Implementing a stored procedure with input and output paramaters in .net core 2.2 web app

Question

I am trying to implement a stored procedure called "sp_ValidateUserLogin" which takes input paramaters of UserName and Password and checks to see if the combination exists in the database.

I tried manipulating old code for another stored procedure that reads information returned from its query and creating a list (which is why I used ExecuteReader) but this does not appear to work the same way here.

Stored Procedure

[dbo].[sp_ValidateUserLogin]
@UserName VARCHAR(100),
@Password VARCHAR(100),
@IsValid INT OUTPUT
AS
BEGIN


IF EXISTS(SELECT * FROM VisUser WHERE(UserName = @UserName AND UserPassword = @Password))
    BEGIN 
        SET @IsValid = 1;
    END 
ELSE
    BEGIN 
        SET @IsValid = 0;
    END
END

Stored Procedure in DatabaseContext

public int ValidateUserLogin(string UserName, string Password)
        {
            int IsValid = 0;

            using (SqlConnection con = new SqlConnection(connectionString))
            {
                using (SqlCommand cmd = new SqlCommand("sp_ValidateUserLogin", con))
                {
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.Add(("@UserName"), SqlDbType.VarChar).Value = UserName;
                    cmd.Parameters.Add(("@Password"), SqlDbType.VarChar).Value = Password;
                    con.Open();

                    SqlDataReader rdr = cmd.ExecuteReader();
                    //IsValid = rdr.Read();
                    while (rdr.Read())
                    {
                        SubCategory subcategory = new SubCategory();

                        subcategory.SubCategoryId = Convert.ToInt32(rdr["SubCategoryId"]);
                        subcategory.SubCategoryName = rdr["SubCategoryName"].ToString();

                        //lstsubcategory.Add(subcategory);
                    }
                    con.Close();
                }
            }

            return IsValid;
        }

Code behind RazorPage:

public ActionResult OnPost(string UserName, string Password)
        {

            if (!ModelState.IsValid)
            {
                return Page();
            }

            if(DatabaseContext.ValidateUserLogin(UserName, Password) == 1)
            {
                //send email
            }
            else
            {
                return Page();
            }
        }

I am unsure of how to implement a stored procedure with both input and output paramaters. I would like for the stored procedure call in EF to return 1 if the combination exists and 0 otherwise. The approach that I am taking with ExecuteReader which I used for another stored procedure does not work the same way for this stored procedure. What is a good alternative approach for this?

I suggest avoiding the `sp_` prefix; it's reserved by Microsoft so can mean that one day *your* will suddenly stop working, and it lowers the performance of it: [Is the sp_ prefix still a no-no?](https://sqlperformance.com/2012/10/t-sql-queries/sp_prefix) — Thom A, Aug 21 '19 at 22:00
Have you read https://stackoverflow.com/questions/290652/get-output-parameter-value-in-ado-net ? — mjwills, Aug 21 '19 at 22:16
It _looks_ like you're storing unhashed passwords in your database, I hope that's not the case. — stuartd, Aug 21 '19 at 22:24
@stuartd as of right now they are not hashed, I will look into hashing them soon. — dannyriv, Aug 21 '19 at 22:56

Implementing a stored procedure with input and output paramaters in .net core 2.2 web app

0 Answers0