If Condition inside SqlReader.Read() While loop not executing

Question

I am trying to validate a logged in user when they are registered by the Administrator, the users are given a LoginID and password of @password and a LoginCount of 0, by default. If the user eventually logs in and updates the password it gets hashed then the loginCount updates to 1. Refer to the image below:

I am trying to do multiple if statements when the user is logging in for the first time, it should check against a string password:

if (loginCount < 1 && password == "@password") {

And if the user has logged in before it should check against a hashed password using the password hashing class:

if(loginCount > 0 && PasswordHasher.Verify(password, hashed))

All this is done after the user has been filtered from the database using the LoginID:

select * from cor_usersetup where LoginID = @LoginID

but it's not working.

 public bool GetAuthentication(string loginId, string password) {
            var connection = System.Configuration.ConfigurationManager.ConnectionStrings["FCoreDBConnection"].ConnectionString;
            SqlConnection cn = new SqlConnection(connection);
            string sql = "select * from cor_usersetup where LoginID = @LoginID";  // and Password = @Password 
            SqlCommand cmd = new SqlCommand(sql,cn);            
            cmd.Parameters.AddWithValue("@LoginID", loginId);            
            cn.Open();
            SqlDataReader rdr = cmd.ExecuteReader();
            int counter = 0;     
            while (rdr.Read()) {  
                var hashed = rdr["Password"].ToString().Trim();
                var loginCount = int.Parse(rdr["LoginCount"].ToString());                
                if (loginCount < 1 && password == "@password") {            //if the user hasnt changed his/her password yet......
                    counter = counter + 1;
                }                
                if(loginCount > 0 && PasswordHasher.Verify(password, hashed)) {     //after password confirmation..
                    counter = counter + 1;
                }
            }
            rdr.Close();
            cn.Close();
            if (counter != 0) {
                success = true;
            }            
            return success;
        }

I set breakpoints refer to the image below but its not hitting the if statements:

What am I getting wrong, and did I put my if condition properly in the right place?

You mean execution jumps from line 234 to directly line 244? — Chetan, Dec 03 '19 at 10:07
The parameter name in `Parameters.Add` should have an `@` in it according to the [docs](https://learn.microsoft.com/en-us/dotnet/api/system.data.sqlclient.sqlcommand.parameters?view=netframework-4.8). — fredrik, Dec 03 '19 at 10:07
@fredrik noted thanks, i'd make that adjustments and test again. — Ande Caleb, Dec 03 '19 at 10:09
@styx what could be the cause, because its not giving me any exception, nothing... it just executes the code and nothing works. — Ande Caleb, Dec 03 '19 at 10:10
@AndeCaleb try to wrap the lines inside the `while` loop with `try/catch` — styx, Dec 03 '19 at 10:11
What value you have in LoginCount in database for the specific LoginID? — Chetan, Dec 03 '19 at 10:13
@Chetan Ranpariya the LoginCount defaults to 0, after an account is being created. — Ande Caleb, Dec 03 '19 at 10:14
So your query returns no rows, `rdr.Read()` returns false, the `while` loop is never entered, and naturally it jumps to after the loop? Have you tried pressing F10 after the breakpoint at `AddWithValue` is hit? — GSerg, Dec 03 '19 at 10:18
@GSerg, okay let me try that.. cos i've been trying all sorts i even restarted my system thinking it was an OS issue — Ande Caleb, Dec 03 '19 at 10:32
Are you debugging in release configuration ? In this case Visual Studio may not hit the break points. If so, try to pass to debug mode and retest. — Coskun Ozogul, Dec 03 '19 at 10:50
Debug, take the query and parameter _exactly_ the way you see it in the debugger, and try _that_ in management studio. — Luaan, Dec 03 '19 at 11:30
Every new user receives a hard-code password embedded in the application? Do you think that's secure? Is there a reason you're writing a system that's tricky to get *right* and *secure* rather than using one someone's already written? — Damien_The_Unbeliever, Dec 03 '19 at 11:51
@Damien_The_Unbeilever its a test system, based on clients specification how they choose their application should run. i know its not right because i thought about it too, but thats how they insisted it should be, so i am just playing by their song. hopefully if this gets sorted out, i could provided the better alternative to them. — Ande Caleb, Dec 03 '19 at 12:01
Wrap your code to `try catch` and test it. Also, check how you build it - should be `Debug` mode not `Release`. — Basil Kosovan, Dec 03 '19 at 12:54

score -1 · Answer 1 · answered Dec 03 '19 at 10:34

Firstable, check Exceptions Window (Ctrl+Alt+E), and set all kinds of exception to throw if they doesn't. Then Debug again. Most possibly, your

    int.Parse(rdr["LoginCount"]

throws ArgumentException. Actually, you can use

    bool isConvertable = int.TryParse(rdr["LoginCount"], out int loginCount);
    if (!isConvertable)
            Console.WriteLine(rdr["LoginCount"]); //To see what you got 
    if (loginCount < 1 && password == "@password") {           
                counter = counter + 1;
            }

instead of int.Parse or adding try/catch block

That wouldn't cause the `if (counter != 0)` to execute. – Luaan Dec 03 '19 at 11:29 — Luaan, Dec 03 '19 at 11:29

If Condition inside SqlReader.Read() While loop not executing

1 Answers1