0

[承認]を使用した皆さん、こんにちは。ログインビューにリダイレクトすると、任意のユーザー名またはパスワードにログインできます。問題は何ですか。また、ユーザーがログに記録されているかどうかも確認します。

public ActionResult Login()
        {
            return View();
        }
        [HttpPost]
        public ActionResult Login(Panel model, string Username, string Password)
        {
            if (ModelState.IsValid)
            {
                if (model.Username == Username && model.Password == Password)
                {
                    FormsAuthentication.SetAuthCookie(model.Username, false);
                    return RedirectToAction("Index", "Test");
                }
                else
                {
                    ModelState.AddModelError("", "Wrong username or password");
                }
            }
            return View();
        }

        [Authorize]
        public ActionResult Index()

        {

            return View();
        }
4

1 に答える 1

2

The following test is wrong and it will always return true:

if (model.Username == Username && model.Password == Password)

The Panel model's Username and Password properties are bound from the request and have the same values as the Username and Password arguments.

You should check the username and password against some database or something. For example if you are using the Membership provider:

[HttpPost]
public ActionResult Login(Panel model)
{
    if (ModelState.IsValid)
    {
        if (Membership.ValidateUser(model.Username, model.Password))
        {
            FormsAuthentication.SetAuthCookie(model.Username, false);
            return RedirectToAction("Index", "Test");
        }
        else
        {
            ModelState.AddModelError("", "Wrong username or password");
        }
    }
    return View();
}
于 2012-09-21T11:58:12.487 に答える