While working with web API you need to ensure that the device that is making the request and getting the response will be tracked and its details with its UUID gets stored into the database.
While registering the employee i have also stored its device UUID that will be used to provide the login to that user.
public EmployeeResponse RegisterEmployee(EmployeeRequest empobj)
{
try
{
int result = 0;
string accessToken = Guid.NewGuid().ToString();
empResponse = new EmployeeResponse();
using (SqlConnection sqlConnection = new SqlConnection(ConnectionString))
{
if (sqlConnection.State == ConnectionState.Closed)
{
sqlConnection.Open();
}
List<SqlParameter> parameterList = new List<SqlParameter>();
parameterList.Add(new SqlParameter("@FirstName", empobj.FirstName));
parameterList.Add(new SqlParameter("@LastName", empobj.LastName));
parameterList.Add(new SqlParameter("@JobRoleID", empobj.JobRoleId));
parameterList.Add(new SqlParameter("@Email", empobj.Email));
parameterList.Add(new SqlParameter("@CompanyID", empobj.CompanyId));
parameterList.Add(new SqlParameter("@Password", empobj.Password));
parameterList.Add(new SqlParameter("@PasswordSalt", Guid.NewGuid().ToString()));
parameterList.Add(new SqlParameter("@AccessToken", accessToken));
parameterList.Add(new SqlParameter("@DeviceUUID", empobj.DeviceId));
parameterList.Add(new SqlParameter("@DeviceType", empobj.DeviceType));
parameterList.Add(new SqlParameter("@CreatedDate", System.DateTime.Now));
parameterList.Add(new SqlParameter("@IsDeleted", empobj.IsDeleted));
parameterList.Add(new SqlParameter("@DeletedDate", System.DateTime.Now));
result = Convert.ToInt32(SqlHelper.ExecuteNonQuery(sqlConnection, CommandType.StoredProcedure, "uspRegisterUser", parameterList.ToArray()));
switch (result)
{
case 1:
empResponse.Status = true;
empResponse.Message = "User successfully registered.";
empobj.AccessToken = accessToken;
break;
case 2:
empResponse.Status = false;
empResponse.Message = "Email already exists.";
break;
default:
empResponse.Status = false;
empResponse.Message = "Registration failed.";
break;
}
}
}
catch (SqlException ex)
{
Logger.LogException(ex);
empResponse.Status = false;
empResponse.Message = ex.Message;
}
return empResponse;
}
After that i have made a stored procedure that will update the device UUID of the user when the login is been made.
ALTER PROC [dbo].[uspAuthenticateUser]
@Email NVARCHAR(100),
@Password NVARCHAR(50),
@DeviceUUID VARCHAR(500),
@DeviceType VARCHAR(150)
AS
IF EXISTS(SELECT 1 FROM [dbo].[User] WHERE [Email] = @Email AND [IsDeleted] = 0)
BEGIN
Declare @PasswordEncrypted NVARCHAR(MAX);
Declare @PasswordDecrypted VARCHAR(MAX);
Declare @PasswordSalt VARCHAR(50);
SELECT @PasswordEncrypted = [Password], @PasswordSalt = [PasswordSalt] FROM [dbo].[User] WHERE [Email] = @Email AND [IsDeleted] = 0
SET @PasswordDecrypted = CONVERT(VARCHAR(MAX), DECRYPTBYPASSPHRASE (@PasswordSalt, @PasswordEncrypted))
IF(@Password = @PasswordDecrypted)
BEGIN
UPDATE [dbo].[User]
SET [DeviceUUID] = @DeviceUUID,
[DeviceType] = @DeviceType
WHERE [Email] = @Email AND [IsDeleted] = 0
SELECT [Email], FirstName + ' ' + LastName As FullName, [AccessToken],id FROM [dbo].[User] WHERE [Email] = @Email AND [IsDeleted] = 0
END
END
This device UUID is used while providing login anytime to the user.
This will make sure that application will not crash because of the absence of the device UUID.
0 Comment(s)