public static string GetPasswordSalt(string username)
{
string vOut = EnumMessageId.LS251.ToString() + ": Exception Occured !";
string saltedText = string.Empty;
string connectionstring = GetDefaultConnectionString();
LsMembershipProvider lsMembershipProvider = new LsMembershipProvider();
string sSqlsalt = @"SELECT LS_Membership.PasswordSalt
FROM LS_User
INNER Join LS_Membership
ON LS_User.UserId = LS_Membership.UserId
WHERE UserName = @UserName";
SqlConnection connection = new SqlConnection(connectionstring);
connection.Open();
SqlDataReader dr;
SqlCommand command = new SqlCommand(sSqlsalt, connection);
command.Parameters.AddWithValue("UserName", username);
try
{
dr = command.ExecuteReader();
while (dr.Read())
{
saltedText = Convert.ToString(dr["PasswordSalt"]);
}
}
catch (Exception ex)
{
vOut = "Password salt not found";
throw ex;
}
saltedText = lsMembershipProvider.DecodeFromBase64String(saltedText);
return(saltedText);
}
public static string ValidateUser(string username, string password, int?pEmailStatus)
{
bool EmailStatus = true;
string vOut = EnumMessageId.LS251.ToString() + ": Exception Occured !";
string saltedText = string.Empty;
string saltpassword = string.Empty;
string concatpassword = string.Empty;
string checkpassword = string.Empty;
string connectionstring = GetDefaultConnectionString();
LsMembershipProvider lsMembershipProvider = new LsMembershipProvider();
SqlConnection connection = new SqlConnection(connectionstring);
connection.Open();
SqlDataReader dr;
saltedText = GetPasswordSalt(username);
if (pEmailStatus != null)
{
EmailStatus = ValidateEmail(username, pEmailStatus);
}
else
{
EmailStatus = true;
}
if (EmailStatus == true)
{
string sSql = @"SELECT Password
FROM LS_UserPassword
INNER JOIN LS_Membership
ON LS_UserPassword.UserId = LS_Membership.UserId
INNER JOIN LS_User
ON LS_UserPassword.UserId = LS_User.UserId
WHERE UserName = @UserName";
SqlCommand sqlPassword = new SqlCommand(sSql, connection);
sqlPassword.Parameters.AddWithValue("UserName", username);
try
{
dr = sqlPassword.ExecuteReader();
while (dr.Read())
{
saltpassword = Convert.ToString(dr["Password"]);
}
checkpassword = lsMembershipProvider.EncodeText(lsMembershipProvider.SaltText(password, saltedText));
if (saltpassword == checkpassword)
{
vOut = "Login Successfully";
}
else
{
vOut = "Invalid user";
}
}
catch (Exception ex)
{
vOut = "Password not found";
throw ex;
}
finally
{
connection.Close();
}
}
else
{
vOut = "Verify Email";
}
return(vOut);
}
public static string SaveUser(UserInfo objUserInfo)
{
int vResult = 0;
int vResult1 = 0;
int vResult2 = 0;
int vResult3 = 0;
int vResult4 = 0;
string connectionstring = GetDefaultConnectionString();
//string providerUserKey = Guid.NewGuid().ToString();
string vOut = EnumMessageId.LS251.ToString() + ": Exception Occured !";
StringBuilder vComText = new StringBuilder();
string vComText1 = string.Empty;
Hashtable htExistingRoles = new Hashtable();
Hashtable htNewUserRoleList = new Hashtable();
SqlConnection connection = new SqlConnection(connectionstring);
connection.Open();
LsMembershipProvider lsMembershipProvider = new LsMembershipProvider();
string passwordSaltedText = lsMembershipProvider.GeneratePasswordSaltingText();
string saltedPassword = lsMembershipProvider.SaltText(objUserInfo.Password, passwordSaltedText);
string saltedPasswordAnswer = lsMembershipProvider.SaltText(objUserInfo.PasswordAnswer, passwordSaltedText);
string sSqlUser = @"INSERT INTO LS_User
(UserId,UserName,
UserCode,ActionDate,ActionType)
VALUES
(@UserId,@UserName,
@UserCode,@ActionDate,@ActionType)";
Guid userId = Guid.NewGuid();
SqlCommand sqluser = new SqlCommand(sSqlUser, connection);
sqluser.Parameters.AddWithValue("UserId", userId);
sqluser.Parameters.AddWithValue("UserName", objUserInfo.UserName);
sqluser.Parameters.AddWithValue("UserCode", Guid.NewGuid());
sqluser.Parameters.AddWithValue("ActionDate", objUserInfo.ActionDate);
sqluser.Parameters.AddWithValue("ActionType", "Insert");
string sSqlMembership = @"INSERT INTO LS_Membership
(UserId,IsLockedOut,IsFirstLogin,
LastLoginDate,LastPasswordChangeDate,FailedPassAtmptCount,
LastLockoutDate,FailedPassAnsAtmptCount,PasswordSalt,Email,
PasswordQuestion,PasswordAnswer,
UserCode,ActionDate,ActionType)
VALUES
(@UserId,@IsLockedOut,@IsFirstLogin,
