/ASPNETVN.PORTAL.VS2K8/Components/Security/User.cs

# · C# · 347 lines · 267 code · 51 blank · 29 comment · 9 complexity · 7b7d52e7225230c9ca2c5fa1274c117e MD5 · raw file 

    

  1. using System;

    2. 

  2. using System.Collections;

    3. 

  3. using System.Data;

    4. 

  4. using System.Data.Common;

    5. 

  5. using System.Data.SqlClient;

    6. 

  6. using Microsoft.Practices.EnterpriseLibrary.Data;

    7. 

  7. using Microsoft.Practices.EnterpriseLibrary.Data.Sql;

    8. 

  8. using ASPNETVN.PORTAL.Components.Helpers;

    9. 

  9. 

    10. 

  10. namespace ASPNETVN.PORTAL.Components.Security

    11. 

  11. {

    12. 

  12.     public enum UserStatus

    13. 

  13.     {

    14. 

  14.         ACTIVE,

    15. 

  15.         DEACTIVE,

    16. 

  16.         LOCK

    17. 

  17.     }

    18. 

  18. 

    19. 

  19.     public partial class User

    20. 

  20.     {

    21. 

  21.         public override string ToString()

    22. 

  22.         {

    23. 

  23.             return this._Name + "|" + this._Email + "|" + this._ID;

    24. 

  24.         }

    25. 

  25. 

    26. 

  26.         public static DataSet SelectBy_RoleID(string roleID)

    27. 

  27.         {

    28. 

  28.             if (roleID == "ALL")

    29. 

  29.             {

    30. 

  30.                 return SelectAll();

    31. 

  31.             }

    32. 

  32. 

    33. 

  33.             const string spName = "p_SYSTEM_User_SelectBy_RoleID";

    34. 

  34.             Database db = DatabaseFactory.CreateDatabase();

    35. 

  35. 

    36. 

  36.             DbCommand dbCommand = db.GetStoredProcCommand(spName);

    37. 

  37. 

    38. 

  38.             db.AddInParameter(dbCommand, "@RoleID", DbType.String, roleID);

    39. 

  39. 

    40. 

  40.             return db.ExecuteDataSet(dbCommand);

    41. 

  41.         }

    42. 

  42. 

    43. 

  43.         public static DataSet SelectBy_ID(int id)

    44. 

  44.         {

    45. 

  45.             const string spName = "p_SYSTEM_User_Load";

    46. 

  46.             Database db = DatabaseFactory.CreateDatabase();

    47. 

  47. 

    48. 

  48.             DbCommand dbCommand = db.GetStoredProcCommand(spName);

    49. 

  49.             db.AddInParameter(dbCommand, "@ID", DbType.Int32, id);

    50. 

  50.             return db.ExecuteDataSet(dbCommand);

    51. 

  51.         }

    52. 

  52. 

    53. 

  53.         // Check Exist By Email and PortalID.

    54. 

  54.         public static bool CheckExist(string email)

    55. 

  55.         {

    56. 

  56.             const string spName = "p_SYSTEM_User_CheckExistBy_Email_PortalID";

    57. 

  57.             Database db = DatabaseFactory.CreateDatabase();

    58. 

  58.             DbCommand dbCommand = db.GetStoredProcCommand(spName);

    59. 

  59.             

    60. 

  60.             db.AddInParameter(dbCommand, "@Email", DbType.String, email);

    61. 

  61.             db.AddInParameter(dbCommand, "@PortalID", DbType.Guid, Global.PortalID);

    62. 

  62.             

    63. 

  63.             IDataReader reader = db.ExecuteReader(dbCommand);

    64. 

  64.             bool returnValue = false;

    65. 

  65.             if (reader.Read())

    66. 

  66.             {

    67. 

  67.                 returnValue = true;

    68. 

  68.             }

    69. 

  69.             reader.Close();

    70. 

  70.             dbCommand.Connection.Close();

    71. 

  71.             return returnValue;

    72. 

  72.         }

    73. 

  73. 

    74. 

  74.         // Reset Password By Email and PortalID with random new password.

    75. 

  75.         public static string ResetPassword(string email)

    76. 

  76.         {

    77. 

  77.             // Generate new password.

    78. 

