/// <summary>
/// Check the admin's password
/// </summary>
/// <param name="emailAddress">email is the login</param>
/// <param name="password">password</param>
/// <param name="db">database access object</param>
/// <param name="adminId">output - admin id</param>
/// <param name="fullName">output - admin's name</param>
/// <returns>authentication is successful</returns>
public static bool VerifyAdminLogin(string emailAddress, string password, SedogoDBEntities db, out int? adminId,
out string fullName)
{
adminId = null;
fullName = null;
var admin = new Administrator("");
var lr = admin.VerifyLogin(emailAddress, password, false, true, "API. VerifyAdminLogin");
if (lr == loginResults.loginSuccess)
{
adminId = admin.administratorID;
fullName = admin.administratorName;
return true;
}
return false;
/*System.Data.Objects.ObjectResult<spVerifyAdministratorLogin_Result> lresult = db.spVerifyAdministratorLogin(emailAddress);
spVerifyAdministratorLogin_Result loginResult = lresult.FirstOrDefault();
if (loginResult != null && loginResult.AdministratorPassword == password)
{
adminID = loginResult.AdministratorID;
return true;
}
return false;*/
}
/// <summary>
/// Check the user's password
/// </summary>
/// <param name="emailAddress">email is the login</param>
/// <param name="password">password</param>
/// <param name="db">database access object</param>
/// <param name="userId">output - user id</param>
/// <param name="fullName">output - user's name</param>
/// <returns>authentication is successful</returns>
public static bool VerifyUserLogin(string emailAddress, string password, SedogoDBEntities db, out int? userId, out string fullName)
{
userId = null;
fullName = null;
var user = new SedogoUser("");
var checkResult = user.VerifyLogin(emailAddress, password, false, true, "API. VerifyUserLogin");
if ((checkResult == loginResults.loginSuccess))
{
userId = user.userID;
fullName = user.firstName + " " + user.lastName;
return true;
}
return false;
/*System.Data.Objects.ObjectResult<spVerifyUserLogin_Result> lresult = db.spVerifyUserLogin(emailAddress);
spVerifyUserLogin_Result loginResult = lresult.FirstOrDefault();
if (loginResult != null && loginResult.UserPassword == password)
{
userID = loginResult.UserID;
return true;
}
return false;
*/
}
/// <summary>
/// Check user's or admin's authentication
/// </summary>
/// <param name="request">HTTP request with Basic Authentication header</param>
/// <param name="db">database access object</param>
/// <param name="role">user role</param>
/// <param name="email">email acts like a login</param>
/// <param name="id">output user's identifier</param>
/// <param name="fullName">output user's name</param>
/// <returns>true if authentication is successful</returns>
public static bool TryAuthenticate(HttpRequestBase request, SedogoDBEntities db, UserRole role, out string email,out int? id, out string fullName)
{
email = null;
id = null;
fullName = null;
var authHeader = request.Headers["Authorization"];
if (!string.IsNullOrEmpty(authHeader))
{
const string basic = "basic ";
if (authHeader.StartsWith(basic, StringComparison.InvariantCultureIgnoreCase))
{
var e = request.ContentEncoding ?? Encoding.UTF8;
var userNameAndPassword = e.GetString(
Convert.FromBase64String(authHeader.Substring(basic.Length)));
var parts = userNameAndPassword.Split(':');
email = parts[0];
var password = parts[1];
switch (role)
{
case UserRole.Admin:
return VerifyAdminLogin(email, password, db, out id, out fullName);
case UserRole.User:
return VerifyUserLogin(email, password, db, out id, out fullName);
case UserRole.Any:
return VerifyUserLogin(email, password, db, out id, out fullName) ||
VerifyAdminLogin(email, password, db, out id, out fullName);
default:
break;
}
}
}
return false;
}
