public CustomerDataSet GetCustomerByLogon(string username)
{
var retDataset = new CustomerDataSet();
try
{
conn.Open();
SqlCommand cmd = conn.CreateCommand();
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.CommandText = "spGetCustomerByLogon";
var p = new SqlParameter("username", username);
cmd.Parameters.Add(p);
SqlDataReader reader = cmd.ExecuteReader();
if (reader != null)
{
if (reader.Read())
{
var user = retDataset.Customer.NewCustomerRow();
user.CustomerId = int.Parse(reader["CustomerId"].ToString());
user.FirstName = reader["FirstName"].ToString();
user.LastName = reader["LastName"].ToString();
user.Email = reader["Email"].ToString();
user.Username = reader["Username"].ToString();
user.Hash = reader["Hash"].ToString();
user.Status = reader["Status"].ToString();
user.StatusId = int.Parse(reader["StatusId"].ToString());
user.Active = bool.Parse(reader["Active"].ToString());
retDataset.Customer.AddCustomerRow(user);
}
reader.Close();
}
}
catch (Exception ex)
{
throw new OperationFailedException(ex.Message, ex);
}
finally
{
if (conn.State != System.Data.ConnectionState.Closed)
{
conn.Close();
}
}
return(retDataset);
}
public int AddCustomer(CustomerDataSet customer, int security_question_id, string security_answer)
{
int newId = -1;
try
{
if (conn.State != ConnectionState.Open)
{
conn.Open();
}
SqlCommand cmd = conn.CreateCommand();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "spAddCustomer";
var p2 = new SqlParameter[5];
for (int i = 0; i < 5; i++)
{
p2[i] = new SqlParameter();
}
p2[0] = new SqlParameter("firstName", customer.Customer[0].FirstName);
p2[1] = new SqlParameter("lastName", customer.Customer[0].LastName);
p2[2] = new SqlParameter("email", customer.Customer[0].Email);
p2[3] = new SqlParameter("username", customer.Customer[0].Username);
p2[4] = new SqlParameter("updatUser", 100);
cmd.Parameters.AddRange(p2);
newId = int.Parse(cmd.ExecuteScalar().ToString());
if (conn.State != ConnectionState.Closed)
{
conn.Close();
}
UpdateUserSecurity(newId, customer.Customer[0].Hash, security_question_id,
security_answer);
}
catch (Exception ex)
{
throw new OperationFailedException(ex.Message, ex);
}
finally
{
if (conn.State != ConnectionState.Closed)
{
conn.Close();
}
}
return(newId);
}
/// <summary>
/// This method authenticates the login credentials passed
/// </summary>
/// <param name="orgId"></param>
/// <param name="logon">The clear form logon name of the user</param>
/// <param name="password">The clear form password of the user</param>
/// <returns>An inner variable which is a <see cref="AuthResult"/></returns>
public AuthResult Authenticate(string logon, string password)
{
var result = new AuthResult();
CustomerDataSet users = GetCustomerByLogon(logon);
if (users.Customer.Count == 0)
{
//user unknown
result.ExtraMessage = string.Format("the user is unknown.");
}
else
{
//there is a user with such logon
//now check the password
if (Utils.IsEqual(users.Customer[0].Hash, password))
{
/*//the password is correct
* result.ReturnCode = LoginReturn.Success;
* result.Success = true;
* _userId = users.User[0].UserId;
* result.UserId = _userId.ToString();
* result.UserToken = Utils.GenerateUserToken();
* _userToken = result.UserToken;
* lastOperationDateTime = DateTime.Now;
* result.UserFullName = string.Format("{0} {1}", users.User[0].FirstName, users.User[0].LastName);
*/
switch (users.Customer[0].StatusId)
{
case 1:
result.ReturnCode = LoginReturn.Success;
result.Success = true;
_userId = users.Customer[0].CustomerId;
result.UserId = users.Customer[0].CustomerId.ToString();
result.UserToken = Utils.GenerateUserToken();
_userToken = result.UserToken;
lastOperationDateTime = DateTime.Now;
result.UserFullName = string.Format("{0} {1}", users.Customer[0].FirstName,
users.Customer[0].LastName);
break;
case 2:
result.ReturnCode = LoginReturn.InactiveUser;
result.Success = false;
_userId = users.Customer[0].CustomerId;
result.UserId = users.Customer[0].CustomerId.ToString();
result.UserToken = Utils.GenerateUserToken();
_userToken = result.UserToken;
lastOperationDateTime = DateTime.Now;
result.UserFullName = string.Format("{0} {1}", users.Customer[0].FirstName,
users.Customer[0].LastName);
break;
case 3:
result.Success = false;
result.ReturnCode = LoginReturn.DeletedUser;
break;
case 4:
result.Success = false;
result.ReturnCode = LoginReturn.ExpiredCredentials;
break;
}
}
else
{
//the password is wrong
result.ExtraMessage = string.Format("the password is incorrect.");
}
}
return(result);
}
