DutyMan Administrators' Guide

CONTENTS

Skip Navigation Links.

Authenticating against the DutyMan database

You can use the DutyMan memberauth SQL stored procedure to help build your own login page that authenticates your members against their credentials in DutyMan. By sharing credentials members need remember only a single login name and password.

Data is NOT ENCRYPTED during transmission.

Prerequisites

You must install an appropriate MySQL connector available for free download from www.mysql.com.  

For example:

MySQL Connector/ODBC for Windows, Linux, Mac OS X, and Unix platforms.

MySQL Connector/Net for .NET platforms.

We recommend that you install the current GA version.

Code Samples

In the connection string in the following code samples:

ROSTERID is your usual DutyMan Roster Identification

DBPSWD is the database password for user ROSTERID as shown on the DutyMan Administrators >Set Up >Security and Privacy page. To change your database password, for instance because you suspect it has been compromised, contact DutyMan Support.

Skip Navigation Links
VB.Net
C# 

Imports MySql.Data.MySqlClient   ' ... but first add a project reference for MySql.Data.dll
Imports System.Security.Cryptography

Module VBnet_Example

        ' This example assumes you have two textboxes on your login form to accept 
        ' a member's login name and password
        ' Name and password are typed in exactly as if logging into DutyMan

        If DoLogin(TextBoxName.text, TextBoxPassword.text) Then
            ' authorised ...
        Else
            ' login failed ...
        End If
   
   
    Public Function DoLogin(Name As String, Password As String) As Boolean
        Dim conn As New MySqlConnection
        Dim cmd As New MySqlCommand()

        ' set up and open a connection to the DutyMan database
        conn.ConnectionString = _
           "Server=dutyman.biz;Port=3307;Database=dutyman;Uid=ROSTERID;Pwd=DBPSWD;sslMode=None;"
        ' or better, define the connections string in your application settings

        ' SHA256 hash and Base64 encode
        Dim encoding As New System.Text.UTF8Encoding()
        Dim data(Password.Length) As Byte
        Dim shaM As New SHA256Managed()
        data = encoding.GetBytes(Password)
        Dim PasswordEncr As String = System.Convert.ToBase64String(shaM.ComputeHash(data))

        ' set up the MySQL command to authenticate
        cmd.Connection = conn
        cmd.CommandType = CommandType.Text
        cmd.CommandText = 
            String.Format("SELECT memberauth('{0}', '{1}')", Name, PasswordEncr)

        ' ask DutyMan for authentication
        Try
            conn.Open()
            Return cmd.ExecuteScalar()
        Catch ex As Exception
            Return False
        Finally
            cmd.Dispose()
            If conn.State = ConnectionState.Open Then conn.Close()
            conn.dispose()
        End Try

    End Function

End Module