Example #1
0
        /// <summary>
        /// Static method to Create a user token using the supplied username and password. A valid token will only be provided if the username and password are valid and the account is not disabled nor expired.
        /// </summary>
        /// <param name="username"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        public static UserIdentityToken CreateToken(string username, string password, int?siteUID, bool addToSession)          //TODO: do not use session. Token will be stored in Context.User
        {
            UserEntity l_user = new UserEntity();

            l_user.UserNameLower = username.ToLower();
            l_user.SiteUID       = siteUID;

            // Get the user
            DataAccessAdapter da = new DataAccessAdapter();
            bool didFetch        = da.FetchEntityUsingUniqueConstraint(l_user, l_user.ConstructFilterForUCSiteUIDUserNameLower());

            if (!didFetch || l_user.IsNew)
            {
                return(null);                //We dont have a valid user with that username;
            }
            //Check password
            //TODO: Add hashing.
            if (l_user.Password != password)
            {
                return(null);
            }

            UserIdentityToken l_usertoken = new UserIdentityToken(l_user);

            if (addToSession)
            {
                //Set WasAdd4edToSession with internal property method
                SessionManager.AddUserToken(l_usertoken);
            }

            return(l_usertoken);

            //TODO: Add logging and auditing support
            //DONE*TODO: Add in effective entitytype perms and custom perms
            //TODO: Add in GroupList.
            //TODO: Need to change the UC's for users. Based on GUID, or Site/Username and be able to create tokens based on any of them.
            //TODO: Wee will need to add caching of some Sort. We cannot have it do round trips to database for every time a request is made.
        }