C# 如何检查用户是否存在于我的登录操作中?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19605061/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I check if a user exists in my Login action?
提问by Samantha J T Star
I am starting to use the new identity management and have a simple need. When my user logs in with a wrong name it reports a password error. How can I change this so that it also checks to see if the username exists using the dbcontext method ?
我开始使用新的身份管理并且有一个简单的需求。当我的用户使用错误的名称登录时,它会报告密码错误。如何更改它,以便它也使用 dbcontext 方法检查用户名是否存在?
public ActionResult Login(LoginViewModel model, string returnUrl)
{
if (ModelState.IsValid)
{
// Validate the password
IdentityResult result = IdentityManager.Authentication.CheckPasswordAndSignIn(AuthenticationManager, model.UserName, model.Password, model.RememberMe);
if (result.Success)
{
return Redirect("~/home");
}
else
{
AddErrors(result);
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
回答by Zaphod
I believe this post is a duplicate of How can I make my MVC5 ASP.NET Identity login action check if a user name exists?
我相信这篇文章是如何让我的 MVC5 ASP.NET Identity 登录操作检查用户名是否存在的副本?
One way to solve this is to do look up in your database to see if user exists - something like ->
if(myUserRepository.GetUserByUserName(model.UserName) != null) *User exists*
解决此问题的一种方法是在您的数据库中查找用户是否存在 - 类似 ->
if(myUserRepository.GetUserByUserName(model.UserName) != null) *User exists*
There should also be a UserManager.FindByName(model.UserName) method which would do the same thing
还应该有一个 UserManager.FindByName(model.UserName) 方法可以做同样的事情
But more importantly, are you sure you want to do this? If you give an error message specifying that the username is wrong you give hackers an opportunity to find valid usernames. They can then run scripts that try all usernames on your site and get a list of valid usernames.
但更重要的是,您确定要这样做吗?如果您给出一条错误消息,指出用户名错误,那么黑客就有机会找到有效的用户名。然后他们可以运行脚本来尝试您网站上的所有用户名并获取有效用户名列表。
回答by Hootan
i did it so:
我是这样做的:
var UserManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext()));
if (UserManager.FindByName("Admin") == null)
{
var user = new ApplicationUser() { UserName = "Admin" };
UserManager.Create(user, "Admin123");
UserManager.AddToRole(user.Id, "Admin");
}
回答by Brendan Green
This is a bad idea
这是一个坏主意
If you are going to validate the username, and report that the username does not exist, you allow potential hackers to easily determine usernames that are registered via the website.
如果您要验证用户名,并报告该用户名不存在,您就可以让潜在的黑客轻松确定通过网站注册的用户名。
The actual error message that is returned to the user is (ASPNET.Identity v1):
返回给用户的实际错误消息是 (ASPNET.Identity v1):
Invalid username or password
Otherwise, as detailed, you can check for the existence of a user with the given username via:
否则,如详细说明,您可以通过以下方式检查具有给定用户名的用户是否存在:
var user = await UserManager.FindByNameAsync(username);
