/// <summary> /// Check the admin's password /// </summary> /// <param name="emailAddress">email is the login</param> /// <param name="password">password</param> /// <param name="db">database access object</param> /// <param name="adminId">output - admin id</param> /// <param name="fullName">output - admin's name</param> /// <returns>authentication is successful</returns> public static bool VerifyAdminLogin(string emailAddress, string password, SedogoDBEntities db, out int? adminId, out string fullName) { adminId = null; fullName = null; var admin = new Administrator(""); var lr = admin.VerifyLogin(emailAddress, password, false, true, "API. VerifyAdminLogin"); if (lr == loginResults.loginSuccess) { adminId = admin.administratorID; fullName = admin.administratorName; return true; } return false; /*System.Data.Objects.ObjectResult<spVerifyAdministratorLogin_Result> lresult = db.spVerifyAdministratorLogin(emailAddress); spVerifyAdministratorLogin_Result loginResult = lresult.FirstOrDefault(); if (loginResult != null && loginResult.AdministratorPassword == password) { adminID = loginResult.AdministratorID; return true; } return false;*/ }
/// <summary> /// Check the user's password /// </summary> /// <param name="emailAddress">email is the login</param> /// <param name="password">password</param> /// <param name="db">database access object</param> /// <param name="userId">output - user id</param> /// <param name="fullName">output - user's name</param> /// <returns>authentication is successful</returns> public static bool VerifyUserLogin(string emailAddress, string password, SedogoDBEntities db, out int? userId, out string fullName) { userId = null; fullName = null; var user = new SedogoUser(""); var checkResult = user.VerifyLogin(emailAddress, password, false, true, "API. VerifyUserLogin"); if ((checkResult == loginResults.loginSuccess)) { userId = user.userID; fullName = user.firstName + " " + user.lastName; return true; } return false; /*System.Data.Objects.ObjectResult<spVerifyUserLogin_Result> lresult = db.spVerifyUserLogin(emailAddress); spVerifyUserLogin_Result loginResult = lresult.FirstOrDefault(); if (loginResult != null && loginResult.UserPassword == password) { userID = loginResult.UserID; return true; } return false; */ }
/// <summary> /// Check user's or admin's authentication /// </summary> /// <param name="request">HTTP request with Basic Authentication header</param> /// <param name="db">database access object</param> /// <param name="role">user role</param> /// <param name="email">email acts like a login</param> /// <param name="id">output user's identifier</param> /// <param name="fullName">output user's name</param> /// <returns>true if authentication is successful</returns> public static bool TryAuthenticate(HttpRequestBase request, SedogoDBEntities db, UserRole role, out string email,out int? id, out string fullName) { email = null; id = null; fullName = null; var authHeader = request.Headers["Authorization"]; if (!string.IsNullOrEmpty(authHeader)) { const string basic = "basic "; if (authHeader.StartsWith(basic, StringComparison.InvariantCultureIgnoreCase)) { var e = request.ContentEncoding ?? Encoding.UTF8; var userNameAndPassword = e.GetString( Convert.FromBase64String(authHeader.Substring(basic.Length))); var parts = userNameAndPassword.Split(':'); email = parts[0]; var password = parts[1]; switch (role) { case UserRole.Admin: return VerifyAdminLogin(email, password, db, out id, out fullName); case UserRole.User: return VerifyUserLogin(email, password, db, out id, out fullName); case UserRole.Any: return VerifyUserLogin(email, password, db, out id, out fullName) || VerifyAdminLogin(email, password, db, out id, out fullName); default: break; } } } return false; }