MVC 5 ASP.Net FORM Submit（）函数不起作用

Question

I am trying to get a login form to work using the below method. I am using JQuery version 1.12.0 and MVC5. i just create a accounts controller, when the admin login in, he/she can do CRUD functionality, others users can just see the posts and comments and nothings, but the login page not working means when I press Login nothing happens. The page does not refresh. It behaves as is I am clicking nothing this is login view

@model string

@{
  ViewBag.Title = "Login";
 }

 @section ExtraHeaders
  {
  <script src="@Url.Content("~/Scripts/Login.js")" type="text/javascript</script>
<script src="@Url.Content("~/Scripts/SHA256.js")" type="text/javascript</script>
 }

 <form action="@Href("~/Accounts/Login")" method="post" id="loginForm">
  <input type="text" name="name" id="name"/> Name <br />
  <input type="password" name="password" id="password"/> Password <br />
  <input type="hidden"  name="nonce" id="nonce" value="@Model"/>
  <input type="hidden"  name="hash" id="hash" value="hash"/>
  <input type="button" onclick="getPasswordHash('password', 'nonce','hash'); $('#loginForm').submit();" value="Login"/>
 </form>

this is login js file code

function getPasswordHash (passwordElement, nonceElement, hashElement)
{
   var password = $('#' + passwordElement).attr('value');
  var nonce = $('#' + nonceElement).attr('value');
  $('#' + hashElement).attr('value', $.sha256(password + nonce));
  $('#' + passwordElement).attr('value', '');

 }

this is account controller for login

private BlogModel model= new BlogModel();

    public ActionResult Login(string name, string hash)
    {
        if(string.IsNullOrWhiteSpace(hash))

        {
            Random random = new Random();
            byte[] randomData = new byte[sizeof(long)];
            random.NextBytes(randomData);
            string newNonce = BitConverter.ToInt64(randomData, 0).ToString("X16");
            Session["Nonce"] = newNonce;
            return View(model: newNonce);

        }

        Administrator admin = model.Administrators.Where(x => x.Name == name).FirstOrDefault();
        string nonce = Session["Nonce"] as string;
        if(admin == null || string.IsNullOrWhiteSpace(nonce))
        {
            return RedirectToAction("Index", "Posts");

        }
        string computedHash;
        using (SHA256 sha256 = SHA256.Create()) //sha256
        {
            byte[] hashInput = Encoding.ASCII.GetBytes(admin.Password + nonce);
            byte[] hashData = sha256.ComputeHash(hashInput);
            StringBuilder stringBuidler= new StringBuilder();
            foreach(byte value in hashData)
            {
                stringBuidler.AppendFormat("{0:X2}", value);

            }
            computedHash = stringBuidler.ToString();

        }
        Session ["IsAdmin"]= (computedHash.ToLower() == hash.ToLower());
        return RedirectToAction("Index","Posts");
    }


    public ActionResult Logout()
    {
        Session["Nonce"] = null;
        Session["IsAdmin"] = null;
        return RedirectToAction("Index", "Posts");

    }
    public ActionResult Index()
    {
        return View();
    }

EDIT: getPasswordHash when i right click on its definition, it tell me "failed" either because the caret is already at the definition or because an explicit definition could not be found

Answer 1

Decorate your action-method using HTTP post attribute

 [HttpPost]
 public ActionResult Login(string name, string hash)
 {
 }

Http get and post more info

Answer 2

The simplest approach would be to not use that JavaScript in the first place. It's not accomplishing anything, since you have server-side code to compute the hash anyway. And it's even potentially a security risk, since it exposes the hash computation (including any salt you use) to anyone who wants to see it.

Just remove it entirely and use a normal submit button:

<input type="submit" value="Login"/>

---

Also, of course, remove this line:

<input type="hidden"  name="hash" id="hash" value="hash"/>

And remove the hash parameter from the action method:

public ActionResult Login(string name)

There's probably more you can remove as well. For example, that "nonce" element and the corresponding model that's being passed to the view in the first place. (It really seems like there are a lot of moving parts involved in functionality that shouldn't be there in the first place.)

---

Though what's not clear is why your action method isn't accepting the password as a parameter? Normally a login form involves checking a password...

Answer 3

If it's the call to getPasswordHash that is causing an error, or something in that function, here's a few things to check:

1) Are both javascript files Login.js and SHA256.js definitely loading?

2) If yes, if you view-source for the page in the browser, does <input type="hidden" name="nonce" id="nonce" value="@Model"/> have a value set? Your controller doesn't seem to set a value for the model getting passed into the view, and given SHA256 references the nonce value, this could be causing a problem.

3) Given that Login.js references SHA256.js, and not the other way around, put the call to SHA256.js above Login.js

Like David says, if this is a tutorial that you're learning from then OK but otherwise it's best doing the password hash at the server and not the client.

Answer 4

First of all, use MVC3 Jquery 1.5 and SHA256 V1.0 From Alex Weber.

Secondly, the code is defective.

I am also following the "From Zero to Blog" series. At this moment I am debugging the hash generating code because I have no problems logging in.

My problem is it doesn't give me the "delete" and "edit" option after logging in.

While debugging the code this is correct, the 2 hashes

Session["IsAdmin"] = (computedHash.ToLower() == hash.ToLower()); 

from AccountController.cs which are compared in this line aren't the same, and have had completely different values every time.