public static UserLoggedInProfile AuthenticateUser(string username, string password) { SqlDataReader reader; UserLoggedInProfile profile = new UserLoggedInProfile(); using (SqlConnection conn = new SqlConnection(Connection.connectionString)) { conn.Open(); //SqlCommand sqlCmd = new SqlCommand("SELECT Password From Users WHERE UserName='******'", conn); SqlCommand sqlCmd = new SqlCommand("SELECT Password, Role, UserID, FirstName From Users WHERE UserName=@userName", conn); sqlCmd.Parameters.AddWithValue("@userName", username); reader = sqlCmd.ExecuteReader(); if (reader.HasRows) { reader.Read(); Console.WriteLine("password hashed" + getSHA1Hash(password)); if (getSHA1Hash(password).Equals(reader["Password"])) { //string roleAcquired = (string)reader["Role"]; profile.UserID = (int) reader["UserID"]; profile.UserName = (string) reader["FirstName"]; profile.Role = (string)reader["Role"]; return profile; //return roleAcquired; } } } return new UserLoggedInProfile{Role="InvalidRole", UserName="",UserID=-1}; }
public ActionResult Login(UserLogin model, string returnUrl) { //string role = UserDAL.AuthenticateUser(model.UserName, model.Password); UserLoggedInProfile userProfile=new UserLoggedInProfile(); if (Session["UserID"] != null) //already logged in { if (Session["Role"].Equals("admin")||Session["Role"].Equals("member")) { return RedirectToLocal(returnUrl); } else { //TODO: Logger Console.WriteLine("Some error occured"); } } try { userProfile = UserDAL.AuthenticateUser(model.UserName, model.Password); } catch (Exception) { ModelState.AddModelError("", ""); } //new login string role=userProfile.Role; //populated above from database if (ModelState.IsValid && (role.Equals("admin") || role.Equals("member"))) { //if(role Session["Role"] = userProfile.Role; Session["UserName"] = userProfile.UserName; Session["UserID"] = userProfile.UserID; return RedirectToLocal(returnUrl); } // If we got this far, something failed, redisplay form ModelState.AddModelError("", "The user name or password provided is incorrect."); return View(model); }
// // POST: /Account/LogOff /*public ActionResult Logout() { Session.Abandon(); //end and abandon user session return RedirectToAction("Index", "Home"); } */ //[ChildActionOnly] //public ActionResult Logout(UserLoggedInProfile module) //{ // try // { // Session.Abandon(); //end and abandon user session // } // catch (Exception e) // { // ModelState.AddModelError("", "Some error occured."); // } // return RedirectToAction("Index", "Home"); //} public ActionResult Logout(UserLoggedInProfile module) { try { Session.Abandon(); //end and abandon user session } catch(Exception){ ModelState.AddModelError("", "Some error occured."); } return RedirectToAction("Index", "Home"); }