public static string GetPasswordSalt(string username) { string vOut = EnumMessageId.LS251.ToString() + ": Exception Occured !"; string saltedText = string.Empty; string connectionstring = GetDefaultConnectionString(); LsMembershipProvider lsMembershipProvider = new LsMembershipProvider(); string sSqlsalt = @"SELECT LS_Membership.PasswordSalt FROM LS_User INNER Join LS_Membership ON LS_User.UserId = LS_Membership.UserId WHERE UserName = @UserName"; SqlConnection connection = new SqlConnection(connectionstring); connection.Open(); SqlDataReader dr; SqlCommand command = new SqlCommand(sSqlsalt, connection); command.Parameters.AddWithValue("UserName", username); try { dr = command.ExecuteReader(); while (dr.Read()) { saltedText = Convert.ToString(dr["PasswordSalt"]); } } catch (Exception ex) { vOut = "Password salt not found"; throw ex; } saltedText = lsMembershipProvider.DecodeFromBase64String(saltedText); return(saltedText); }
public static string ValidateUser(string username, string password, int?pEmailStatus) { bool EmailStatus = true; string vOut = EnumMessageId.LS251.ToString() + ": Exception Occured !"; string saltedText = string.Empty; string saltpassword = string.Empty; string concatpassword = string.Empty; string checkpassword = string.Empty; string connectionstring = GetDefaultConnectionString(); LsMembershipProvider lsMembershipProvider = new LsMembershipProvider(); SqlConnection connection = new SqlConnection(connectionstring); connection.Open(); SqlDataReader dr; saltedText = GetPasswordSalt(username); if (pEmailStatus != null) { EmailStatus = ValidateEmail(username, pEmailStatus); } else { EmailStatus = true; } if (EmailStatus == true) { string sSql = @"SELECT Password FROM LS_UserPassword INNER JOIN LS_Membership ON LS_UserPassword.UserId = LS_Membership.UserId INNER JOIN LS_User ON LS_UserPassword.UserId = LS_User.UserId WHERE UserName = @UserName"; SqlCommand sqlPassword = new SqlCommand(sSql, connection); sqlPassword.Parameters.AddWithValue("UserName", username); try { dr = sqlPassword.ExecuteReader(); while (dr.Read()) { saltpassword = Convert.ToString(dr["Password"]); } checkpassword = lsMembershipProvider.EncodeText(lsMembershipProvider.SaltText(password, saltedText)); if (saltpassword == checkpassword) { vOut = "Login Successfully"; } else { vOut = "Invalid user"; } } catch (Exception ex) { vOut = "Password not found"; throw ex; } finally { connection.Close(); } } else { vOut = "Verify Email"; } return(vOut); }
public static string SaveUser(UserInfo objUserInfo) { int vResult = 0; int vResult1 = 0; int vResult2 = 0; int vResult3 = 0; int vResult4 = 0; string connectionstring = GetDefaultConnectionString(); //string providerUserKey = Guid.NewGuid().ToString(); string vOut = EnumMessageId.LS251.ToString() + ": Exception Occured !"; StringBuilder vComText = new StringBuilder(); string vComText1 = string.Empty; Hashtable htExistingRoles = new Hashtable(); Hashtable htNewUserRoleList = new Hashtable(); SqlConnection connection = new SqlConnection(connectionstring); connection.Open(); LsMembershipProvider lsMembershipProvider = new LsMembershipProvider(); string passwordSaltedText = lsMembershipProvider.GeneratePasswordSaltingText(); string saltedPassword = lsMembershipProvider.SaltText(objUserInfo.Password, passwordSaltedText); string saltedPasswordAnswer = lsMembershipProvider.SaltText(objUserInfo.PasswordAnswer, passwordSaltedText); string sSqlUser = @"INSERT INTO LS_User (UserId,UserName, UserCode,ActionDate,ActionType) VALUES (@UserId,@UserName, @UserCode,@ActionDate,@ActionType)"; Guid userId = Guid.NewGuid(); SqlCommand sqluser = new SqlCommand(sSqlUser, connection); sqluser.Parameters.AddWithValue("UserId", userId); sqluser.Parameters.AddWithValue("UserName", objUserInfo.UserName); sqluser.Parameters.AddWithValue("UserCode", Guid.NewGuid()); sqluser.Parameters.AddWithValue("ActionDate", objUserInfo.ActionDate); sqluser.Parameters.AddWithValue("ActionType", "Insert"); string sSqlMembership = @"INSERT INTO LS_Membership (UserId,IsLockedOut,IsFirstLogin, LastLoginDate,LastPasswordChangeDate,FailedPassAtmptCount, LastLockoutDate,FailedPassAnsAtmptCount,PasswordSalt,Email, PasswordQuestion,PasswordAnswer, UserCode,ActionDate,ActionType) VALUES (@UserId,@IsLockedOut,@IsFirstLogin, @LastLoginDate,@LastPasswordChangeDate,@FailedPassAtmptCount, @LastLockoutDate,@FailedPassAnsAtmptCount,@PasswordSalt,@Email, @PasswordQuestion,@PasswordAnswer, @UserCode,@ActionDate,@ActionType) "; SqlCommand sqlmembership = new SqlCommand(sSqlMembership, connection); sqlmembership.Parameters.AddWithValue("UserId", userId.ToString()); sqlmembership.Parameters.AddWithValue("IsLockedOut", 0); sqlmembership.Parameters.AddWithValue("IsFirstLogin", 1); sqlmembership.Parameters.AddWithValue("LastLoginDate", new DateTime(1800, 1, 1)); sqlmembership.Parameters.AddWithValue("LastPasswordChangeDate", new DateTime(1800, 1, 1)); sqlmembership.Parameters.AddWithValue("FailedPassAtmptCount", 0); sqlmembership.Parameters.AddWithValue("LastLockoutDate", new DateTime(1800, 1, 1)); sqlmembership.Parameters.AddWithValue("FailedPassAnsAtmptCount", 0); sqlmembership.Parameters.AddWithValue("PasswordSalt", lsMembershipProvider.EncodeToBase64String(passwordSaltedText)); sqlmembership.Parameters.AddWithValue("Email", objUserInfo.Email); sqlmembership.Parameters.AddWithValue("PasswordQuestion", "abc"); sqlmembership.Parameters.AddWithValue("PasswordAnswer", lsMembershipProvider.EncodeText(saltedPasswordAnswer)); sqlmembership.Parameters.AddWithValue("UserCode", Guid.NewGuid()); sqlmembership.Parameters.AddWithValue("ActionDate", DateTime.Now); sqlmembership.Parameters.AddWithValue("ActionType", "Insert"); string sSqlUserPassword = @"INSERT INTO LS_UserPassword (UserId,Password, UserCode,ActionDate,ActionType) VALUES (@UserId,@Password, @UserCode,@ActionDate,@ActionType)"; SqlCommand sqlpassword = new SqlCommand(sSqlUserPassword, connection); sqlpassword.Parameters.AddWithValue("UserId", userId.ToString()); sqlpassword.Parameters.AddWithValue("Password", lsMembershipProvider.EncodeText(saltedPassword)); sqlpassword.Parameters.AddWithValue("UserCode", Guid.NewGuid()); sqlpassword.Parameters.AddWithValue("ActionDate", DateTime.Now); sqlpassword.Parameters.AddWithValue("ActionType", "Insert"); vComText.Append("INSERT INTO LS_UserInfo (UserId,UserCode,ActionDate,ActionType,CompanyCode,WorkingUnitCode,UserFullName)"); vComText.Append(" VALUES"); vComText.Append("(@UserId,@UserCode,@ActionDate,@ActionType,@CompanyCode,@WorkingUnitCode,@UserFullName)"); SqlCommand sqlCommand = new SqlCommand(vComText.ToString(), connection); sqlCommand.Parameters.AddWithValue("@UserId", userId); sqlCommand.Parameters.AddWithValue("UserCode", userId.ToString()); sqlCommand.Parameters.AddWithValue("ActionDate", objUserInfo.ActionDate); sqlCommand.Parameters.AddWithValue("ActionType", "Insert"); sqlCommand.Parameters.AddWithValue("CompanyCode", objUserInfo.CompanyCode); sqlCommand.Parameters.AddWithValue("WorkingUnitCode", objUserInfo.WorkingUnitCode); sqlCommand.Parameters.AddWithValue("UserFullName", objUserInfo.UserFullName); string sSqlUserRole = @"INSERT INTO LS_UserInRole (UserCode,ActionDate, ActionType,UserId,RoleId,UserRoleId,IsDeleted) VALUES (@UserCode,@ActionDate,@ActionType,@UserId,@RoleID,@UserRoleId, @IsDeleted)"; SqlCommand sqlrole = new SqlCommand(sSqlUserRole, connection); sqlrole.Parameters.AddWithValue("UserCode", userId.ToString()); sqlrole.Parameters.AddWithValue("ActionDate", DateTime.Now); sqlrole.Parameters.AddWithValue("ActionType", "Insert"); sqlrole.Parameters.AddWithValue("UserId", userId.ToString()); sqlrole.Parameters.AddWithValue("RoleID", "f65b77cf-26be-4451-9980-d5c5ca735514"); sqlrole.Parameters.AddWithValue("UserRoleId", Guid.NewGuid()); sqlrole.Parameters.AddWithValue("IsDeleted", 0); using (SqlTransaction transaction = connection.BeginTransaction()) { sqluser.Transaction = transaction; sqlCommand.Transaction = transaction; sqlmembership.Transaction = transaction; sqlpassword.Transaction = transaction; sqlrole.Transaction = transaction; try { vResult1 = sqluser.ExecuteNonQuery(); if (vResult1 > 0) { vResult = sqlCommand.ExecuteNonQuery(); if (vResult > 0) { vResult2 = sqlmembership.ExecuteNonQuery(); if (vResult2 > 0) { vResult3 = sqlpassword.ExecuteNonQuery(); if (vResult3 > 0) { vResult4 = sqlrole.ExecuteNonQuery(); transaction.Commit(); vOut = "User Created Successfully"; } } } } } catch (Exception ex) { transaction.Rollback(); vOut = "User not created Successfully"; throw ex; } finally { connection.Close(); } } return(vOut); }