[英]Bcrypt password verifying
I'm trying to decrypt the password on the login method, but it allows to login with any password I type in, not sure why, maybe someone could help me out?我正在尝试在登录方法上解密密码,但它允许使用我输入的任何密码登录,不知道为什么,也许有人可以帮助我? My login method in the db layer:我在db层的登录方法:
public string loginUser(string userName, string pass)
{
string result = "";
try
{
var mongoClient = new MongoClient("mongodb://localhost");
var database = mongoClient.GetDatabase("SearchForKnowledge");
var coll = database.GetCollection<BsonDocument>("Users");
var filter = Builders<BsonDocument>.Filter.Eq("userName", userName);
var results = coll.Find(filter).ToList().First();
if (BCrypt.Net.BCrypt.Verify(pass, results["password"].ToString()))
{
result = results["userName"].ToString();
}
}
catch (Exception ex)
{
result = "";
}
return result;
}
My user controller:我的用户控制器:
public ActionResult Login(UsersLogin form)
{
User user = new User();
UserDB udb = new UserDB();
if (!form.Username.IsEmpty())
{
udb.loginUser(form.Username, form.Password);
Session["userName"] = form.Username;
return RedirectToRoute("Home");
}
return RedirectToRoute("Login");
}
The problem is in your controller问题出在您的控制器上
udb.loginUser(form.Username, form.Password);
Session["userName"] = form.Username;
return RedirectToRoute("Home");
You call udb.loginUser(form.Username, form.Password);
你调用udb.loginUser(form.Username, form.Password);
, but you never check the return value of udb.loginUser
method, so your code will always redirect to the home page no matter what the user name and password are. ,但是您从不检查udb.loginUser
方法的返回值,因此无论用户名和密码是什么,您的代码都将始终重定向到主页。
Based on the code of loginUser
method, it will return an empty string if the login fails, so change the above three lines of code to below根据loginUser
方法的代码,如果登录失败会返回一个空字符串,所以将上面三行代码改成下面
var loginResult = udb.loginUser(form.Username, form.Password);
if (!string.IsNullOrEmpty(loginResult))
{
Session["userName"] = form.Username;
return RedirectToRoute("Home");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.