/// <summary>
/// Static method to Create a user token using the supplied username and password. A valid token will only be provided if the username and password are valid and the account is not disabled nor expired.
/// </summary>
/// <param name="username"></param>
/// <param name="password"></param>
/// <returns></returns>
public static UserIdentityToken CreateToken(string username, string password, int?siteUID, bool addToSession) //TODO: do not use session. Token will be stored in Context.User
{
UserEntity l_user = new UserEntity();
l_user.UserNameLower = username.ToLower();
l_user.SiteUID = siteUID;
// Get the user
DataAccessAdapter da = new DataAccessAdapter();
bool didFetch = da.FetchEntityUsingUniqueConstraint(l_user, l_user.ConstructFilterForUCSiteUIDUserNameLower());
if (!didFetch || l_user.IsNew)
{
return(null); //We dont have a valid user with that username;
}
//Check password
//TODO: Add hashing.
if (l_user.Password != password)
{
return(null);
}
UserIdentityToken l_usertoken = new UserIdentityToken(l_user);
if (addToSession)
{
//Set WasAdd4edToSession with internal property method
SessionManager.AddUserToken(l_usertoken);
}
return(l_usertoken);
//TODO: Add logging and auditing support
//DONE*TODO: Add in effective entitytype perms and custom perms
//TODO: Add in GroupList.
//TODO: Need to change the UC's for users. Based on GUID, or Site/Username and be able to create tokens based on any of them.
//TODO: Wee will need to add caching of some Sort. We cannot have it do round trips to database for every time a request is made.
}
