1

I'm trying to consume a webservice class called "Member". localhost is a web reference for the webservice "Authenticate". I'm creating a login page using a login control in ASP.NET. This piece of code is in the login routine. Can you give me a hint please? I want the login control to read the string that the webservice returns so that I can check if the user is authenticated or not. if it returns "noaccess" then the person cant access protected pages. Thank you :)

protected void lgnMemeber_Authenticate(object sender, AuthenticateEventArgs e)
{
 try {
   string emailAddress = lgnMemeber.UserName;
   string userPassword = lgnMemeber.Password;
   localhost.Member memb = new localhost.Member();
   localhost.Authenticate auth = new localhost.Authenticate();
   string authReturn=auth.Authenticatee(emailAddress, userPassword).ToString();
   lblError.Text = emailAddress; lblError.Text += userPassword; lblError.Text += authReturn;

  //string access = "noaccess";
  // if (authReturn.Contains(access))
  //{
      // e.Authenticated = false;
  //}
  //else
  //{
    // e.Authenticated = true;
  //}

 }
 catch(Exception ex) {
    lblError.Text += ex.Message;
 }
 }

Here is my webService:

/// <summary>
/// Member class
/// </summary>
public class Member
{

    public string accessLevel;

    /// <summary>
    /// Member constructor
    /// </summary>
    public Member()
    {
        accessLevel = "noaccess";
    }
}


/// <summary>
/// HASC Authentication Web Service
/// </summary>
[WebService(Description = "Hamilton Adult Soccer Club (HASC) Authentication Web          Service.", Namespace = "http://mohawkcollege.ca/hasc")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line. 
// [System.Web.Script.Services.ScriptService]
public class Authenticate : System.Web.Services.WebService {

    public Authenticate () {

        //Uncomment the following line if using designed components 
        //InitializeComponent(); 
    }

    /// <summary>
    /// Take the email and password of the user. If user exists, it returns the access   level and the PesronID of that member
    /// </summary>
    /// <param name="Email">Email of the member</param>
    /// <param name="Password">Password of the member to authenticate</param>
    /// <returns>Access level and PersonID of authenticated member</returns>
    [WebMethod(Description = "<ul><li>Accepts 2 string parameters, Email and Password.</li><li>Returns a string indicating access level and the PersonID of the authenticated club member</li></ul>")]
    public Member Authenticatee(string Email, string Password)
    {
        Member member = new Member();

        string con_string = WebConfigurationManager.ConnectionStrings["HASCConnectionString"].ConnectionString;
        SqlConnection con = new SqlConnection(con_string);
        SqlCommand cmd = new SqlCommand("SELECT PersonID, Email, UserPassword, Player, Coach, Referee, Administrator FROM Persons WHERE Email='" + Email+"' AND UserPassword='"+Password+"'", con);

        try
        {
            using (con)
            {
                con.Open();
                SqlDataReader reader = cmd.ExecuteReader();
                if (reader.Read())
                {
                    int personID = reader.GetInt32(0);
                    bool player = reader.GetBoolean(3);
                    bool coach = reader.GetBoolean(4);
                    bool referee =reader.GetBoolean(5);
                    bool admin = reader.GetBoolean(6);

                   if (Email == reader.GetString(1) && Password==reader.GetString(2))
                   {       
                       if (player) { 
                           member.accessLevel = "player,"+personID; 
                       } 
                       else if(coach) { 
                           member.accessLevel = "coach,"+personID;
                       }
                       else if (referee)
                       {
                           member.accessLevel = "referee,"+personID;
                       }
                       else if (admin)
                       {
                           member.accessLevel = "admin,"+personID;
                       }
                       else
                       {
                           member.accessLevel = "accessapproved";
                       }
                   }                 
                }
            }
        }
        catch 
        {
            member.accessLevel = "noaccess";
        }

        return member;
    }
}
Fruits
  • 35
  • 6
  • Method _Authenticatee()_ returns an instance of _Member_ class, which string are you referring to? – thepirat000 Mar 17 '14 at 23:47
  • I want to check if the user is authenticated or not. if it returns "noaccess" then the person cant access protected pages – Fruits Mar 17 '14 at 23:47
  • @Fruits - is the intention is to call the service from client, and service be able to authenticate, or you already got the authenticate object and just want to check its accesslevel? – Dreamer Mar 17 '14 at 23:52

1 Answers1

3

Change this line:

string authReturn=auth.Authenticatee(emailAddress, userPassword).ToString();

To this:

string authReturn = auth.Authenticatee(emailAddress, userPassword).accessLevel;

Or... Override the ToString method in your Member class:

public class Member
{
    ...
    public override string ToString()
    {
        return accessLevel;
    }
}

By the way, the recommendation is not to use public fields (like accessLevel): make it private, or use a public property instead: Why won't anyone accept public fields in C#?

Community
  • 1
  • 1
thepirat000
  • 12,362
  • 4
  • 46
  • 72