private bool ValidateCredentials(int userId, string ticket)
{
bool valid = false;
ADONET AdoNet = new ADONET();
try
{
/** query the database to authenticate private request **/
AdoNet.SqlConnect();
/** specify the stored procedure **/
AdoNet.SqlNewCommand("dbo.authUser", "sp");
/** INs **/
AdoNet.SqlNewParam("Input", "@UserID", userId, SqlDbType.Int, 0);
AdoNet.SqlNewParam("Input", "@Ticket", ticket, SqlDbType.Char, 36);
/** OUTs **/
AdoNet.SqlNewParam("Output", "@Authenticated", null, SqlDbType.Bit, 0);
/** Execute SP **/
AdoNet.SqlExecuteCommand();
/** Obtain output params' values **/
valid = Convert.ToBoolean(AdoNet.SqlOutputParamValue("@Authenticated"));
}
finally
{
AdoNet.SqlDisconnect();
}
return(valid);
}
public IPrincipal CreatePrincipal(string userId, string ticket)
{
ADONET AdoNet = new ADONET();
bool valid = false;
try
{
/** query the database to authenticate private request **/
AdoNet.SqlConnect();
/** specify the stored procedure **/
AdoNet.SqlNewCommand("dbo.authUser", "sp");
/** INs **/
AdoNet.SqlNewParam("Input", "@UserID", userId, SqlDbType.Int, 0);
AdoNet.SqlNewParam("Input", "@Ticket", ticket, SqlDbType.Char, 36);
/** OUTs **/
AdoNet.SqlNewParam("Output", "@Authenticated", null, SqlDbType.Bit, 0);
/** Execute SP **/
AdoNet.SqlExecuteCommand();
/** Obtain output params' values **/
valid = Convert.ToBoolean(AdoNet.SqlOutputParamValue("@Authenticated"));
}
catch
{
return(null);
}
finally
{
AdoNet.SqlDisconnect();
}
if (valid)
{
var identity = new GenericIdentity(userId);
IPrincipal principal = new GenericPrincipal(identity, new[] { "User" });
return(principal);
}
else
{
return(null);
}
}