public Student AuthenticateUser(string username, string password)
{
Student student = null; // user token to build
// we need to hash the password first
var passwordHash = HashSha256(password);
try
{
// we need to pass the username and passwordhash
// to the data access method - if we get back a 1, the user is
// validated, anything else is unacceptable
var validationResult = StudentAccessor.VerifyUsernameAndPassword(username, passwordHash);
if (validationResult == 1) // user is validated
{
// need to get the employee object and roles
// to build the user object
// first, get the employee
student = StudentAccessor.RetrieveStudentByUsername(username);
// next, get the employee's roles
//var roles = StudentAccessor.RetrieveRolesByEmployeeID(employee.EmployeeID);
// bool passwordMustBeChanged = false;
// here's some code to prevent the user from using the app without
// changing his or her password first
/* if(password=="newuser")
* {
* passwordMustBeChanged = true;
* roles.Clear(); // clear the user's roles so the app can't be used
* roles.Add(new Role() { RoleID = "New User" });
* }
*
* // and create the user token
* user = new User(employee, roles, passwordMustBeChanged);
*/
}
else // user was not validated
{
// we can throw an exception here.
throw new ApplicationException("Login failed. Bad username (email address) or password");
}
}
catch (ApplicationException) // rethrow the applicaton exception
{
throw;
}
catch (Exception ex) // wrap and throw other types of exception
{
throw new ApplicationException("There was a problem connecting to the server.", ex);
}
return(student);
}
public bool DeactivateStudent(Student student)
{
bool result = false;
try
{
result = (1 == StudentAccessor.DeactivateStudent(student.StudentID));
}
catch (Exception)
{
throw;
}
return(true);
}
public List <Student> RetrieveStudentListByName(string name)
{
List <Student> studentDetail = null;
try
{
studentDetail = StudentAccessor.RetrieveStudentListByName(name);
}
catch (Exception)
{
throw;
}
return(studentDetail);
}
public List <Student> RetrieveStudentList(bool active = true)
{
List <Student> studentList = null;
try
{
studentList = StudentAccessor.RetrieveStudentByActive(active);
}
catch (Exception)
{
throw;
}
return(studentList);
}
public User AuthenticateUser(string username, string password)
{
User user = null;
// we can test for password complexity here, but won't for now
// first, hash the password
var passwordHash = hashSha256(password);
try
{
// we want to get a 1 as a result of calling the access method
if (1 == StudentAccessor.VerifyUsernameAndPassword(username, passwordHash))
{
// get the Student object
var Student = StudentAccessor.RetrieveStudentByUsername(username);
// get the list of roles
var roles = StudentAccessor.RetrieveStudentRoles(Student.StudentID);
// check to see if the password needs changing
bool passwordNeedsChanging = false;
//if(password == "newuser") // add additional reasons as needed
//{
// passwordNeedsChanging = true;
// roles.Clear();
// roles.Add(new Role() { RoleID = "New User" });
//}
// we might want to include code to invalidate the user, say
// by clearing the roles list if the user's password is expired
// such as with user.Roles.Clear();
user = new User(Student, roles, passwordNeedsChanging);
}
else // got back 0
{
throw new ApplicationException("Bad username or password.");
}
}
catch (Exception ex) // other exceptions are possible (SqlException)
{
// wrap the exception in one with a friendlier message.
throw new ApplicationException("Login Failure!", ex);
}
return(user);
}