public bool TryAuthentifcate(AuthenticateUserRequest request, out IUserIdentity identity)
{
using (var database = DatabaseFactory.GetDatabase())
{
identity = null;
User user = database.Query<User>().FirstOrDefault(x => x.Name == request.UserName);
if (user == null)
{
return false;
}
if (user.PasswordHash != cryptoService.ComputeHash(request.Password, user.PasswordSalt))
{
return false;
}
IList<string> claims = database.Fetch<string>(@"
select c.*
from auth.user u
inner join auth.user_claim uc on u.user_id = uc.user_id
inner join auth.claim c on uc.claim_id = c.claim_id
where u.user_id = @0", user.Id);
identity = new DefaultUserIdentity(user.Name, claims);
return true;
}
}
private IUserIdentity GetUserIdentity(AuthenticateUserRequest request)
{
IUserIdentity userIdentity;
if (!authService.TryAuthentifcate(request, out userIdentity))
{
throw new UnauthorizedException();
}
return userIdentity;
}
