我目前正试图创建一个登录系统,并试图从我的用户数据库中返回一个密码(称为UserPass(。这样我就可以将返回的值与用户输入的值进行比较。我的首选方法是查找用户输入的用户名是否存在(这已经有效(,并使用相应的UserPass来确定是否允许用户登录。
这在.cshtml.cs页面上。我已经能够通过我的程序访问数据库,因为创建命令已经过测试并完成了工作。我的程序是在ASP.NET 6.0核心Web应用程序上运行的。
我是一名学生,对ASP.NET核心以及如何解决这个问题有基本的了解,因此,如果能提供尽可能多的简化解释,我将不胜感激。
这是我的LoginPage.chtml.cs:代码
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using AQA_A_Level_CS_NEA__Suvat_Solver_.Models;
using AQA_A_Level_CS_NEA__Suvat_Solver_.Data;
namespace AQA_A_Level_CS_NEA__Suvat_Solver_.Pages.UserLogin
{
[BindProperties(SupportsGet = true)]
public class LoginPageModel : PageModel
{
public new TempUserLoginModel TempUser { get; set; }
public bool HasPassword { get; set; } = true;
public bool HasUsername { get; set; } = true;
public bool IncorUsername { get; set; } = false;
public bool LoginApproved { get; set; }
public bool RegisterApproved { get; set; }
private readonly ApplicationDbContext _context;
public LoginPageModel(ApplicationDbContext context)
{
_context = context;
}
public List<User> UserList = new List<User>();
public void OnGet()
{
}
public IActionResult OnPost()
{
User User = new User();
HasPassword = true;
HasUsername = true;
IncorUsername = false;
UserList = _context.User.ToList();
if (string.IsNullOrWhiteSpace(TempUser.Password))
{
HasPassword = false;
}
if (string.IsNullOrWhiteSpace(TempUser.Username))
{
HasUsername = false;
}
if (UserList.Any(x => x.UserName == TempUser.Username))
{
string passtocheck = User.UserPass
.Where(x => x.UserName == TempUser.Username);
//my attempted method that does not work
if (passtocheck == TempUser.Password)
{
//this is where i would like to determine that password is correct
LoginApproved = true;
}
}
else
{
IncorUsername = true;
}
if (!HasPassword || !HasUsername || IncorUsername)
{
return RedirectToPage("/UserLogin/LoginPage", new {HasPassword,HasUsername,IncorUsername});
}
else
{
return RedirectToPage("/Index", new { LoginApproved });
};
}
}
}
以下是供参考的User.cs模型
namespace AQA_A_Level_CS_NEA__Suvat_Solver_.Models
{
public class User
{
public int UserId { get; set; }
public string UserName { get; set; } = string.Empty;
public string UserPass { get; set; } = string.Empty;
public int UserCorrectAnsw { get; set; } = 0;
public int UserTotalAnsw { get; set; } = 0;
public List<UsertoCourses> UsertoCourses { get; set; }
}
}
非常感谢。
忽略关于如何存储密码的所有其他部分(即,不要存储纯文本密码,存储注释中提到的加盐散列版本(,您似乎在将从用户处收到的密码与新建的User对象的密码进行比较。
相反,您要做的是将输入的密码与从具有匹配用户名的数据库中读取的UserList中的用户进行比较。
因此,取而代之的是:
if (UserList.Any(x => x.UserName == TempUser.Username))
{
//Here, User has been declared as "new User()" so the UserPass field/prop will just have
//any default value (assuming a default constructor)
string passtocheck = User.UserPass
.Where(x => x.UserName == TempUser.Username);
}
你需要这样的东西:
//See if you have a matching user
var foundUser = UserList.FirstOrDefault(x => x.UserName == TempUser.Username);
if(foundUser != null && foundUser.UserPass == TempUser.Password)
{
//Do something
}
您还可以通过不从数据库中获取所有用户,而是简单地查询具有匹配用户名和密码的用户来提高效率:
var foundUser = _context.User.FirstOrDefault(x => x.UserName == TempUser.Username && x.UserPass == TempUser.Password);