0

I want to use this model when user types in a password, it checks to see if the entered value is equal to a field corresponding to a particular column in the user database.

Here is my view model for resetting a password:

 public class ResetPasswordViewModel
    {
        [Required]
        [EmailAddress]
        [Display(Name = "Email")]
        public string Email { get; set; }

        [Required]
        [StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 15)]
        [DataType(DataType.Password)]
        [Display(Name = "Password")]
        public string Password { get; set; }

        [DataType(DataType.Password)]
        [Display(Name = "Confirm password")]
        [Compare("Password", ErrorMessage = "The password and confirmation password do not match.")]
        public string ConfirmPassword { get; set; }

        public string Code { get; set; }
    }

I want to add it in right under StringLength, but I am want to check using string equals or something similar. I am new to C#. My first instinct is to do this logic in the controller, but since they checked the length in this example it leads me to assume that I might be able to do it here.

This is just the stock example that comes with visual studio that uses the identity class for users.

Also, I am not sure which is the best way to accomplish this. Should I try to retrieve the un-hashed password and compare the actual string or should I hash the new (potential) password and then compare the hashed string?

Travis
  • 45
  • 1
  • 7
  • Where ur using this model. – Aravind Oct 12 '16 at 17:52
  • so instead of doing it in the model, I would be much better of doing it in the controller right before I actually perform the password change? – Travis Oct 12 '16 at 17:56
  • are you using any javascript? – Aravind Oct 12 '16 at 18:03
  • Not yet. I am wanting to try to do what this guy is: http://stackoverflow.com/questions/15065429/stop-user-from-using-last-5-password The thing is that I dont understand how it is completely working. – Travis Oct 12 '16 at 18:24
  • Attributes are not really a good place to do database lookups. Also, you should not be storing the unhashed password. If you are, you are doing it wrong. But that's my opinion, and I think this question is really asking for opinions, which is off-topic on Stack Overflow. – Heretic Monkey Oct 12 '16 at 18:24
  • Not really asking for opinion, I am just new to ASP.Net and I am trying to make sure that I do something the correct way. So, what I am getting is that when a user registers, I need to store the id of the user and the hashed password in some sort of history table. (Do this every time a password is changed) Then in a controller query the table for the currently logged in users id and check to see if the password entered is in the table? – Travis Oct 12 '16 at 18:29

1 Answers1

0

As per your sample post suggest, There is a PasswordHistory table, which clearly tells you that he is using a database operation to compare the value of that of the user enters when he is trying to reset his password. There is no option to have value in the model.

The only possible option to have a value in the model is something called default value.

  private const int MAXIMUM_AGE = 65;
  private int _age = MAXIMUM_AGE;
  [DefaultValue(MAXIMUM_AGE)]
  public int Age 
  {
    get { return _age; }
    set { _age = value; }
  }

How ever this will not be useful to you.

SO FINAL WORDS :

You cannot use the MODEL to have a value that should be fetched from the Database.

However if your planning to use some asynchronous operations using javascripts Have a look at this Link

Hope you are clear. !!

Glorfindel
  • 21,988
  • 13
  • 81
  • 109
Aravind
  • 40,391
  • 16
  • 91
  • 110