@LastLoginDate,@LastPasswordChangeDate,@FailedPassAtmptCount,
@LastLockoutDate,@FailedPassAnsAtmptCount,@PasswordSalt,@Email,
@PasswordQuestion,@PasswordAnswer,
@UserCode,@ActionDate,@ActionType)
";
SqlCommand sqlmembership = new SqlCommand(sSqlMembership, connection);
sqlmembership.Parameters.AddWithValue("UserId", userId.ToString());
sqlmembership.Parameters.AddWithValue("IsLockedOut", 0);
sqlmembership.Parameters.AddWithValue("IsFirstLogin", 1);
sqlmembership.Parameters.AddWithValue("LastLoginDate", new DateTime(1800, 1, 1));
sqlmembership.Parameters.AddWithValue("LastPasswordChangeDate", new DateTime(1800, 1, 1));
sqlmembership.Parameters.AddWithValue("FailedPassAtmptCount", 0);
sqlmembership.Parameters.AddWithValue("LastLockoutDate", new DateTime(1800, 1, 1));
sqlmembership.Parameters.AddWithValue("FailedPassAnsAtmptCount", 0);
sqlmembership.Parameters.AddWithValue("PasswordSalt", lsMembershipProvider.EncodeToBase64String(passwordSaltedText));
sqlmembership.Parameters.AddWithValue("Email", objUserInfo.Email);
sqlmembership.Parameters.AddWithValue("PasswordQuestion", "abc");
sqlmembership.Parameters.AddWithValue("PasswordAnswer", lsMembershipProvider.EncodeText(saltedPasswordAnswer));
sqlmembership.Parameters.AddWithValue("UserCode", Guid.NewGuid());
sqlmembership.Parameters.AddWithValue("ActionDate", DateTime.Now);
sqlmembership.Parameters.AddWithValue("ActionType", "Insert");
string sSqlUserPassword = @"INSERT INTO LS_UserPassword
(UserId,Password,
UserCode,ActionDate,ActionType)
VALUES
(@UserId,@Password,
@UserCode,@ActionDate,@ActionType)";
SqlCommand sqlpassword = new SqlCommand(sSqlUserPassword, connection);
sqlpassword.Parameters.AddWithValue("UserId", userId.ToString());
sqlpassword.Parameters.AddWithValue("Password", lsMembershipProvider.EncodeText(saltedPassword));
sqlpassword.Parameters.AddWithValue("UserCode", Guid.NewGuid());
sqlpassword.Parameters.AddWithValue("ActionDate", DateTime.Now);
sqlpassword.Parameters.AddWithValue("ActionType", "Insert");
vComText.Append("INSERT INTO LS_UserInfo (UserId,UserCode,ActionDate,ActionType,CompanyCode,WorkingUnitCode,UserFullName)");
vComText.Append(" VALUES");
vComText.Append("(@UserId,@UserCode,@ActionDate,@ActionType,@CompanyCode,@WorkingUnitCode,@UserFullName)");
SqlCommand sqlCommand = new SqlCommand(vComText.ToString(), connection);
sqlCommand.Parameters.AddWithValue("@UserId", userId);
sqlCommand.Parameters.AddWithValue("UserCode", userId.ToString());
sqlCommand.Parameters.AddWithValue("ActionDate", objUserInfo.ActionDate);
sqlCommand.Parameters.AddWithValue("ActionType", "Insert");
sqlCommand.Parameters.AddWithValue("CompanyCode", objUserInfo.CompanyCode);
sqlCommand.Parameters.AddWithValue("WorkingUnitCode", objUserInfo.WorkingUnitCode);
sqlCommand.Parameters.AddWithValue("UserFullName", objUserInfo.UserFullName);
string sSqlUserRole = @"INSERT INTO LS_UserInRole
(UserCode,ActionDate,
ActionType,UserId,RoleId,UserRoleId,IsDeleted)
VALUES
(@UserCode,@ActionDate,@ActionType,@UserId,@RoleID,@UserRoleId,
@IsDeleted)";
SqlCommand sqlrole = new SqlCommand(sSqlUserRole, connection);
sqlrole.Parameters.AddWithValue("UserCode", userId.ToString());
sqlrole.Parameters.AddWithValue("ActionDate", DateTime.Now);
sqlrole.Parameters.AddWithValue("ActionType", "Insert");
sqlrole.Parameters.AddWithValue("UserId", userId.ToString());
sqlrole.Parameters.AddWithValue("RoleID", "f65b77cf-26be-4451-9980-d5c5ca735514");
sqlrole.Parameters.AddWithValue("UserRoleId", Guid.NewGuid());
sqlrole.Parameters.AddWithValue("IsDeleted", 0);
using (SqlTransaction transaction = connection.BeginTransaction())
{
sqluser.Transaction = transaction;
sqlCommand.Transaction = transaction;
sqlmembership.Transaction = transaction;
sqlpassword.Transaction = transaction;
sqlrole.Transaction = transaction;
try
{
vResult1 = sqluser.ExecuteNonQuery();
if (vResult1 > 0)
{
vResult = sqlCommand.ExecuteNonQuery();
if (vResult > 0)
{
vResult2 = sqlmembership.ExecuteNonQuery();
if (vResult2 > 0)
{
vResult3 = sqlpassword.ExecuteNonQuery();
if (vResult3 > 0)
{
vResult4 = sqlrole.ExecuteNonQuery();
transaction.Commit();
vOut = "User Created Successfully";
}
}
}
}
}
catch (Exception ex)
{
transaction.Rollback();
vOut = "User not created Successfully";
throw ex;
}
finally
{
connection.Close();
}
}
return(vOut);
}