  78.             Random rnd = new Random();

    79. 

  79.             string newPassword = string.Empty;

    80. 

  80.             for (int n = 0; n < 8; n++)

    81. 

  81.             {

    82. 

  82.                 newPassword += rnd.Next(0, 9).ToString();

    83. 

  83.             }

    84. 

  84. 

    85. 

  85.             return ResetPassword(email, newPassword);

    86. 

  86.         }

    87. 

  87. 

    88. 

  88.         // Reset Password By Email and PortalID with specific password.

    89. 

  89.         public static string ResetPassword(string email, string newPassword)

    90. 

  90.         {

    91. 

  91.             const string spName = "p_SYSTEM_User_ResetPasswordBy_Email_PortalID";

    92. 

  92.             Database db = DatabaseFactory.CreateDatabase();

    93. 

  93.             DbCommand dbCommand = db.GetStoredProcCommand(spName);

    94. 

  94.             

    95. 

  95.             db.AddInParameter(dbCommand, "@Email", DbType.String, email);

    96. 

  96.             db.AddInParameter(dbCommand, "@PortalID", DbType.Guid, Global.PortalID);

    97. 

  97.             db.AddInParameter(dbCommand, "@NewPassword", DbType.String, PortalSecurity.Encrypt(newPassword));

    98. 

  98.             int i = db.ExecuteNonQuery(dbCommand);

    99. 

  99.             if (i <= 0) newPassword = string.Empty;

    100. 

  100.             return newPassword;

    101. 

  101.         }

    102. 

  102. 

    103. 

  103.         public int Register()

    104. 

  104.         {

    105. 

  105.             const string spName = "p_SYSTEM_User_Register";

    106. 

  106.             SqlDatabase db = (SqlDatabase) DatabaseFactory.CreateDatabase();

    107. 

  107.             DbCommand dbCommand = db.GetStoredProcCommand(spName);

    108. 

  108.             db.AddInParameter(dbCommand, "@Name", SqlDbType.VarChar, this._Name);

    109. 

  109.             db.AddInParameter(dbCommand, "@Email", SqlDbType.VarChar, this._Email);

    110. 

  110.             db.AddInParameter(dbCommand, "@Password", SqlDbType.VarChar, PortalSecurity.Encrypt(this._Password));

    111. 

  111.             db.AddInParameter(dbCommand, "@PortalID", SqlDbType.UniqueIdentifier, Global.PortalID);

    112. 

  112.             db.AddOutParameter(dbCommand, "@ID", SqlDbType.Int, 4);

    113. 

  113.             db.ExecuteNonQuery(dbCommand);

    114. 

  114.             return (int) db.GetParameterValue(dbCommand, "@ID");

    115. 

  115.         }

    116. 

  116. 

    117. 

  117.         public static DataSet Search(string whereExpression)

    118. 

  118.         {

    119. 

  119.             string query = "SELECT * FROM t_SYSTEM_Users WHERE " + whereExpression;

    120. 

  120.             Database db = DatabaseFactory.CreateDatabase();

    121. 

  121.             DbCommand dbCommand = db.GetSqlStringCommand(query);

    122. 

  122.             return db.ExecuteDataSet(dbCommand);

    123. 

  123.         }

    124. 

  124. 

    125. 

  125.         //-----------------------------------------------------------------------------------------

    126. 

  126.         public static bool Active(string activeCode)

    127. 

  127.         {

    128. 

  128.             try

    129. 

  129.             {

    130. 

  130.                 const string spName = "p_SYSTEM_User_Active";

    131. 

  131.                 Database db = DatabaseFactory.CreateDatabase();

    132. 

  132.                 DbCommand dbCommand = db.GetStoredProcCommand(spName);

    133. 

  133.                 db.AddInParameter(dbCommand, "@Email", DbType.String, DecryptHelper.Decrypt(activeCode));

    134. 

  134.                 db.AddInParameter(dbCommand, "@PortalID", DbType.Guid, Global.PortalID);

    135. 

  135.                 int i = db.ExecuteNonQuery(dbCommand);

    136. 

  136.                 return i > 0;

    137. 

  137.             }

    138. 

  138.             catch

    139. 

  139.             {

    140. 

  140.                 return false;

    141. 

  141.             }

    142. 

