public Student AuthenticateUser(string username, string password) { Student student = null; // user token to build // we need to hash the password first var passwordHash = HashSha256(password); try { // we need to pass the username and passwordhash // to the data access method - if we get back a 1, the user is // validated, anything else is unacceptable var validationResult = StudentAccessor.VerifyUsernameAndPassword(username, passwordHash); if (validationResult == 1) // user is validated { // need to get the employee object and roles // to build the user object // first, get the employee student = StudentAccessor.RetrieveStudentByUsername(username); // next, get the employee's roles //var roles = StudentAccessor.RetrieveRolesByEmployeeID(employee.EmployeeID); // bool passwordMustBeChanged = false; // here's some code to prevent the user from using the app without // changing his or her password first /* if(password=="newuser") * { * passwordMustBeChanged = true; * roles.Clear(); // clear the user's roles so the app can't be used * roles.Add(new Role() { RoleID = "New User" }); * } * * // and create the user token * user = new User(employee, roles, passwordMustBeChanged); */ } else // user was not validated { // we can throw an exception here. throw new ApplicationException("Login failed. Bad username (email address) or password"); } } catch (ApplicationException) // rethrow the applicaton exception { throw; } catch (Exception ex) // wrap and throw other types of exception { throw new ApplicationException("There was a problem connecting to the server.", ex); } return(student); }
public User AuthenticateUser(string username, string password) { User user = null; // we can test for password complexity here, but won't for now // first, hash the password var passwordHash = hashSha256(password); try { // we want to get a 1 as a result of calling the access method if (1 == StudentAccessor.VerifyUsernameAndPassword(username, passwordHash)) { // get the Student object var Student = StudentAccessor.RetrieveStudentByUsername(username); // get the list of roles var roles = StudentAccessor.RetrieveStudentRoles(Student.StudentID); // check to see if the password needs changing bool passwordNeedsChanging = false; //if(password == "newuser") // add additional reasons as needed //{ // passwordNeedsChanging = true; // roles.Clear(); // roles.Add(new Role() { RoleID = "New User" }); //} // we might want to include code to invalidate the user, say // by clearing the roles list if the user's password is expired // such as with user.Roles.Clear(); user = new User(Student, roles, passwordNeedsChanging); } else // got back 0 { throw new ApplicationException("Bad username or password."); } } catch (Exception ex) // other exceptions are possible (SqlException) { // wrap the exception in one with a friendlier message. throw new ApplicationException("Login Failure!", ex); } return(user); }