为什么登录控件C#为任何用户名和密码提供身份验证
[英]Why Login control C# gives authentications to any username and a password
问题描述
I'm creating a login form that gives authentications to usernames and passwords from a database created, the code is run without an error but when writing any username or password even it is not exist the database it logs in, I need it to give authentications and make only the database usernames to login.. 
我正在创建一个登录表单,该表单对创建的数据库中的用户名和密码进行身份验证,代码运行时没有错误,但是在写入任何用户名或密码时,即使它不存在登录的数据库,我也需要它进行身份验证并仅使数据库用户名登录。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Configuration;
using System.Data;
using System.Data.SqlClient;
namespace WebApplication1
{
public partial class LoginTest : System.Web.UI.Page
{
private string strcon = WebConfigurationManager.ConnectionStrings["myConnectionString"].ConnectionString;
protected void Page_Load(object sender, EventArgs e)
{
this.UnobtrusiveValidationMode = System.Web.UI.UnobtrusiveValidationMode.None;
}
private bool UserLogin(string un, string pw)
{
SqlConnection conn = new SqlConnection(strcon);
SqlCommand cmd = new SqlCommand("Select id from student where id=@un and Password=@pw", conn);
cmd.Parameters.AddWithValue("@un", un);
cmd.Parameters.AddWithValue("@pw", pw);
conn.Open();
string result = Convert.ToString(cmd.ExecuteScalarAsync());
if (String.IsNullOrEmpty(result)) return false; return true;
}
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
string un = Login1.UserName;
string pw = Login1.Password;
bool result = UserLogin(un, pw);
if (result)
{
e.Authenticated = true;
Session["username"] = un;
}
else e.Authenticated = false;
}
}
}
1 个解决方案
解决方案1
2 2016-03-05 23:32:38
cmd.ExecuteScalarAsync() returns a Task object. cmd.ExecuteScalarAsync()返回一个Task对象。 Converting that to a string will always succeed; 将其转换为字符串将始终成功; it will create a string that is "System.Threading.Tasks.Task", which is certainly not empty, or null. 它将创建一个字符串“ System.Threading.Tasks.Task”,该字符串当然不能为空或为null。
You need to await the call to ExecuteScalarAsync() , or you need to call ExecuteScalarAsync().Result , which will block until the query operation is complete. 您需要await对ExecuteScalarAsync()的调用,或者您需要调用ExecuteScalarAsync().Result ,该操作将阻塞直到查询操作完成。
Additionally , please make sure any app you are making - even if you think it is a toy - is using proper one-way hashing of passwords. 此外 ,请确保您正在制作的任何应用程序-即使您认为这是一个玩具-都使用正确的单向哈希密码。 There is plenty of advice here on Stackoverflow and elsewhere for how to securely store passwords. 在Stackoverflow和其他地方,有很多关于如何安全存储密码的建议。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.