public static UserAuthResult Authenticate(string userName, string password, string providerKey)
{
string Auth_GetUserByCredentials =
@"SELECT u.ID,u.Name,u.Surname,u.Email,u.Password,u.About,u.BirthDate,u.DateCreated,u.LastLogin,u.DateUpdated,ul.LoginProvider
FROM User AS u
INNER JOIN UserLogin AS ul
ON u.ID = ul.UserID
WHERE u.Email = '{1}'
WHERE ul.Providerkey = '{1}'";
string connStr = ConfigurationManager.AppSettings["MasterSQLConnection"];
SqlDatabase db = new SqlDatabase(connStr);
UserAuthResult result = new UserAuthResult();
result.AuthSuccess = false;
User user = new User();
string dbPassword = string.Empty;
try
{
string query = String.Format(Auth_GetUserByCredentials, userName);
using (DbCommand command = db.GetSqlStringCommand(query))
{
using (IDataReader reader = db.ExecuteReader(command))
{
if (reader.Read())
{
//Users.ID,Users.Name,Surname,IsAdmin,IsSuperAdmin,LoginType,Users.ActiveDirectoryDomain,Password
user.ID = int.Parse(reader["ID"].ToString());
user.Password = reader["Password"].ToString();
user.Name = reader["Name"].ToString();
user.Surname = reader["Surname"].ToString();
}
else
{
result.AuthSuccess = false;
result.ErrorMsg = "Username or password is wrong";
}
}
}
}
finally
{
}
if (!string.IsNullOrEmpty(password) && user.ID > 0 && password.Equals(user.Password))
{
result.User = user;
result.AuthSuccess = true;
}
else
{
result.ErrorMsg = "Username or password is wrong";
}
return result;
}
