public override bool ValidateUser(string username, string password)
{
bool isValid = false;
SqlConnection conn = new SqlConnection(connectionString);
SqlCommand cmd = new SqlCommand("SELECT Password, IsApproved FROM Users " +
" WHERE Username = @Username AND ApplicationName = @ApplicationName AND IsLockedOut = False", conn);
cmd.Parameters.AddWithValue("@Username", username);
cmd.Parameters.AddWithValue("@ApplicationName", pApplicationName);
SqlDataReader reader = null;
bool isApproved = false;
string pwd = "";
try
{
conn.Open();
reader = cmd.ExecuteReader(CommandBehavior.SingleRow);
if (reader.HasRows)
{
reader.Read();
pwd = reader.GetString(0);
isApproved = reader.GetBoolean(1);
}
else
{
return false;
}
reader.Close();
if (CheckPassword(password, pwd))
{
if (isApproved)
{
isValid = true;
SqlCommand updateCmd = new SqlCommand("UPDATE Users SET LastLoginDate = @LastLoginDate" +
" WHERE Username = @Username AND ApplicationName = @ApplicationName", conn);
updateCmd.Parameters.AddWithValue("@LastLoginDate", DateTime.Now);
updateCmd.Parameters.AddWithValue("@Username", username);
updateCmd.Parameters.AddWithValue("@ApplicationName", pApplicationName);
updateCmd.ExecuteNonQuery();
}
}
else
{
conn.Close();
UpdateFailureCount(username, "password");
}
}
catch (SqlException e)
{
if (WriteExceptionsToEventLog)
{
WriteToEventLog(e, "ValidateUser");
throw new ProviderException(exceptionMessage);
}
else
{
throw e;
}
}
finally
{
if (reader != null) { reader.Close(); }
conn.Close();
}
return isValid;
}