public RegisterUserCode HashClearTextPassword(string UserName)
{
BorrowerDAL dal = new BorrowerDAL(_connection);
Borrower b = dal.BorrowerFindByName(UserName);
if (b == null)
{
return(RegisterUserCode.UserNameNotFound);
}
BorrowerSecuredDAL sdal = new BorrowerSecuredDAL(_connection);
BorrowerSecured sb = sdal.BorrowerSecuredFindByID(b.BorrowerID);
if (sb == null)
{
return(RegisterUserCode.SecuredDataNotFound);
}
// when using cleartext the SALT Field contains "ClearText" instead of salt
// the cleartext password in in HASH
if (sb.Salt == "ClearText")
{
string salt = System.Web.Helpers.Crypto.GenerateSalt(20);
// when using cleartext, the HASH field contains the cleartext password
string pw = sb.Hash + salt;
string hash = System.Web.Helpers.Crypto.HashPassword(pw);
sdal.BorrowerSecuredUpdateJust(b.BorrowerID, hash, salt);
}
else
{
return(RegisterUserCode.SecuredAlready);
}
return(RegisterUserCode.Success);
}
public Borrower ValidateUserClearText(string UserName, string Password)
{
BorrowerSecured rv = null;
BorrowerSecuredDAL dal = new BorrowerSecuredDAL(_connection);
{
rv = dal.BorrowerSecuredFindByName(UserName);
if (rv == null)
{
return(null);
}
if (Password == rv.Hash)
{
return(rv);
}
}
return(null);
}
public Borrower ValidateUserHashed(string UserName, string Password)
{
BorrowerSecured rv = null;
BorrowerSecuredDAL dal = new BorrowerSecuredDAL(_connection);
{
rv = dal.BorrowerSecuredFindByName(UserName);
if (rv == null)
{
return(null);
}
string pw = Password + rv.Salt;
bool verified =
System.Web.Helpers.Crypto.VerifyHashedPassword(rv.Hash, pw);
if (verified)
{
return(rv);
}
}
return(null);
}
public BorrowerSecured ToBorrowerSecured(IDataReader reader)
{
// rolename is read only so it must be constructed
BorrowerSecured rv = new BorrowerSecured(reader.GetString(5));
// the values of the GetXXX have been validated by the constructor
// the GetNullableXXX are EXTENSION methods. Look in class
// readerHelper. these functions 'appear' in reader when the
// readerHelper is in scope. dot into reader and see the icon
// in front of the GetNullableXXX methods. This is the indicator
// that the methods come from somewhere else.
rv.BorrowerID = reader.GetInt32(0);
rv.BorrowerName = reader.GetNullableString(1);
rv.BorrowerEMail = reader.GetNullableString(2);
rv.BorrowerDOB = reader.GetNullableDateTime(3);
rv.RoleID = reader.GetInt32(4);
rv.Hash = reader.GetNullableString(6);
rv.Salt = reader.GetNullableString(7);
return(rv);
}
public BorrowerSecured BorrowerSecuredFindByEMail(string EMail)
{
BorrowerSecured rv = null;
// a default return value
try
{
EnsureConnected();
using (IDbCommand command = _connection.CreateCommand())
{
// configure the command object
command.CommandType = CommandType.StoredProcedure;
command.CommandText = "BorrowerSecuredFindByEmail";
IDbDataParameter p = command.CreateParameter();
p.ParameterName = "@BorrowerEmail";
p.DbType = DbType.String;
p.Direction = ParameterDirection.Input;
p.Value = EMail;
command.Parameters.Add(p);
// load the data from the database
using (IDataReader reader = command.ExecuteReader())
{
// the mapper is constructed, and this is where the shape
// is validated to insure it is correct
// if the database structure changes,
// an exception will be thrown
// the less efficient Get Ordinal methods are only
// invoked one time per command
// this less efficient (but required) code
// is outside the loop
BorrowerSecuredMapper mapper = new BorrowerSecuredMapper(reader);
int count = 0;
while (reader.Read())
{
rv = mapper.ToBorrowerSecured(reader);
// the mapper uses the much more efficient getXXX
// methods internally to avoid boxing and
// string manipulation. this more efficient code is
// inside the loop
count++;
}
// this method is expecting a single record to be returned
// check to see if more than one record was returned
// this probably means that a where clause is incorrect in the SQL layer
if (count > 1)
{
throw new Exception("Multiple reccords found with id: {BorrowerID}");
}
}
}
}
catch (Exception ex) when(Logger.Log(ex, "DAL"))
{
// ALL exceptions are logged by the when clause
// and then the exception is tossed to the next layer up.
// the catch block is NEVER invoked because the
// when clause never evaluates to true since the
// Log method returns false
}
return(rv);
}
