public User AddNewUser(String userID, String password, String email, String role, String firstname = null,String lastname = null,String address = null
            ,String city = null,String province = null,String country = null)
        {
            User user = new User();
            user.UserID = userID;
            user.Password = password;
            user.Email = email;
            user.Role = role;
            user.FirstName = firstname;
            user.LastName = lastname;
            user.Address = address;
            user.City = city;
            user.Province = province;
            user.Country = country;
            user.TheCognitoCredential = LetUsDealWithTheAWSCognitoIDStuff(userID);

            int result = 0;

            using (SqlConnection conn = new SqlConnection(_connectionString))
            {
                using (SqlCommand cmd = new SqlCommand("[dbo].[AddUser]"))
                {
                    conn.Open();
                    cmd.Connection = conn;
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.Add("@UserID", SqlDbType.NVarChar).Value = userID;
                    cmd.Parameters.Add("@Password", SqlDbType.NVarChar).Value = password;
                    cmd.Parameters.Add("@UserEmail", SqlDbType.NVarChar).Value = email;
                    cmd.Parameters.Add("@UserRole", SqlDbType.NVarChar).Value = role;
                    cmd.Parameters.Add("@FirsName", SqlDbType.NVarChar).Value = firstname;
                    cmd.Parameters.Add("@LastName", SqlDbType.NVarChar).Value = lastname;
                    cmd.Parameters.Add("@Address", SqlDbType.NVarChar).Value = address;
                    cmd.Parameters.Add("@City", SqlDbType.NVarChar,50).Value = role.Trim();
                    cmd.Parameters.Add("@Province", SqlDbType.NVarChar).Value = province;
                    cmd.Parameters.Add("@Country", SqlDbType.NVarChar).Value = country;
                    cmd.Parameters.Add("@CognitoID", SqlDbType.NVarChar).Value = user.TheCognitoCredential.CognitoID;
                    cmd.Parameters.Add("@CognitoToken", SqlDbType.NVarChar).Value = user.TheCognitoCredential.CognitoToken;

                    SqlParameter outParam = cmd.Parameters.Add("@resultOutput", SqlDbType.Int);
                    outParam.Direction = ParameterDirection.Output;

                   cmd.ExecuteNonQuery();

                    result = (int)outParam.Value;

                    if (result == 0)
                    {
                        user = new User();
                        user.FirstName = "Duplicated name or email";
                        user.LastName = "";
                    }
                    conn.Close();
                }
            }

            return user;
        }
        public List<User> GetAllUsers()
        {
            List<User> users = new List<User>();
              using(SqlConnection conn = new SqlConnection(_connectionString))
              {
                  using (SqlCommand cmd = new SqlCommand("[dbo].[GetAllUsers]"))
                  {
                      cmd.Connection = conn;
                      cmd.CommandType = CommandType.StoredProcedure;
                      SqlDataAdapter adapter = new SqlDataAdapter();
                      adapter.SelectCommand = cmd;
                      adapter.Fill(_ds);

                      foreach (DataRow row in _ds.Tables[0].Rows)
                      {
                          User user = new User();
                          user.UserID = (string)row["fldUserID"];
                          user.Email = (string)row["fldEmail"];
                          user.FirstName = DBNullConverterToString(row["fldFirstName"]);
                          user.LastName = DBNullConverterToString(row["fldLastName"]);
                          user.City = DBNullConverterToString(row["fldCity"]);
                          user.Province = DBNullConverterToString(row["fldProvince"]);
                          user.Country = DBNullConverterToString(row["fldCountry"]);
                          user.Address = DBNullConverterToString(row["fldAddress"]);
                          users.Add(user);
                      }
                  }
              }

            return users;
        }
        public User AuthenticateUser(string userID, string password)
        {
            User user = new User();

            using (SqlConnection conn = new SqlConnection(_connectionString))
            {
                using (SqlCommand cmd = new SqlCommand("[dbo].[GetUserInfo]"))
                {
                    cmd.Connection = conn;
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.Add("@UserID", SqlDbType.VarChar).Value = userID;
                    cmd.Parameters.Add("@Password", SqlDbType.VarChar).Value = password;
                    SqlDataAdapter adapter = new SqlDataAdapter();
                    adapter.SelectCommand = cmd;
                    adapter.Fill(_ds);

                    if (_ds.Tables[0].Rows.Count != 1)
                    {
                        User anonymousUser = new User();
                        anonymousUser.FirstName = "Anonymous";
                        anonymousUser.LastName = "User";
                        anonymousUser.Role = "AnonymousUser";

                        return anonymousUser;
                    }
                    else
                    {
                        DataRow row = _ds.Tables[0].Rows[0];

                        user.UserID = (string)row["fldUserID"];
                        user.Email = (string)row["fldEmail"];
                        user.FirstName = DBNullConverterToString(row["fldFirstName"]);
                        user.LastName = DBNullConverterToString(row["fldLastName"]);
                        user.City = DBNullConverterToString(row["fldCity"]);
                        user.Province = DBNullConverterToString(row["fldProvince"]);
                        user.Country = DBNullConverterToString(row["fldCountry"]);
                        user.Address = DBNullConverterToString(row["fldAddress"]);
                        user.Role = DBNullConverterToString(row["fldRole"]);
                    }

                }
            }

            return user;
        }