1

I'm currently attempting to create a login system, and I am trying to return a Password (called UserPass) from my User Database. This is so I can compare the returned value from the value given by the user input. My preferred method is to find whether the username inputted by the user exists (This already works), and use the corresponding UserPass to determine whether the user should be allowed to log in.

This is on a .cshtml.cs page. I am already able to access the database through my program, as create commands have been tested and do work. My program is on ASP.NET 6.0 Core Web App.

I am a student with basic knowledge on ASP.NET Core, and on how to solve this issue, therefore as much of a simplified explanation would be very appreciated.

Here is my code for the LoginPage.cshtml.cs:

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using AQA_A_Level_CS_NEA__Suvat_Solver_.Models;
using AQA_A_Level_CS_NEA__Suvat_Solver_.Data;

namespace AQA_A_Level_CS_NEA__Suvat_Solver_.Pages.UserLogin
{
    [BindProperties(SupportsGet = true)]
    public class LoginPageModel : PageModel
    {
        

        public new TempUserLoginModel TempUser { get; set; }
        public bool HasPassword { get; set; } = true;
        public bool HasUsername { get; set; } = true;
        public bool IncorUsername { get; set; } = false;
        public bool LoginApproved { get; set; }

        public bool RegisterApproved { get; set; }

        private readonly ApplicationDbContext _context;
        public LoginPageModel(ApplicationDbContext context)
        {
            _context = context;
        }
        public List<User> UserList = new List<User>();

        public void OnGet()
        {

        }
        public IActionResult OnPost()
        {
            User User = new User();
            HasPassword = true;
            HasUsername = true;
            IncorUsername = false;
            UserList = _context.User.ToList();

            if (string.IsNullOrWhiteSpace(TempUser.Password))
            {
                HasPassword = false;
            }
            if (string.IsNullOrWhiteSpace(TempUser.Username))
            {
                HasUsername = false;
            }
            if (UserList.Any(x => x.UserName == TempUser.Username))
            {
                string passtocheck = User.UserPass
                    .Where(x => x.UserName == TempUser.Username);
                //my attempted method that does not work

                if (passtocheck == TempUser.Password)
                {
                    //this is where i would like to determine that password is correct
                    LoginApproved = true;
                }
            }
            else
            {
                IncorUsername = true;
            }
            if (!HasPassword || !HasUsername || IncorUsername)
            {
                return RedirectToPage("/UserLogin/LoginPage", new {HasPassword,HasUsername,IncorUsername});
            }
            else
            {
                return RedirectToPage("/Index", new { LoginApproved });
            };
        }
    }
}

Here is the User.cs Model for reference

namespace AQA_A_Level_CS_NEA__Suvat_Solver_.Models
{
    public class User
    {
        public int UserId { get; set; }
        public string UserName { get; set; } = string.Empty;
        public string UserPass { get; set; } = string.Empty;
        public int UserCorrectAnsw { get; set; } = 0;
        public int UserTotalAnsw { get; set; } = 0;

        public List<UsertoCourses> UsertoCourses { get; set; }


    }
}

Many Thanks.

Improve this question
4
  • this string passtocheck = User.UserPass.Where(x => x.UserName == TempUser.Username); should be string passtocheck = User.Where(x => x.UserName == TempUser.Username).UserPass; Commented Aug 11, 2022 at 8:12
  • I attempted that, but an error occurs with where, stating "'User' does not contain a definition of 'where'" Commented Aug 11, 2022 at 8:18
  • 4
    Note that it's considered bad practice to store the user's password. Best practice is to store some salted hash of the password and compare to the salted hash of the input. Commented Aug 11, 2022 at 8:22
  • I see, I am also fairly new at encryption and hashing in general, but I shall try to research more on implementing a function for it. Thanks for the heads up! Commented Aug 11, 2022 at 8:44

1 Answer 1

Reset to default
3

Ignoring all the other bits around how you are storing passwords (i.e. don't store plain text passwords, store a salted hashed version as mentioned in the comments), you appear to be comparing the password you've received from the user against the password of a newly constructed User object.

What you want to do instead is to compare that entered password against the user in UserList that you've read from the database which has the matching username.

So instead of this:

if (UserList.Any(x => x.UserName == TempUser.Username))
{
    //Here, User has been declared as "new User()" so the UserPass field/prop will just have
    //any default value (assuming a default constructor)
    string passtocheck = User.UserPass
        .Where(x => x.UserName == TempUser.Username);
}

You'd need something like this:

//See if you have a matching user
var foundUser = UserList.FirstOrDefault(x => x.UserName == TempUser.Username);

if(foundUser != null && foundUser.UserPass == TempUser.Password)
{
    //Do something
}

You can also make things more efficient by not fetching all users from the database and instead simply query for one with a matching username and password instead:

var foundUser = _context.User.FirstOrDefault(x => x.UserName == TempUser.Username && x.UserPass == TempUser.Password);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.