My Login method doesn't comparing email and password in database why?

Question

This my Login Method in Repository Class Where i'm writing a logic to check the email id and password that will matches already registered user in the database and returns true if the email and password matched in db

    public bool Login(Models.Login user)
    {
        Eseal.UserRegister u = null;
        try
        {
            string Dpassword = Decrypt(user.Password);
            using (var dbContext = new MVCDEMOEntities())
            {
                u = dbContext.UserRegisters.Where(query => query.EmailID.Equals(user.EmailID) && query.Password.Equals(user.Password)).SingleOrDefault();
            }
            if (u == null)
                return false
            else
                return true;
        }
        catch (Exception)
        {

            throw;
        }
     }

This my Account Controller code

public ActionResult Login(Models.Login user)
    {
       try
        {
            var services = new RegisterService();
            services.LoginRegister(user);

            return RedirectToAction("Privacy");
        }
        catch (Exception)
        {

            throw;
        }

    }

This is my save register method

  public string SaveRegister(Models.UserRegister model)
    {
        try
        {
            using (var dbcontext = new MVCDEMOEntities())
            {
                var dbRegister = new Eseal.UserRegister()
                {
                    Id = Guid.NewGuid(),
                    Password = encrypt(model.Password),
                    EmailID = model.EmailID,
                    ContactNumber = model.ContactNumber,
                    CreatedOn = DateTime.Now,
                    CreatedBy = 1,
                    UpdatedOn=null,
                    UpdatedBy=null,
                    IsExists= true
                 };

                dbcontext.UserRegisters.Add(dbRegister);
                dbcontext.SaveChanges();

            }
        }

This is my Service Class

public void LoginRegister(Models.Login user)
    {
        var result = _repository.Login(user);
    }

Did you debug the code `u == null` true? Can you share the code of `LoginRegister` method too? — Chetan, Aug 13 '18 at 05:55
Possible duplicate of [Best way to store password in database](https://stackoverflow.com/questions/1054022/best-way-to-store-password-in-database) — mjwills, Aug 13 '18 at 05:59
DPassword is the db saved password and user.password is the user entered password — Niranjan S, Aug 13 '18 at 06:06
You saving encrypted password `Password = encrypt(model.Password)`, then you compare password provided by user model with encrypted password in the database record. Does `user.Password` in `Login` encrypted as well? — Fabio, Aug 13 '18 at 06:07
But you compare plane text with encrypted password in database. — Fabio, Aug 13 '18 at 06:11
@ Fabio you are correct how to comapre with encrypted password — Niranjan S, Aug 13 '18 at 06:12
You need encrypt given plain text password before comparing with password in the database — Fabio, Aug 13 '18 at 06:12
@ Fabio ok but it's should show error rite for that. but it's loging in why? — Niranjan S, Aug 13 '18 at 06:14
controller is calling services class first, then services class calling this method, this method is wrote in Repository — Niranjan S, Aug 13 '18 at 06:54
Can you talk us through why you rolled your own security model rather than use the inbuilt framework forms authentication? — mjwills, Aug 13 '18 at 07:01
I just wanted to do the project in repository pattern so i did my own security model @mjwills — Niranjan S, Aug 13 '18 at 07:35
I would strongly suggest you not do this. The amount of time you have spent on this suggests the built in way (which works, and is more secure) would be more appropriate. — mjwills, Aug 13 '18 at 08:05

Fabio · Answer 1 · 2018-08-13T07:03:07.183

2

You compare encrypted password in database against plain text password provided by user.

You should encrypt plain password before comparing it with password in database.

public bool Login(Models.Login user)
{
    var encryptedGivenPassword = encrypt(user.Password);
    using (var dbContext = new MVCDEMOEntities())
    {
        return dbContext.UserRegisters.Where(u => u.EmailID == user.EmailID)
                                      .Where(u => u.Password == encryptedGivenPassword)
                                      .Any();
    }
 }

Your service method should return result of Login method

public bool LoginRegister(Models.Login user) 
{ 
    return _repository.Login(user); 
}

Then you call this method in the login controller

public ActionResult Login(Models.Login user)
{
   var services = new RegisterService();
   if (services.Login(user))
   {
       return RedirectToAction("Privacy");
   }
   else
   {
       return Unathorized();
   }
}

You can get rid of you redundant try .. catch wrappers.

edited Aug 13 '18 at 07:03

answered Aug 13 '18 at 06:25

Fabio

31,528
4
33
72

the code you modified also not working. it's working if the user is not registered also. – Niranjan S Aug 13 '18 at 06:41
@NiranjanS, You need to call `Login` method in the controller. I afraid that when you call `LoginRegister` you will register new user instead of just validate it. – Fabio Aug 13 '18 at 06:55
public void LoginRegister(Models.Login user) { var result = _repository.Login(user); } I am calling Login Method in Service layer – Niranjan S Aug 13 '18 at 06:56
@NiranjanS, you need return result of `Login` method back to controller, that you can return correct View based on that result. – Fabio Aug 13 '18 at 07:01
Can You Please @Fabio send me any reference links of code or please tell me where to modified my code. because i am new to MVC – Niranjan S Aug 13 '18 at 07:09

My Login method doesn't comparing email and password in database why?

This is my save register method

This is my Service Class

1 Answers1