPermissions[0].ApplicationID != UAS.Business.Constants.APPLICATIONID || loginStatus.appGroupPermissions[0].groupPermissionSets.Count == 0) { return("User not authorized for this application."); } if (!groupCorrect || !entCorrect) { return("User is not authorized for the Enterprise or Group."); } } return("Invalid UserId and/or password"); } }