I'm currently attempting to create a login system, and I am trying to return a Password (called UserPass) from my User Database. This is so I can compare the returned value from the value given by the user input. My preferred method is to find whether the username inputted by the user exists (This already works), and use the corresponding UserPass to determine whether the user should be allowed to log in.
This is on a .cshtml.cs page. I am already able to access the database through my program, as create commands have been tested and do work. My program is on ASP.NET 6.0 Core Web App.
I am a student with basic knowledge on ASP.NET Core, and on how to solve this issue, therefore as much of a simplified explanation would be very appreciated.
Here is my code for the LoginPage.cshtml.cs:
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using AQA_A_Level_CS_NEA__Suvat_Solver_.Models;
using AQA_A_Level_CS_NEA__Suvat_Solver_.Data;
namespace AQA_A_Level_CS_NEA__Suvat_Solver_.Pages.UserLogin
{
[BindProperties(SupportsGet = true)]
public class LoginPageModel : PageModel
{
public new TempUserLoginModel TempUser { get; set; }
public bool HasPassword { get; set; } = true;
public bool HasUsername { get; set; } = true;
public bool IncorUsername { get; set; } = false;
public bool LoginApproved { get; set; }
public bool RegisterApproved { get; set; }
private readonly ApplicationDbContext _context;
public LoginPageModel(ApplicationDbContext context)
{
_context = context;
}
public List<User> UserList = new List<User>();
public void OnGet()
{
}
public IActionResult OnPost()
{
User User = new User();
HasPassword = true;
HasUsername = true;
IncorUsername = false;
UserList = _context.User.ToList();
if (string.IsNullOrWhiteSpace(TempUser.Password))
{
HasPassword = false;
}
if (string.IsNullOrWhiteSpace(TempUser.Username))
{
HasUsername = false;
}
if (UserList.Any(x => x.UserName == TempUser.Username))
{
string passtocheck = User.UserPass
.Where(x => x.UserName == TempUser.Username);
//my attempted method that does not work
if (passtocheck == TempUser.Password)
{
//this is where i would like to determine that password is correct
LoginApproved = true;
}
}
else
{
IncorUsername = true;
}
if (!HasPassword || !HasUsername || IncorUsername)
{
return RedirectToPage("/UserLogin/LoginPage", new {HasPassword,HasUsername,IncorUsername});
}
else
{
return RedirectToPage("/Index", new { LoginApproved });
};
}
}
}
Here is the User.cs Model for reference
namespace AQA_A_Level_CS_NEA__Suvat_Solver_.Models
{
public class User
{
public int UserId { get; set; }
public string UserName { get; set; } = string.Empty;
public string UserPass { get; set; } = string.Empty;
public int UserCorrectAnsw { get; set; } = 0;
public int UserTotalAnsw { get; set; } = 0;
public List<UsertoCourses> UsertoCourses { get; set; }
}
}
Many Thanks.
CodePudding user response:
Ignoring all the other bits around how you are storing passwords (i.e. don't store plain text passwords, store a salted hashed version as mentioned in the comments), you appear to be comparing the password you've received from the user against the password of a newly constructed User
object.
What you want to do instead is to compare that entered password against the user in UserList
that you've read from the database which has the matching username.
So instead of this:
if (UserList.Any(x => x.UserName == TempUser.Username))
{
//Here, User has been declared as "new User()" so the UserPass field/prop will just have
//any default value (assuming a default constructor)
string passtocheck = User.UserPass
.Where(x => x.UserName == TempUser.Username);
}
You'd need something like this:
//See if you have a matching user
var foundUser = UserList.FirstOrDefault(x => x.UserName == TempUser.Username);
if(foundUser != null && foundUser.UserPass == TempUser.Password)
{
//Do something
}
You can also make things more efficient by not fetching all users from the database and instead simply query for one with a matching username and password instead:
var foundUser = _context.User.FirstOrDefault(x => x.UserName == TempUser.Username && x.UserPass == TempUser.Password);