/// <summary> /// Static method to Create a user token using the supplied username and password. A valid token will only be provided if the username and password are valid and the account is not disabled nor expired. /// </summary> /// <param name="username"></param> /// <param name="password"></param> /// <returns></returns> public static UserIdentityToken CreateToken(string username, string password, int?siteUID, bool addToSession) //TODO: do not use session. Token will be stored in Context.User { UserEntity l_user = new UserEntity(); l_user.UserNameLower = username.ToLower(); l_user.SiteUID = siteUID; // Get the user DataAccessAdapter da = new DataAccessAdapter(); bool didFetch = da.FetchEntityUsingUniqueConstraint(l_user, l_user.ConstructFilterForUCSiteUIDUserNameLower()); if (!didFetch || l_user.IsNew) { return(null); //We dont have a valid user with that username; } //Check password //TODO: Add hashing. if (l_user.Password != password) { return(null); } UserIdentityToken l_usertoken = new UserIdentityToken(l_user); if (addToSession) { //Set WasAdd4edToSession with internal property method SessionManager.AddUserToken(l_usertoken); } return(l_usertoken); //TODO: Add logging and auditing support //DONE*TODO: Add in effective entitytype perms and custom perms //TODO: Add in GroupList. //TODO: Need to change the UC's for users. Based on GUID, or Site/Username and be able to create tokens based on any of them. //TODO: Wee will need to add caching of some Sort. We cannot have it do round trips to database for every time a request is made. }