验证登录表单 ASP.NET MVC

Question

所以我试图让我的登录表单正常工作。我的数据库中有一张表，我希望能够使用它进行登录。该表有两行，用户名和密码，当用户正确输入时，应该重定向到正确的页面。但是当我按下按钮时，没有任何反应，我在这里做错了什么？

\n\n

模型：

\n\n

namespace Barndomshem.Models\n{\n    public class User\n    {\n        public string Username { get; set; }\n        public string Password { get; set; }\n    }\n}\n

\n\n

看法：

\n\n

<div class="container">\n    <div class="row">\n        <div class="box">\n            <div class="col-lg-12">\n                <form class="form-wrapper" id="contact-form" method="post" role="form" novalidate>\n                    <div class="form-group">\n                        <div class="row">\n                            <div class="form-group col-lg-4">\n                                <label for="name">\n                                    Anv\xc3\xa4ndarnamn\n                                </label>\n                                <input type="text" id="name" name="name" class="form-control" data-errmsg="Fyll i anv\xc3\xa4ndarnamn."\n                                       placeholder="Ditt Anv\xc3\xa4ndarnamn" required />\n                            </div>\n                        </div>\n                    </div>\n                    <div class="form-group">\n                        <div class="row">\n                            <div class="form-group col-lg-4">\n                                <label for="number">\n                                    L\xc3\xb6senord\n                                </label>\n                                <input type="text" id="number" name="number" class="form-control" data-errmsg="Fyll i l\xc3\xb6senord."\n                                       placeholder="Ditt L\xc3\xb6senord" />\n                            </div>\n                        </div>\n                    </div>\n                    <div class="row">\n                        <div class="col-md-2 col-sm-2 offset2">\n                            <input type="submit" value="Skicka" class="btn btn-primary" />\n                        </div>\n                    </div>\n                </form>\n            </div>\n        </div>\n    </div>\n</div>\n

\n\n

控制器：

\n\n

using System.Web.Mvc;\nusing System.Data;\nusing System.Data.SqlClient;\nusing Barndomshem.Models;\n\n\nnamespace Barndomshem.Controllers\n{\n    public class RapportController : Controller\n    {\n        SqlConnection connection = new SqlConnection(@"Data Source=.\\SQLExpress;Initial Catalog=Barndomshem;Integrated Security=True");\n        SqlCommand command = new SqlCommand();\n        SqlDataReader reader;\n\n        public ActionResult Index()\n        {\n            var user = new User();\n\n            Session["UserName"] = user;\n\n            if (Session["UserName"] == null)\n            {\n                return RedirectToAction("/Rapport/Validate");\n            }\n\n            return View();\n        }\n\n        public ActionResult Validate(User user)\n        {\n            var query = command.CommandText = "SELECT Username FROM User";\n            command.CommandType = CommandType.Text;\n            command.Connection = connection;\n\n            connection.Open();\n\n            if (user.Username == query)\n            {\n                return RedirectToAction("/Rapport", user);\n            }\n\n            connection.Close();\n\n            return View();\n        }\n    }\n}\n

\n

Answer 1

您走在正确的轨道上，但您的代码存在一些问题，即：

• 视图没有调用Validate()控制器中的操作。
• 您连接数据库的 ADO.NET 逻辑是完全错误的。
• 您的 SQL 查询不包含WHERE子句。
• 您没有使用MVC 提供的身份验证属性[AllowAnonymous]。[Authorize]

您需要对代码进行以下更改：

1.Web配置：

<connectionStrings>1.1在Web.config中添加一个元素（在 下<configuration>）：

  <connectionStrings>
    <add name="ConnectionString" connectionString="Your connection string"/>
  </connectionStrings> 

<authentication>1.2在Web.Config中添加一个元素（下<system.web>）：

<authentication mode="Forms">
  <forms loginUrl="~/Login/Index" timeout="2880" />
</authentication>

2.装饰你的HomeController[Authorize]

[Authorize]
public class HomeController : Controller
{
    public ActionResult Index()
    {
        return View();
    }
}

3.登录控制器：

public class LoginController : Controller
{
    [AllowAnonymous]
    [HttpGet]
    public ActionResult Index()
    {
        return View();
    }

    [HttpPost]
    public ActionResult Validate(User user)
    {
        try
        {
            string cs = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
            using (var connection = new SqlConnection(cs))
            {
                string commandText = "SELECT Username FROM [User] WHERE Username=@Username AND Password = @Password";
                using (var command = new SqlCommand(commandText, connection))
                {
                    command.Parameters.AddWithValue("@Username", user.Username);
                    command.Parameters.AddWithValue("@Password", user.Password);
                    connection.Open();

                    string userName = (string)command.ExecuteScalar();

                    if(!String.IsNullOrEmpty(userName))
                    {
                        System.Web.Security.FormsAuthentication.SetAuthCookie(user.Username, false);
                        return RedirectToAction("Index", "Home");
                    }

                    TempData["Message"] = "Login failed.User name or password supplied doesn't exist.";

                    connection.Close();
                }
            }
        }
        catch(Exception ex)
        {
            TempData["Message"] = "Login failed.Error - " + ex.Message;
        }
        return RedirectToAction("Index");
    }
}

4.登录索引查看：

@model Barndomshem.Models.User

@using (Html.BeginForm("Validate", "Login"))
{
    <span>User Name</span> <input required="required" type="text" name="Username" /> <br />
    <span>Password</span> <input required="required" type="password" name="Password" />    <br />
    <input type="submit" value="Login" />
}

@if (TempData["Message"] != null)
{
    <span style="color:red;">@TempData["Message"].ToString()</span>
}

另请阅读以下文章：

MVC 形成身份验证，作者：Jon Galloway