stackoom
  简体   繁体   中英

How can I validate an account with a stored procedure that uses hash encryption, C#, ASP.NET MVC, Entity Framework

 原文  2019-10-19 04:20:29       c#/ sql-server/ asp.net-mvc

Question

So basically I have a stored procedure which is able to decrypt the password and return 1 if user exists. Here is the code:

CREATE PROCEDURE [dbo].[ValidateAccount]    
     @Username VARCHAR(50),
     @AccountPwd VARCHAR(100)   
AS 
BEGIN      
    SET NOCOUNT ON;

    DECLARE @Salt CHAR(25);   
    DECLARE @PwdWithSalt VARCHAR(125);  
    DECLARE @PwdHash VARBINARY(20);  

    SELECT @Salt = Salt, @PwdHash = [Pass]   
    FROM dbo.Users 
    WHERE Username = @Username;

    SET @PwdWithSalt = @Salt + @AccountPwd;

    IF (HASHBYTES('SHA1', @PwdWithSalt) = @PwdHash)
        RETURN 1;   
    ELSE
        RETURN 0;
END;

And also have a login:

@using (Html.BeginForm("Index", "Home", FormMethod.Post))
{
    <div class="form-group">
    <i class="fa fa-user"></i>
    <!-- I'm using htmlAtributes to add CSS class styles and HTML atributes on Editor controls-->
    @Html.EditorFor(model => model.Username , new { htmlAttributes = new { @class = "form-control", @required = "true", @placeholder = "Username" } })
    </div>
    <div class="form-group">
        <i class="fa fa-lock"></i>                   
        @Html.TextBoxFor(model => model.Pass , new { data_bind = "value: Password", @class = "form-control", @required = "true", @placeholder = "Password", @type = "password" })
    </div>
    <div class="form-group">
        <input type="submit" class="btn btn-primary btn-block btn-lg" value="Login">
    </div>
    }

I have a model:

public partial class Users
{
        public string Username { get; set; }
        public byte[] Pass { get; set; }

        public string Name { get; set; }
        public string Salt { get; set; }
        public int ID { get; set; }
}

As you can see, the 'Pass' column in the database is Byte[] , so I'm having issues executing the procedure and validate if the user exists or not and take actions like go to the dashboard.

Any idea?, I was not able to find a practical solution on this

Here is the Home controller where I should do the validation:

[HttpPost]
public ActionResult Index(Warehouse_APP.Models.Users userMod)
{
    return View();
}

1 answers

solution1
 0  2019-10-19 10:02:21

Actually what you got is a stored procedure that does hashes the entered password for the user with same salt as it did when the original password was entered. If those 2 matches, then you get an 1 otherwise a 0 as a return value.

So in the HTTP_POST method of your MVC controller you just need to call that stored procedure with the user name and password from the bound model and based on the result you need to redirect to the appropriate success/error page.

You will probably use entity framework, so here's how to execute that SQL: https://www.learnentityframeworkcore.com/raw-sql

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question C# ASP.NET MVC & Entity Framework 6 throws error “Stored procedure not found” How to call stored procedure in ASP.NET MVC with Entity Framework Can I use a stored procedure from one server on another with entity framework (asp.net mvc)? How can I pass the Id from Login method in Account Controller in ASP.Net MVC Entity Framework? How to map a stored procedure using DBContext in ASP.NET MVC 3 Entity Framework How can I use a stored procedure that uses tables with Entity Framework Use stored procedure in C# and ASP.NET MVC In Entity Framework How To Extract Procedure Information In mvc asp.net C#: Entity Framework 6.2 for ASP.NET MVC application ASP.NET C# MVC Entity Framework
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM