/// <summary> /// Extract user role and create corresponding Principal /// </summary> /// <param name="sender"></param> /// <param name="e"></param> protected void Application_PostAuthenticateRequest(Object sender, EventArgs e) { if (FormsAuthentication.CookiesSupported == true) { if(Request.Cookies[FormsAuthentication.FormsCookieName] != null) { try { //retrieve username string username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name; string roles = string.Empty; //retrieve user with email 'username' and extrack role as string IDalUserManagement dal = new MSSQLModelDAL(); List<User> users = dal.GetUsers(new ParametersForUsers() { Email = username }); if(users.Any()) { roles = users.First().Permission.Description; } //Set principal HttpContext.Current.User = new System.Security.Principal.GenericPrincipal( new System.Security.Principal.GenericIdentity(username, "Forms"), roles.Split(';')); } catch (Exception) { { } throw; } } } }
/// <summary> /// Method Logs user into application if validated succesfully /// </summary> /// <param name="_email">User submitted email</param> /// <param name="_pass">User submitted password</param> /// <returns></returns> public LoginReturn Login(string _email, string _pass) { LoginReturn result = new LoginReturn(); try { IDalUserManagement dalUserManage = new MSSQLModelDAL(); List<User> users = dalUserManage.GetUsers(new ParametersForUsers() { Email = _email }); User user = users.Find(x => x.Email == _email); if (_pass == user.Password) { result.status = true; result.message = ""; return result; } else { result.status = false; result.message = "Password is incorrect!"; return result; } } catch(NullReferenceException e) { result.status = false; result.message = String.Format("No user with email: {0} found",_email); return result; } }
/// <summary> /// Method creates user and inserts it into database /// </summary> /// <param name="email">User email</param> /// <param name="confirmEmail">user email confirmed</param> /// <param name="Pass">user password</param> /// <param name="confirmPass">user password confirmed</param> /// <param name="fName">user first name</param> /// <param name="lName">user last name</param> public bool Create(string email, string confirmEmail, string pass, string confirmPass, string fName, string lName) { if (_confirmPass != _Pass) { return false; } try { IDalUserManagement dalUserManage = new MSSQLModelDAL(); ParametersForUsers parameters = new ParametersForUsers() { Email = email }; if (dalUserManage.GetUsers(parameters).Any()) { return false; } User user = new User() { Email = email, FirstName = fName, LastName = lName, Password = pass }; Permission perm = dalUserManage.GetPermByAccessLevel(AccessLevel.Submitter); dalUserManage.InsertUser(user, perm); return true; } catch (NullReferenceException e) { return false; } }