private bool isUserCredentialsValid(string userName, string password) { ZXPUserData zxpUD = new ZXPUserData(); int rowCount = 0; bool isValidUser = false; try { string sqlCmdText; string sql_connStr = new TruckScheduleConfigurationKeysHelper().sql_connStr; sqlCmdText = "SELECT COUNT (*) FROM dbo.Users WHERE [Password] = @UPASS AND UserName = @UNAME AND isDisabled = 0"; rowCount = Convert.ToInt32(SqlHelper.ExecuteScalar(sql_connStr, CommandType.Text, sqlCmdText, new SqlParameter("@UPASS", DataTransformer.PasswordHash(password)), new SqlParameter("@UNAME", userName))); if (rowCount > 0) { isValidUser = true; } else { isValidUser = false; throw new Exception("Invalid login."); } } catch (SqlException excep) { string strErr = " SQLException Error in dataProcessingAndCleanUp isUserCredentialsValid(). Details: " + excep.ToString(); ErrorLogging.WriteEvent(strErr, EventLogEntryType.Error); System.Web.HttpContext.Current.Session["ErrorNum"] = 2; ErrorLogging.sendtoErrorPage(2); } catch (Exception ex) { string strErr = " Exception Error in dataProcessingAndCleanUp isUserCredentialsValid(). Details: " + ex.ToString(); ErrorLogging.WriteEvent(strErr, EventLogEntryType.Error); System.Web.HttpContext.Current.Session["ErrorNum"] = 1; ErrorLogging.sendtoErrorPage(1); } finally { } return(isValidUser); }
public static string PasswordHash(string ClearTextPassword) { return(DataTransformer.getMD5Hash(ClearTextPassword)); //Can modify to different type of hashing }