示例#1
0
        private bool ValidateCredentials(int userId, string ticket)
        {
            bool   valid  = false;
            ADONET AdoNet = new ADONET();

            try
            {
                /** query the database to authenticate private request **/
                AdoNet.SqlConnect();

                /** specify the stored procedure **/
                AdoNet.SqlNewCommand("dbo.authUser", "sp");
                /** INs **/
                AdoNet.SqlNewParam("Input", "@UserID", userId, SqlDbType.Int, 0);
                AdoNet.SqlNewParam("Input", "@Ticket", ticket, SqlDbType.Char, 36);
                /** OUTs **/
                AdoNet.SqlNewParam("Output", "@Authenticated", null, SqlDbType.Bit, 0);
                /** Execute SP **/
                AdoNet.SqlExecuteCommand();

                /** Obtain output params' values **/
                valid = Convert.ToBoolean(AdoNet.SqlOutputParamValue("@Authenticated"));
            }
            finally
            {
                AdoNet.SqlDisconnect();
            }

            return(valid);
        }
        public IPrincipal CreatePrincipal(string userId, string ticket)
        {
            ADONET AdoNet = new ADONET();
            bool   valid  = false;

            try
            {
                /** query the database to authenticate private request **/
                AdoNet.SqlConnect();

                /** specify the stored procedure **/
                AdoNet.SqlNewCommand("dbo.authUser", "sp");
                /** INs **/
                AdoNet.SqlNewParam("Input", "@UserID", userId, SqlDbType.Int, 0);
                AdoNet.SqlNewParam("Input", "@Ticket", ticket, SqlDbType.Char, 36);
                /** OUTs **/
                AdoNet.SqlNewParam("Output", "@Authenticated", null, SqlDbType.Bit, 0);
                /** Execute SP **/
                AdoNet.SqlExecuteCommand();

                /** Obtain output params' values **/
                valid = Convert.ToBoolean(AdoNet.SqlOutputParamValue("@Authenticated"));
            }
            catch
            {
                return(null);
            }
            finally
            {
                AdoNet.SqlDisconnect();
            }

            if (valid)
            {
                var        identity  = new GenericIdentity(userId);
                IPrincipal principal = new GenericPrincipal(identity, new[] { "User" });
                return(principal);
            }
            else
            {
                return(null);
            }
        }