public CustomerDataSet GetCustomerByLogon(string username) { var retDataset = new CustomerDataSet(); try { conn.Open(); SqlCommand cmd = conn.CreateCommand(); cmd.CommandType = System.Data.CommandType.StoredProcedure; cmd.CommandText = "spGetCustomerByLogon"; var p = new SqlParameter("username", username); cmd.Parameters.Add(p); SqlDataReader reader = cmd.ExecuteReader(); if (reader != null) { if (reader.Read()) { var user = retDataset.Customer.NewCustomerRow(); user.CustomerId = int.Parse(reader["CustomerId"].ToString()); user.FirstName = reader["FirstName"].ToString(); user.LastName = reader["LastName"].ToString(); user.Email = reader["Email"].ToString(); user.Username = reader["Username"].ToString(); user.Hash = reader["Hash"].ToString(); user.Status = reader["Status"].ToString(); user.StatusId = int.Parse(reader["StatusId"].ToString()); user.Active = bool.Parse(reader["Active"].ToString()); retDataset.Customer.AddCustomerRow(user); } reader.Close(); } } catch (Exception ex) { throw new OperationFailedException(ex.Message, ex); } finally { if (conn.State != System.Data.ConnectionState.Closed) { conn.Close(); } } return(retDataset); }
public int AddCustomer(CustomerDataSet customer, int security_question_id, string security_answer) { int newId = -1; try { if (conn.State != ConnectionState.Open) { conn.Open(); } SqlCommand cmd = conn.CreateCommand(); cmd.CommandType = CommandType.StoredProcedure; cmd.CommandText = "spAddCustomer"; var p2 = new SqlParameter[5]; for (int i = 0; i < 5; i++) { p2[i] = new SqlParameter(); } p2[0] = new SqlParameter("firstName", customer.Customer[0].FirstName); p2[1] = new SqlParameter("lastName", customer.Customer[0].LastName); p2[2] = new SqlParameter("email", customer.Customer[0].Email); p2[3] = new SqlParameter("username", customer.Customer[0].Username); p2[4] = new SqlParameter("updatUser", 100); cmd.Parameters.AddRange(p2); newId = int.Parse(cmd.ExecuteScalar().ToString()); if (conn.State != ConnectionState.Closed) { conn.Close(); } UpdateUserSecurity(newId, customer.Customer[0].Hash, security_question_id, security_answer); } catch (Exception ex) { throw new OperationFailedException(ex.Message, ex); } finally { if (conn.State != ConnectionState.Closed) { conn.Close(); } } return(newId); }
/// <summary> /// This method authenticates the login credentials passed /// </summary> /// <param name="orgId"></param> /// <param name="logon">The clear form logon name of the user</param> /// <param name="password">The clear form password of the user</param> /// <returns>An inner variable which is a <see cref="AuthResult"/></returns> public AuthResult Authenticate(string logon, string password) { var result = new AuthResult(); CustomerDataSet users = GetCustomerByLogon(logon); if (users.Customer.Count == 0) { //user unknown result.ExtraMessage = string.Format("the user is unknown."); } else { //there is a user with such logon //now check the password if (Utils.IsEqual(users.Customer[0].Hash, password)) { /*//the password is correct * result.ReturnCode = LoginReturn.Success; * result.Success = true; * _userId = users.User[0].UserId; * result.UserId = _userId.ToString(); * result.UserToken = Utils.GenerateUserToken(); * _userToken = result.UserToken; * lastOperationDateTime = DateTime.Now; * result.UserFullName = string.Format("{0} {1}", users.User[0].FirstName, users.User[0].LastName); */ switch (users.Customer[0].StatusId) { case 1: result.ReturnCode = LoginReturn.Success; result.Success = true; _userId = users.Customer[0].CustomerId; result.UserId = users.Customer[0].CustomerId.ToString(); result.UserToken = Utils.GenerateUserToken(); _userToken = result.UserToken; lastOperationDateTime = DateTime.Now; result.UserFullName = string.Format("{0} {1}", users.Customer[0].FirstName, users.Customer[0].LastName); break; case 2: result.ReturnCode = LoginReturn.InactiveUser; result.Success = false; _userId = users.Customer[0].CustomerId; result.UserId = users.Customer[0].CustomerId.ToString(); result.UserToken = Utils.GenerateUserToken(); _userToken = result.UserToken; lastOperationDateTime = DateTime.Now; result.UserFullName = string.Format("{0} {1}", users.Customer[0].FirstName, users.Customer[0].LastName); break; case 3: result.Success = false; result.ReturnCode = LoginReturn.DeletedUser; break; case 4: result.Success = false; result.ReturnCode = LoginReturn.ExpiredCredentials; break; } } else { //the password is wrong result.ExtraMessage = string.Format("the password is incorrect."); } } return(result); }