I'm trying to return a password from a foreach-loop to do some validations, but I can't get the password-variable to return. I keep getting errors. I do this in my controller.
My code:
[HttpPost]
public IActionResult Login(userModel user)
{
ViewBag.Password = pwd.GetPassword(user);
string password = "";
foreach(var pwdR in ViewBag.Password.Rows)
{
password = pwdR[1];
}
return password; // Here I get this error: CS0029: Cannot implicitly convert type 'string' to 'Microsoft.AspNetCore.Mvc.IActionResult'
// VALIDATION CODE
....................
}
What am I doing wrong?
Thank you!
UPDATE:
[HttpPost]
public IActionResult Login(userModel user)
{
ScryptEncoder enc = new ScryptEncoder();
UserModel pwd = new UserModel();
ViewBag.Password = pwd.GetPassword(user);
string password = "";
foreach(var pwdR in ViewBag.Password.Rows)
{
password = pwdR[1];
}
return password; // Here I get this error: CS0029: Cannot implicitly convert type 'string' to 'Microsoft.AspNetCore.Mvc.IActionResult'
// VALIDATION CODE
bool match = enc.Compare(user.pwd, password);
if (match)
{
ViewBag.Error = "You are now logged in.";
return View();
} else
{
ViewBag.Error = "Login failed.";
return View();
}
}
CodePudding user response:
It is a big performance bug to load all users and to find one you need.
Try this code
[HttpPost]
public IActionResult Login(UserModel user)
{
ScryptEncoder enc = new ScryptEncoder();
var userNamePassword= GetUserNamePassword (user) ;
if( userNamePassword==null)
ViewBag.Error = "Login failed. User is not found";
return View();
}
// VALIDATION CODE
bool match = enc.Compare(userNamePassword.Password, password);
if (match)
{
ViewBag.Error = "You are now logged in.";
return View();
} else
{
ViewBag.Error = "Login failed.";
return View();
}
}
change your model class to this
public class UserNamePasswordModel
{
public string Username { get; set; }
public string Password { get; set; }
}
and place this code somewhere near the Login action
private UserNamePasswordModel GetUserNamePassword (UserModel user)
{
UserNamePasswordModel userNamePassword= null;
var connectionString = "Server=localhost;Database=xxxx; uid = xxxx;Password=xxxx;";
using (var connection = new MySqlConnection(connectionString))
{
var command = new MySqlCommand("SELECT UserName, Password FROM User WHERE Username = @Username", connection);
command.Parameters.AddWithValue("@Username", user.Username);
connection.Open();
var reader = command.ExecuteReader();
if (reader.HasRows)
{
if reader.Read()
{
userNamePassword= new UserNamePasswordModel
{
Username= reader.GetString(0),
Password = reader.GetString(1)
};
}
}
reader.Close();
}
}
return userNamePassword;
}
CodePudding user response:
try returning Ok with password in it, something like: return Ok(password);
CodePudding user response:
You should wrap your validation code in another class, something like UserService
, then call your validation method into Login
method, finally you can return a status code based on your validation result e.g Ok() or Unauthorized()
UPDATE
After your explanation, if I am not wrong, you can try this:
[HttpPost]
public IActionResult Login(userModel user)
{
ScryptEncoder enc = new ScryptEncoder();
UserModel pwd = new UserModel();
ViewBag.Password = pwd.GetPassword(user);
foreach(var pwdR in ViewBag.Password.Rows)
{
if (enc.Compare(user.pwd, pwdR[1])){
ViewBag.Error = "You are now logged in.";
return View();
}
}
ViewBag.Error = "Login failed.";
return View();
}