Linq to SQL对登录凭据进行身份验证 [英] Linq to SQL authenticate login credentials
问题描述
我在WPF应用程序中有一个localdb,还有一个用于存储学生凭据的表,我想将用户输入的凭据与Student表中的数据进行比较,以查看该学生是否存在.这是我所拥有的,但不太正确.
I have a localdb in a WPF application and a table for storing a student's credentials, I want to compare the credentials entered by the user to the data in the Student table to see if the student exists. Here is what I have but it isn't quite right.
private void btnSubmit_Click(object sender, RoutedEventArgs e)
{
string id = tbxUsername.Text;
char password = tbxPassword.PasswordChar;
using (DataClasses1DataContext db = new DataClasses1DataContext())
{
Student student = (from u in db.Students
where u.Id.Equals(id) &&
u.Password.Equals(password)
select u);
if(student != null)
{
MessageBox.Show("Login Successful!");
}
else
{
MessageBox.Show("Login unsuccessful, no such user!");
}
}
}
}
推荐答案
您正在用PasswordChar
填充password
,这似乎很奇怪:
You are filling password
with the PasswordChar
, that seems kind of strange:
char password = tbxPassword.PasswordChar;
您应该创建一个名为password
的字符串而不是一个字符,并用tbxPassword.Text
填充它.我建议您至少在数据库中插入一个哈希密码,并将用户输入的哈希值与数据库中的哈希值进行比较.以明文形式保存密码是一个坏主意.
You should create a string called password
instead of a char and fill it with tbxPassword.Text
. I woud recommend you to at least insert a hashed password in the database and compare the hash from user input, to the hash in the database. Saving passwords in plaintext is a bad idea.
使用以下方法在数据库中插入密码:
Use following method, for inserting a password in the database:
public static string CreatePasswordHash(string plainpassword)
{
byte[] data = System.Text.Encoding.ASCII.GetBytes(plainpassword);
data = new System.Security.Cryptography.SHA256Managed().ComputeHash(data);
return System.Text.Encoding.ASCII.GetString(data);
}
可以使用以下方法将用户输入的密码与数据库中的哈希密码进行比较:
Following method can be used, to compare the password from user input, with hashed password in database:
public static bool IsValidLogin(string id, string password)
{
password = CreatePasswordHash(password);
using(db = new DataClasses1DataContext())
{
Student student = (from u in db.Students
where u.Id.Equals(id) &&
u.Password.Equals(password)
select u);
if(student != null)
{
return true;
}
return false;
}
}
btnSubmit_Click事件的代码如下:
The code at btnSubmit_Click event will be like:
private void btnSubmit_Click(object sender, RoutedEventArgs e)
{
string id = tbxUsername.Text;
string password = tbxPassword.Text;
if(IsValidLogin(id, password))
{
MessageBox.Show("Login Successful!");
}
else
{
MessageBox.Show("Login unsuccessful, no such user!");
}
}
这篇关于Linq to SQL对登录凭据进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!