public static bool CreateUser(UserModel newUser)
{
var connectionString = SqlServerEnvironmentConfig.GetConnectionStringWithWinAuthentication();
try
{
using (var connection = new SqlConnection(connectionString))
{
connection.Open();
using (var command = new SqlCommand("INSERT INTO [ScoreAppData].[dbo].[ScoreDataUserInfo] VALUES(@UserName, @Password, @RoleId)", connection))
{
var userNameParam = new SqlParameter("@UserName", newUser.UserName);
var passwordParam = new SqlParameter("@Password", newUser.Password);
// TODO: check if the new Role member is working with the insert!
var roleIdParam = new SqlParameter("@RoleId", newUser.Role);
command.Parameters.Add(userNameParam);
command.Parameters.Add(passwordParam);
command.Parameters.Add(roleIdParam);
return command.ExecuteNonQuery() != 0;
}
}
}
catch (Exception)
{
return false;
}
}
public ActionResult LoginIndex(UserModel user)
{
var success = LogIn(user);
if (success)
{
return RedirectToAction("Index", "Home");
}
return View(user);
}
public ActionResult RegisterView(UserModel user)
{
if (string.IsNullOrEmpty(user.UserName))
{
return View();
}
var success = CreateUser(user);
// TODO: use result to notify the user if something went wrong
if (success)
{
return RedirectToAction("LoginIndex", "Login");
}
return View();
}
private bool LogIn(UserModel user)
{
const string serviceUrl = ServiceConfig.AuthorizationServicePath + "AuthoriseUser";
var authenticatedUserString = ServiceHelper.PostToService<UserModel, string>(serviceUrl, user);
if (!string.IsNullOrEmpty(authenticatedUserString))
{
var split = authenticatedUserString.Split(':');
user.Id = int.Parse(split[0]);
user.Role = (UserRoles)Enum.Parse(typeof(UserRoles), split[1]);
//TODO: add Remember me field to the login form
var authTicket = new FormsAuthenticationTicket(1, user.UserName, DateTime.Now, DateTime.Now.AddMinutes(60), true, user.Role.ToString());
var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket));
Response.Cookies.Add(authCookie);
return true;
}
//TODO: make error messages more consistent!
ViewData.Add("ErrorMessage", "Failed to authenticate the user!");
return false;
}
//
// GET: /Competitor/
public ActionResult Index()
{
var requestUrl = ServiceConfig.AuthorizationServicePath;
var result = ServiceHelper.GetFromService<string>(requestUrl);
var data = new List<UserModel>();
if (!string.IsNullOrEmpty(result))
{
var split = result.Split(';');
foreach (var s in split)
{
var userSplit = s.Split(':');
var t = new UserModel
{
Id = int.Parse(userSplit[0]),
UserName = userSplit[1],
Role = (UserRoles)Enum.Parse(typeof(UserRoles), userSplit[2])
};
}
}
return View(data);
}
public bool UpdateUser(UserModel user)
{
return SqlManagment.UpdateUser(user);
}
public bool CreateUser(UserModel newUser)
{
return SqlManagment.CreateUser(newUser);
}
public string AuthoriseUser(UserModel user)
{
return SqlManagment.GetUserData(user);
}
private bool CreateUser(UserModel user)
{
const string serviceUrl = ServiceConfig.AuthorizationServicePath + "CreateUser";
return ServiceHelper.PostToService<UserModel, bool>(serviceUrl, user);
}
public static bool UpdateUser(UserModel user)
{
var connectionString = SqlServerEnvironmentConfig.GetConnectionStringWithWinAuthentication();
try
{
using (var connection = new SqlConnection(connectionString))
{
connection.Open();
using (var command = new SqlCommand("UPDATE [ScoreAppData].[dbo].[ScoreDataUserInfo] SET UserName = @UserName, Password = @Password WHERE Id = @Id", connection))
{
// TODO: this should be able to update the RoleId as well ?
var userNameParam = new SqlParameter("@UserName", user.UserName);
var passwordParam = new SqlParameter("@Password", user.Password);
var idParam = new SqlParameter("@Id", user.Id);
command.Parameters.Add(userNameParam);
command.Parameters.Add(passwordParam);
command.Parameters.Add(idParam);
return command.ExecuteNonQuery() != 0;
}
}
}
catch (Exception)
{
return false;
}
}
public static string GetUserData(UserModel user)
{
var connectionString = SqlServerEnvironmentConfig.GetConnectionStringWithWinAuthentication();
try
{
using (var connection = new SqlConnection(connectionString))
{
connection.Open();
using (var command = new SqlCommand("SELECT * FROM [ScoreAppData].[dbo].[ScoreDataUserInfo] WHERE UserName = @UserName", connection))
{
var userNameParameter = new SqlParameter("@UserName", user.UserName);
command.Parameters.Add(userNameParameter);
var reader = command.ExecuteReader();
if (reader.HasRows)
{
reader.Read();
if (string.Equals(user.Password, reader["Password"].ToString()))
{
//TODO: should the return not wait for the "using" to close? :?
return string.Format("{0}:{1}", reader["Id"], reader["RoleId"]);
}
}
}
}
}
catch (Exception)
{
return string.Empty;
}
return string.Empty;
}