[英]user and password authentication asp.net
用户和密码正确,但返回错误。 会是什么
重要的是,密码和加密在md5中。
public static bool logarUsuario(string user, string pw)
{
try
{
const string checkUser = "SELECT COUNT(*) FROM tbUsuario WHERE userName = '@user'";
SqlConnection con = Banco.con();
con.Open();
SqlCommand cmd = new SqlCommand(checkUser, con);
int temp = Convert.ToInt32(cmd.ExecuteNonQuery().ToString());
cmd.Parameters.AddWithValue("@user", user);
con.Close();
if (temp == 1)
{
con.Open();
string checkPw = "SELECT pw FROM tbUsuario WHERE userName = '@user'";
SqlCommand passConn = new SqlCommand(checkPw, con);
cmd.Parameters.AddWithValue("@user", user);
string password = passConn.ExecuteScalar().ToString();
Registrar criptografia = new Registrar();
if (password == pw)
{
return true;
}
}
}
catch (SqlException ex)
{
Console.WriteLine("Erro " + ex.Message);
}
return false;
}
在btnLogar
点击事件中:
已经检查数据库,并且用户名和密码正确,但这是不正确的密码。
protected void bntLogar_Click(object sender, EventArgs e)
{
Registrar criptografia = new Registrar();
if (Login.logarUsuario(txtUser.Text, criptografia.CriptografiaMD5(txtSenha.Text)))
{
//Cria um cookie do lado do servidor
HttpCookie cookie = new HttpCookie("estado", "conectado");
//Define a validade do cookie (10 dias a partir de hoje)
cookie.Expires = DateTime.Now.AddMonths(12);
//Envia o cookie para o cliente
Response.Cookies.Set(cookie);
//Redireciona para a pagina inicial
Response.Redirect("Admin.aspx");
}
else
{
lblErro.Text = "Usuário ou Senha Incorretos";
lblErro.Visible = true;
lblErro.CssClass = "alert alert-danger";
}
}
'@user'
不正确。 参数名称不要用单引号引起来。 它看起来像
SELECT pw FROM tbUsuario WHERE userName = @user
另外,MD5不再被认为是安全的,我建议使用SHA-256。
您可以使用单个SELECT语句来完成此操作
public static bool logarUsuario(string user, string pw)
{
const string checkUser =
@"SELECT COUNT(*) FROM tbUsuario
WHERE userName = @u AND pw = @p";
using (SqlConnection con = Banco.con())
{
con.Open();
SqlCommand cmd = new SqlCommand(checkUser, con);
cmd.Parameters.AddWithValue("@u", user);
cmd.Parameters.AddWithValue("@p", pw);
return 1 == (int) cmd.ExecuteNonQuery();
}
}
假设pw
已经被散列。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.