Example #1
0
        public bool ValidateUser(string userName, string password)
        {
            if (String.IsNullOrEmpty(userName))
            {
                throw new ArgumentException("Value cannot be null or empty.", "userName");
            }
            if (String.IsNullOrEmpty(password))
            {
                throw new ArgumentException("Value cannot be null or empty.", "password");
            }



            ApplicationLogonResponse logonResponse = MvcApplication1.RBAC.LogonAsRBACUser(userName, password);

            if ((logonResponse == null) || (!string.IsNullOrEmpty(logonResponse.ErrorMsg)))
            {
                // Logon failed
                return(false);
            }
            else
            {
                // Logon was successful
                return(true);
            }
        }
Example #2
0
        public ApplicationLogonResponse LogonAsRBACUser(string username, string password)
        {
            // Create response object
            ApplicationLogonResponse responseObj = new ApplicationLogonResponse();

            try
            {
                // Try to get RBAC user
                RBACUserInfo rbacUserInfo = GetUser(username);
                if (rbacUserInfo == null)
                {
                    responseObj.ErrorMsg = "Username not found in system";
                    return(responseObj);
                }

                // Check to make sure passwords match
                if (string.Compare(rbacUserInfo.Password_PlainText, password) != 0)
                {
                    responseObj.ErrorMsg = "Incorrect username or password";
                    return(responseObj);
                }

                // Create a new RBAC Session ID
                string SessionId = System.Guid.NewGuid().ToString();

                // Create a new record in SessionDetails table
                Dictionary <string, object> sqlParams = new Dictionary <string, object>();
                sqlParams.Clear();
                sqlParams.Add("@UserId", rbacUserInfo.DBUserCustomSID_AsInt);
                sqlParams.Add("@SessionID", SessionId);
                int result = _DAL_RBAC.ExecuteNonQuery(
                    "insert into SessionDetails (UserId, SessionID, SessionExpTime, Createdby, CreateDateTime, Updatedby, UpdateDateTime)" +
                    " values (@UserId, @SessionID, DATEADD(hour,12,getdate()), @UserId, getdate(), @UserId, getdate())", sqlParams, true);

                // Create a new record in LoginDetails table
                sqlParams.Clear();
                sqlParams.Add("@UserId", rbacUserInfo.DBUserCustomSID_AsInt);
                sqlParams.Add("@SessionID", SessionId);
                result = _DAL_RBAC.ExecuteNonQuery(
                    "insert into LoginDetails (Userid, SessionID, LoginTime, Createdby, CreateDateTime, Updatedby, UpdateDateTime)" +
                    " values (@UserId, @SessionID, getdate(), @UserId, getdate(), @UserId, getdate())", sqlParams, true);

                // Get all granted items of the user
                List <RBACItemInfo>     grantedItemsForUser = GetGrantedItemsForUser(rbacUserInfo, false);
                List <RBACItemInfo>     itemsToRemove       = new List <RBACItemInfo>();
                List <RBACCustomerInfo> allCustomers        = GetCustomers();
                List <RBACCustomerInfo> grantedCustomers    = new List <RBACCustomerInfo>();

                // Look through each item. If its actually a customer, we will use a customized object instead
                foreach (RBACItemInfo nextItem in grantedItemsForUser)
                {
                    if (nextItem.ItemName.StartsWith("Customer:"))
                    {
                        itemsToRemove.Add(nextItem);
                        RBACCustomerInfoPredicate customerPredicate = new RBACCustomerInfoPredicate(nextItem.ItemID);
                        RBACCustomerInfo          customerObj       = allCustomers.Find(customerPredicate.CompareByRbacID);
                        if (customerObj != null)
                        {
                            grantedCustomers.Add(customerObj);
                        }
                    }
                }
                foreach (RBACItemInfo nextItem in itemsToRemove)
                {
                    grantedItemsForUser.Remove(nextItem);
                }

                // Update the response object
                responseObj.SessionId      = SessionId;
                responseObj.Username       = rbacUserInfo.UserName;
                responseObj.DomainUsername = rbacUserInfo.DomainUserName;
                responseObj.FullName       = rbacUserInfo.FullName;
                responseObj.RbacUserId     = rbacUserInfo.DBUserCustomSID_AsInt;
                responseObj.GrantedItems.AddRange(grantedItemsForUser);
                responseObj.GrantedCustomers.AddRange(grantedCustomers);
            }
            catch (Exception ex)
            {
                responseObj.ErrorMsg = ex.Message;

                // Debug: Need to log this?
                System.Diagnostics.Debug.WriteLine(ex.ToString());
            }

            // Return the result object
            return(responseObj);
        }