  142.         }

    143. 

  143. 

    144. 

  144.         public static void UpdateStatus(int id, UserStatus status)

    145. 

  145.         {

    146. 

  146.             const string spName = "p_SYSTEM_User_UpdateStatus";

    147. 

  147.             Database db = DatabaseFactory.CreateDatabase();

    148. 

  148.             DbCommand dbCommand = db.GetStoredProcCommand(spName);

    149. 

  149.             db.AddInParameter(dbCommand, "@Status", DbType.String, status.ToString());

    150. 

  150.             db.AddInParameter(dbCommand, "@ID", DbType.Int32, id);

    151. 

  151.             db.ExecuteNonQuery(dbCommand);

    152. 

  152.         }

    153. 

  153. 

    154. 

  154.         // Change Password By Email and PortalID.

    155. 

  155.         public static bool ChangePassword(string email, string oldPassword, string newPassword)

    156. 

  156.         {

    157. 

  157.             const string spName = "p_SYSTEM_User_ChangePassword";

    158. 

  158.             Database db = DatabaseFactory.CreateDatabase();

    159. 

  159.             DbCommand dbCommand = db.GetStoredProcCommand(spName);

    160. 

  160.             db.AddInParameter(dbCommand, "@PortalID", DbType.Guid, Global.PortalID);

    161. 

  161.             db.AddInParameter(dbCommand, "@Email", DbType.String, email);

    162. 

  162.             db.AddInParameter(dbCommand, "@NewPassword", DbType.String, PortalSecurity.Encrypt(newPassword));

    163. 

  163.             db.AddInParameter(dbCommand, "@OldPassword", DbType.String, PortalSecurity.Encrypt(oldPassword));

    164. 

  164.             int i = db.ExecuteNonQuery(dbCommand);

    165. 

  165.             return i > 0;

    166. 

  166.         }

    167. 

  167. 

    168. 

  168.         public static bool AddToRole(int userID, string roleID)

    169. 

  169.         {

    170. 

  170.             const string spName = "p_SYSTEM_User_Role_Insert";

    171. 

  171.             Database db = DatabaseFactory.CreateDatabase();

    172. 

  172.             DbCommand dbCommand = db.GetStoredProcCommand(spName);

    173. 

  173.             db.AddInParameter(dbCommand, "@UserID", DbType.Int32, userID);

    174. 

  174.             db.AddInParameter(dbCommand, "@RoleID", DbType.String, roleID);

    175. 

  175.             int i = db.ExecuteNonQuery(dbCommand);

    176. 

  176.             return i > 0;

    177. 

  177.         }

    178. 

  178. 

    179. 

  179. 

    180. 

  180.         public static void AddToRole(int userID, int roleID)

    181. 

  181.         {

    182. 

  182.             AddToRole(null, userID, roleID);

    183. 

  183.         }

    184. 

  184. 

    185. 

  185. 

    186. 

  186.         private static void DeleteRole(DbTransaction transaction, int userID)

    187. 

  187.         {

    188. 

  188.             const string spName = "p_SYSTEM_Users_Roles_DeleteBy_UserID";

    189. 

  189.             SqlDatabase db = (SqlDatabase)DatabaseFactory.CreateDatabase();

    190. 

  190.             SqlCommand dbCommand = (SqlCommand)db.GetStoredProcCommand(spName);

    191. 

  191.             db.AddInParameter(dbCommand, "@UserID", SqlDbType.Int, userID);

    192. 

  192.             db.ExecuteNonQuery(dbCommand, transaction);

    193. 

  193.         }

    194. 

  194. 

    195. 

  195.         public static int RemoveRole(int userID, int roleID)

    196. 

  196.         {

    197. 

  197.             const string spName = "p_SYSTEM_Users_Roles_DeleteBy_UserID_RoleID";

    198. 

  198.             SqlDatabase db = (SqlDatabase)DatabaseFactory.CreateDatabase();

    199. 

  199.             SqlCommand dbCommand = (SqlCommand)db.GetStoredProcCommand(spName);

    200. 

  200.             db.AddInParameter(dbCommand, "@UserID", SqlDbType.Int, userID);

    201. 

  201.             db.AddInParameter(dbCommand, "@RoleID", SqlDbType.Int, roleID);

    202. 

