我有一个SPROC设置来验证登录凭据,但是当我从我的代码执行它时,我似乎无法让它返回正确的值。当我尝试从C#执行它时,即使我输入正确的用户名和密码组合,它仍会返回值“-1”,但是当我直接从SSMS执行它时,它可以正常工作。
SPROC
USE [database]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROC [dbo].[usp_ReadUserLogin]
@LoginUsername VARCHAR(50),
@LoginPassword VARCHAR(100)
AS
BEGIN
SET NOCOUNT ON;
DECLARE @Salt CHAR(25);
DECLARE @PasswordSalt VARCHAR(125);
DECLARE @PasswordHash VARBINARY(255);
SELECT @Salt = [dbo].[users].[salt], @PasswordHash = [dbo].[users].[password]
FROM [dbo].[users] WHERE [dbo].[users].[username] = @LoginUsername;
SET @PasswordSalt = @Salt + @LoginPassword;
IF (HASHBYTES('SHA2_512', @PasswordSalt) = @PasswordHash)
RETURN 0; /*Match*/
ELSE
RETURN 1; /*No Match*/
END;
GO
CONTROLLER
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(User u)
{
if (ModelState.IsValid) // this is check validity
{
using (WebFTS.Models.webftsEntities db = new WebFTS.Models.webftsEntities())
{
//Method 1 - Still returns value = -1
//var sql = "EXEC [dbo].[usp_ReadUserLogin] @LoginUsername, @LoginPassword";
//var usernameParam = new SqlParameter("@LoginUsername", u.username);
//var passwordParam = new SqlParameter("@LoginPassword", u.password);
//var query = db.Database.ExecuteSqlCommand(sql, usernameParam, passwordParam);
//Method 2 - Still returns value = -1
var query = db.usp_ReadUserLogin(u.username, u.password);
if (query != 0)
{
ViewBag.message = "Incorrect username and/or password.";
}
else
{
var d = db.users.Where(model => model.username.Equals(u.username)).FirstOrDefault();
if (d != null)
{
Session["lid"] = d.user_id.ToString();
Session["lun"] = d.username.ToString();
return RedirectToAction("AfterLogin");
}
}
}
}
return View(u);
}
查看
<div style="margin-right:auto; margin-left:auto;">
<table style="overflow:hidden;">
<tr>
<td>Username</td>
<td>@Html.TextBoxFor(a => a.username)</td>
<td><b>@Html.ValidationMessageFor(a => a.username)</b></td>
</tr>
<tr>
<td>Password</td>
<td>@Html.PasswordFor(a => a.password) </td>
<td><b>@Html.ValidationMessageFor(a => a.password)</b></td>
</tr>
<tr>
<td></td>
<td></td>
<td align="right"><input type="submit" value="Login" class="button" /></td>
</tr>
</table>
</div>
任何帮助将不胜感激。谢谢。
SPROC(更新)
USE [database]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROC [dbo].[usp_ReadUserLogin]
@LoginUsername VARCHAR(50),
@LoginPassword VARCHAR(100)
AS
BEGIN
--SET NOCOUNT ON;
DECLARE @userid INT;
DECLARE @Salt CHAR(25);
DECLARE @PasswordSalt VARCHAR(125);
DECLARE @PasswordHash VARBINARY(255);
SELECT @userid = [dbo].[users].[user_id], @Salt = [dbo].[users].[salt], @PasswordHash = [dbo].[users].[password]
FROM [dbo].[users] WHERE [dbo].[users].[username] = @LoginUsername;
SET @PasswordSalt = @Salt + @LoginPassword;
IF (HASHBYTES('SHA2_512', @PasswordSalt) = @PasswordHash)
SELECT @userid; /*Match*/
ELSE
SELECT 0; /*No Match*/
END;
GO
CONTROLLER(更新)
System.Nullable<int> query = db.ReadUserLogin(u.username, u.password).SingleOrDefault();
if (query == 0)
ViewBag.message = "Incorrect username and/or password.";
else if (query.HasValue)
{
//follow the rest of the code to select the user.
}
感谢 Dude Pascalou ,我能够解决我的问题。 link he provided就是答案。我也更新了代码,所以如果有人需要它,他们可以看到之前和之后。谢谢你的帮助!
答案 0 :(得分:0)
要使其发挥作用,您可以将RETURN替换为SELECT并删除SET NOCOUNT ON;声明。