public static void Insert(Account value, out Guid code) {
using (SqlConnection cn = new SqlConnection(ConnectionString)) {
SqlCommand cmd = new SqlCommand {
Connection = cn,
CommandText = "spAccountCreate",
CommandType = CommandType.StoredProcedure
};
cmd.Parameters.Add("name", SqlDbType.NVarChar, 255).Value = value.name;
cmd.Parameters.Add("email", SqlDbType.NVarChar, 255).Value = value.email;
cmd.Parameters.Add("hash", SqlDbType.NVarChar, 100).Value = PasswordHash.CreateHash(value.hash);
cmd.Parameters.Add("accountId", SqlDbType.UniqueIdentifier).Direction = ParameterDirection.Output;
cmd.Parameters.Add("code", SqlDbType.UniqueIdentifier).Direction = ParameterDirection.Output;
cn.Open();
cmd.ExecuteNonQuery();
value.id = (Guid)cmd.Parameters["accountId"].Value;
code = (Guid)cmd.Parameters["code"].Value;
cn.Close();
}
}
public UserPrincipal(Account account, string clientId, Guid sessionId) {
identityValue = new GenericIdentity(account.email);
this.Account = account;
this.ClientId = clientId;
this.SessionId = sessionId;
}
public static Account Authenticate(string email, string password) {
string query = string.Format("SELECT * FROM viewAccounts WHERE email = '{0}'", email);
using (SqlDataAdapter da = new SqlDataAdapter(query, ConnectionString)) {
DataTable dt = new DataTable();
if (da.Fill(dt) == 1) {
Account account = new Account(dt.Rows[0]);
if (PasswordHash.ValidatePassword(password, account.hash)) {
return account;
}
}
}
return null;
}