  202.             return db.ExecuteNonQuery(dbCommand);

    203. 

  203. 

    204. 

  204.         }

    205. 

  205. 

    206. 

  206.         private static void AddToRole(DbTransaction transaction, int userID, int roleID)

    207. 

  207.         {

    208. 

  208.             const string spName = "p_SYSTEM_User_AddToRole";

    209. 

  209.             SqlDatabase db = (SqlDatabase)DatabaseFactory.CreateDatabase();

    210. 

  210.             SqlCommand dbCommand = (SqlCommand)db.GetStoredProcCommand(spName);

    211. 

  211. 

    212. 

  212.             db.AddInParameter(dbCommand, "@UserID", SqlDbType.Int, userID);

    213. 

  213.             db.AddInParameter(dbCommand, "@RoleID", SqlDbType.Int, roleID);

    214. 

  214. 

    215. 

  215.             if (transaction != null)

    216. 

  216.                 db.ExecuteNonQuery(dbCommand, transaction);

    217. 

  217.             else

    218. 

  218.                 db.ExecuteNonQuery(dbCommand);

    219. 

  219.         }

    220. 

  220. 

    221. 

  221. 

    222. 

  222.         public static bool AddToRoles(int userID, ArrayList roles)

    223. 

  223.         {

    224. 

  224.             bool returnValue;

    225. 

  225.             SqlDatabase db = (SqlDatabase)DatabaseFactory.CreateDatabase();

    226. 

  226.             using (SqlConnection connection = (SqlConnection)db.CreateConnection())

    227. 

  227.             {

    228. 

  228.                 connection.Open();

    229. 

  229.                 SqlTransaction transaction = connection.BeginTransaction();

    230. 

  230.                 {

    231. 

  231.                     try

    232. 

  232.                     {

    233. 

  233.                         // Clear all role of user before insert new role.

    234. 

  234.                         DeleteRole(transaction, userID);

    235. 

  235. 

    236. 

  236.                         foreach (string role in roles)

    237. 

  237.                         {

    238. 

  238.                             AddToRole(transaction, userID, Convert.ToInt32(role));

    239. 

  239.                         }

    240. 

  240.                         transaction.Commit();

    241. 

  241.                         returnValue = true;

    242. 

  242.                     }

    243. 

  243.                     catch

    244. 

  244.                     {

    245. 

  245.                         transaction.Rollback();

    246. 

  246.                         returnValue = false;

    247. 

  247.                     }

    248. 

  248.                     finally

    249. 

  249.                     {

    250. 

  250.                         connection.Close();

    251. 

  251.                     }

    252. 

  252.                 }

    253. 

  253.             }

    254. 

  254.             return returnValue;

    255. 

  255.         }

    256. 

  256. 

    257. 

  257.         //---------------------------------------------------------------------------------------------

    258. 

  258. 

    259. 

  259.         //// Get Roles By Email and PortalID.

    260. 

  260.         //public static string[] GetRoles(string email)

    261. 

  261.         //{

    262. 

  262.         //    string spName = "p_SYSTEM_User_GetRolesBy_Email_PortalID";

    263. 

  263.         //    Database db = DatabaseFactory.CreateDatabase();

    264. 

  264.         //    DbCommand dbCommand = db.GetStoredProcCommand(spName);

    265. 

  265. 

    266. 

  266.         //    db.AddInParameter(dbCommand, "@Email", DbType.String, email);

    267. 

  267.         //    db.AddInParameter(dbCommand, "@PortalID", DbType.Int32, Global.PortalID);

    268. 

  268. 

    269. 

  269.         //    IDataReader reader = db.ExecuteReader(dbCommand);

    270. 

  270. 

    271. 

  271.         //    ArrayList userRoles = new ArrayList();

    272. 

  272.         //    while (reader.Read())

    273. 

  273.         //    {

    274. 

  274.         //        userRoles.Add(reader["ID"].ToString());

    275. 

  275.         //    }

    276. 

  276. 

    277. 

  277.         //    reader.Close();

    278. 

  278.         //    dbCommand.Connection.Close();

    279. 

  279.         //    return (string[]) userRoles.ToArray(typeof (string));

    280. 

  280.         //}

    281. 

