'How to avoid login with an empty password field in ASP.NET MVC 5?
I'm working on an ASP.NET MVC 5 project where I have created a customized login and registration page. The application is working fine, but the problem is I am able to login even when my password field is empty.
Here is the code for controller(I used all Namespaces and reference correctly)
public class UserController : Controller
{
//
// GET: /Register/
public ActionResult Index()
{
return View();
}
[HttpGet]
public ActionResult LogIn()
{
return View();
}
[HttpPost]
public ActionResult LogIn(Models.Register userr)
{
if (IsValid(userr.Email_Id, userr.Password))
{
FormsAuthentication.SetAuthCookie(userr.Email_Id, false);
return RedirectToAction("Index", "Home");
}
else
{
ModelState.AddModelError("", "Login details are wrong.");
}
return View(userr);
}
[HttpGet]
public ActionResult Register()
{
return View();
}
[HttpPost]
public ActionResult Register(Models.Register user)
{
try
{
if (ModelState.IsValid)
{
using (var db = new MvcApplication2.Models.OnlineEducationEntities())
{
var newUser = db.Registers.Create();
newUser.Email_Id = user.Email_Id;
newUser.Password = user.Password;
newUser.Student_Name = user.Student_Name;
newUser.DOB= DateTime.Now;
db.Registers.Add(newUser);
db.SaveChanges();
return RedirectToAction("LogIn", "User");
}
}
else
{
ModelState.AddModelError("", "Data is not correct");
}
}
catch (DbEntityValidationException e)
{
foreach (var eve in e.EntityValidationErrors)
{
Console.WriteLine("Entity of type \"{0}\" in state \"{1}\" has the following validation errors:",
eve.Entry.Entity.GetType().Name, eve.Entry.State);
foreach (var ve in eve.ValidationErrors)
{
Console.WriteLine("- Property: \"{0}\", Error: \"{1}\"",
ve.PropertyName, ve.ErrorMessage);
}
}
throw;
}
return View();
}
public ActionResult LogOut()
{
FormsAuthentication.SignOut();
return RedirectToAction("LogIn", "User");
}
private bool IsValid(string email, string password)
{
var crypto = new SimpleCrypto.PBKDF2();
bool IsValid = false;
using (var db = new MvcApplication2.Models.OnlineEducationEntities())
{
var user = db.Registers.FirstOrDefault(u => u.Email_Id == email);
if (user != null)
{
if (user.Password == crypto.Compute(password, user.Password))
{
IsValid = true;
}
}
}
return IsValid;
}
}
And the is my view:
@model MvcApplication2.Models.Register
@{
ViewBag.Title = "LogIn";
Layout = "~/Views/Shared/_Layout.cshtml";
}
<h2>LogIn</h2>
@using (Html.BeginForm()) {
@Html.AntiForgeryToken()
@Html.ValidationSummary(true)
<fieldset>
<legend>Register</legend>
<div class="editor-label">
@Html.LabelFor(model => model.Email_Id)
</div>
<div class="editor-field">
@Html.EditorFor(model => model.Email_Id)
@Html.ValidationMessageFor(model => model.Email_Id)
</div>
<div class="editor-label">
@Html.LabelFor(model => model.Password)
</div>
<div class="editor-field">
@Html.EditorFor(model => model.Password)
@Html.ValidationMessageFor(model => model.Password)
</div>
<p>
<input type="submit" value="LogIn" />
</p>
</fieldset>
}
< div>
@Html.ActionLink("Register Now", "Register")
</div>
@section Scripts {
@Scripts.Render("~/bundles/jqueryval")
}
Solution 1:[1]
Add this check to your IsValid method:
private bool IsValid(string email, string password)
{
if (string.IsNullOrWhiteSpace(password) || password.Length < 6)
return false;
//... etc.
The problem is, since you are not using ModelState.IsValid, you'll need an alternative. Your IsValid method seems to be that alternative.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Stefan |