public bool ValidateUser(string userName, string password)
{
if (String.IsNullOrEmpty(userName))
{
throw new ArgumentException("Value cannot be null or empty.", "userName");
}
if (String.IsNullOrEmpty(password))
{
throw new ArgumentException("Value cannot be null or empty.", "password");
}
ApplicationLogonResponse logonResponse = MvcApplication1.RBAC.LogonAsRBACUser(userName, password);
if ((logonResponse == null) || (!string.IsNullOrEmpty(logonResponse.ErrorMsg)))
{
// Logon failed
return(false);
}
else
{
// Logon was successful
return(true);
}
}
public ApplicationLogonResponse LogonAsRBACUser(string username, string password)
{
// Create response object
ApplicationLogonResponse responseObj = new ApplicationLogonResponse();
try
{
// Try to get RBAC user
RBACUserInfo rbacUserInfo = GetUser(username);
if (rbacUserInfo == null)
{
responseObj.ErrorMsg = "Username not found in system";
return(responseObj);
}
// Check to make sure passwords match
if (string.Compare(rbacUserInfo.Password_PlainText, password) != 0)
{
responseObj.ErrorMsg = "Incorrect username or password";
return(responseObj);
}
// Create a new RBAC Session ID
string SessionId = System.Guid.NewGuid().ToString();
// Create a new record in SessionDetails table
Dictionary <string, object> sqlParams = new Dictionary <string, object>();
sqlParams.Clear();
sqlParams.Add("@UserId", rbacUserInfo.DBUserCustomSID_AsInt);
sqlParams.Add("@SessionID", SessionId);
int result = _DAL_RBAC.ExecuteNonQuery(
"insert into SessionDetails (UserId, SessionID, SessionExpTime, Createdby, CreateDateTime, Updatedby, UpdateDateTime)" +
" values (@UserId, @SessionID, DATEADD(hour,12,getdate()), @UserId, getdate(), @UserId, getdate())", sqlParams, true);
// Create a new record in LoginDetails table
sqlParams.Clear();
sqlParams.Add("@UserId", rbacUserInfo.DBUserCustomSID_AsInt);
sqlParams.Add("@SessionID", SessionId);
result = _DAL_RBAC.ExecuteNonQuery(
"insert into LoginDetails (Userid, SessionID, LoginTime, Createdby, CreateDateTime, Updatedby, UpdateDateTime)" +
" values (@UserId, @SessionID, getdate(), @UserId, getdate(), @UserId, getdate())", sqlParams, true);
// Get all granted items of the user
List <RBACItemInfo> grantedItemsForUser = GetGrantedItemsForUser(rbacUserInfo, false);
List <RBACItemInfo> itemsToRemove = new List <RBACItemInfo>();
List <RBACCustomerInfo> allCustomers = GetCustomers();
List <RBACCustomerInfo> grantedCustomers = new List <RBACCustomerInfo>();
// Look through each item. If its actually a customer, we will use a customized object instead
foreach (RBACItemInfo nextItem in grantedItemsForUser)
{
if (nextItem.ItemName.StartsWith("Customer:"))
{
itemsToRemove.Add(nextItem);
RBACCustomerInfoPredicate customerPredicate = new RBACCustomerInfoPredicate(nextItem.ItemID);
RBACCustomerInfo customerObj = allCustomers.Find(customerPredicate.CompareByRbacID);
if (customerObj != null)
{
grantedCustomers.Add(customerObj);
}
}
}
foreach (RBACItemInfo nextItem in itemsToRemove)
{
grantedItemsForUser.Remove(nextItem);
}
// Update the response object
responseObj.SessionId = SessionId;
responseObj.Username = rbacUserInfo.UserName;
responseObj.DomainUsername = rbacUserInfo.DomainUserName;
responseObj.FullName = rbacUserInfo.FullName;
responseObj.RbacUserId = rbacUserInfo.DBUserCustomSID_AsInt;
responseObj.GrantedItems.AddRange(grantedItemsForUser);
responseObj.GrantedCustomers.AddRange(grantedCustomers);
}
catch (Exception ex)
{
responseObj.ErrorMsg = ex.Message;
// Debug: Need to log this?
System.Diagnostics.Debug.WriteLine(ex.ToString());
}
// Return the result object
return(responseObj);
}