  281. 

    282. 

  282.         public static string[] GetRoles(int userID)

    283. 

  283.         {

    284. 

  284.             const string spName = "p_SYSTEM_User_GetRolesBy_UserID";

    285. 

  285.             Database db = DatabaseFactory.CreateDatabase();

    286. 

  286.             DbCommand dbCommand = db.GetStoredProcCommand(spName);

    287. 

  287. 

    288. 

  288.             db.AddInParameter(dbCommand, "@UserID", DbType.String, userID);

    289. 

  289. 

    290. 

  290.             IDataReader reader = db.ExecuteReader(dbCommand);

    291. 

  291. 

    292. 

  292.             ArrayList userRoles = new ArrayList();

    293. 

  293.             while (reader.Read())

    294. 

  294.             {

    295. 

  295.                 userRoles.Add(reader["ID"].ToString());

    296. 

  296.             }

    297. 

  297. 

    298. 

  298.             reader.Close();

    299. 

  299.             dbCommand.Connection.Close();

    300. 

  300.             return (string[])userRoles.ToArray(typeof(string));

    301. 

  301.         }

    302. 

  302. 

    303. 

  303.         public static DataSet SelectRolesBy_UserID(int userID)

    304. 

  304.         {

    305. 

  305.             const string spName = "p_SYSTEM_User_GetRolesBy_UserID";

    306. 

  306.             Database db = DatabaseFactory.CreateDatabase();

    307. 

  307.             DbCommand dbCommand = db.GetStoredProcCommand(spName);

    308. 

  308.             db.AddInParameter(dbCommand, "@UserID", DbType.String, userID);

    309. 

  309.             return db.ExecuteDataSet(dbCommand);

    310. 

  310.         }

    311. 

  311. 

    312. 

  312.         //-----------------------------------------------------------------------------------------

    313. 

  313. 

    314. 

  314.         // Login By Email and Password and PortalID.

    315. 

  315.         public static IdentityUser Login(string email, string password)

    316. 

  316.         {

    317. 

  317.             const string spName = "p_SYSTEM_User_Login";

    318. 

  318.             SqlDatabase db = (SqlDatabase)DatabaseFactory.CreateDatabase();

    319. 

  319.             SqlCommand dbCommand = (SqlCommand) db.GetStoredProcCommand(spName);

    320. 

  320.             db.AddInParameter(dbCommand, "@PortalID", SqlDbType.UniqueIdentifier, Global.PortalID);

    321. 

  321.             db.AddInParameter(dbCommand, "@Email", SqlDbType.VarChar, email);

    322. 

  322.             db.AddInParameter(dbCommand, "@Password", SqlDbType.VarChar, PortalSecurity.Encrypt(password));

    323. 

  323.             IDataReader reader = db.ExecuteReader(dbCommand);

    324. 

  324.             IdentityUser returnValue = null;

    325. 

  325.             if (reader.Read())

    326. 

  326.             {

    327. 

  327.                 returnValue = new IdentityUser(Convert.ToInt32(reader["ID"]), reader["Email"].ToString());

    328. 

  328.             }

    329. 

  329.             reader.Close();

    330. 

  330.             dbCommand.Connection.Close();

    331. 

  331.             return returnValue;

    332. 

  332.         }

    333. 

  333. 

    334. 

  334.         //-----------------------------------------------------------------------------------------

    335. 

  335. 

    336. 

  336.         public static int ChangeDepartment(int userID, string departmentID)

    337. 

  337.         {

    338. 

  338.             const string spName = "p_SYSTEM_User_ChangeDepartment";

    339. 

  339.             SqlDatabase db = (SqlDatabase) DatabaseFactory.CreateDatabase();

    340. 

  340.             SqlCommand dbCommand = (SqlCommand) db.GetStoredProcCommand(spName);

    341. 

  341. 

    342. 

  342.             db.AddInParameter(dbCommand, "@ID", SqlDbType.Int, userID);

    343. 

  343.             db.AddInParameter(dbCommand, "@DepartmentID", SqlDbType.VarChar, departmentID);

    344. 

  344.             return db.ExecuteNonQuery(dbCommand);

    345. 

  345.         }

    346. 

  346.     }

    347. 

  347. }
    348.