/// <summary>
/// Starts a new session for the user by validating their username and password
/// credentials.
/// </summary>
public bool StartSession(string username, string password, out string token, out DateTime expiration)
{
SqlGenerator sqlGen = new SqlGenerator(SqlGenerator.SqlTypes.Select, "User");
sqlGen.AddField("*");
sqlGen.AddWhereParameter("User", "UserName", username, SqlWhereComparison.SqlComparer.Equal);
System.Data.DataTable dt = Adocls.FetchDataTable(sqlGen, modelDataBindings.DatabaseName);
if (dt.Rows.Count > 0)
{
if (dt.Rows[0]["HashPassword"].ToString() == CryptoHelper.ComputeHash(password, dt.Rows[0]["SALT"].ToString()))
{
string sessionKey = Guid.NewGuid().ToString("N");
DateTime sessionExpires = DateTime.Now.AddMinutes(C_SESSION_LIFESPAN);
SqlGenerator sqlGenUpdate = new SqlGenerator(SqlGenerator.SqlTypes.Update, "User");
sqlGenUpdate.AddField("AuthGUID", "User", sessionKey);
sqlGenUpdate.AddField("AuthDate", "User", sessionExpires);
sqlGenUpdate.AddWhereParameter("User", "User_Key", dt.Rows[0]["User_Key"].ToString(), SqlWhereComparison.SqlComparer.Equal);
Adocls.ExecuteSql(sqlGenUpdate, true, modelDataBindings.DatabaseName);
token = sessionKey;
expiration = sessionExpires;
return(true);
}
}
token = null;
expiration = DateTime.MinValue;
return(false);
}
/// <summary>
/// Get AuthUserInformationModel using the session GUID string
/// </summary>
public AuthUserInformationModel GetAuthUserInformation(string sessionGuid)
{
try
{
SqlGenerator sqlGenUser = new SqlGenerator(SqlGenerator.SqlTypes.Select, "User");
sqlGenUser.AddField("*");
sqlGenUser.AddWhereParameter("User", "AuthGUID", sessionGuid, SqlWhereComparison.SqlComparer.Equal);
sqlGenUser.AddWhereParameter("User", "AuthDate", DateTime.Now, SqlWhereComparison.SqlComparer.GreaterThan | SqlWhereComparison.SqlComparer.Equal);
// TODO: Optimize this to use reader instead of data table
DataTable dt = Adocls.FetchDataTable(sqlGenUser, "UserDatabase");
return(BuildAuthUserInformationModel(dt));
}
catch { return(null); }
}
/// <summary>
/// Get AuthUserInformationmodel using the email and active state of the user account
/// </summary>
public AuthUserInformationModel GetAuthUserInformation(string email, bool activeFlag)
{
try
{
SqlGenerator sqlGen = new SqlGenerator(SqlGenerator.SqlTypes.Select, "User");
sqlGen.AddField("*");
sqlGen.AddWhereParameter("User", "UserName", email, SqlWhereComparison.SqlComparer.Equal);
sqlGen.AddWhereParameter("User", "Active", activeFlag.ToString(), SqlWhereComparison.SqlComparer.Equal);
// TODO: Should transition this to a data reader
DataTable dt = Adocls.FetchDataTable(sqlGen, "UserDatabase");
return(BuildAuthUserInformationModel(dt));
}
catch (Exception)
{
}
return(null);
}
