3

Hi this is my Login Controller for the Login page and I have done everything to check and login however I have not made the Login Session so my website does not know whoever login using the IDs and Password from the database. So the website only recognizes one user even after the login has been made.

I also need to know how to retrieve the login session if I am to make a selection using a button. For example; "User Z selected WorkSchedule A *after logging in with User Z's username and password"

A login wouldn't be complete if there is no saved session for the website, I have troubles making the save session and would appreciate if someone could guide me towards making it.

Controller code:

 [HttpGet]
    public ActionResult Login()
    {
        return View();
    }
    void connectionString()
    {
        con.ConnectionString = " ";

    }
    [HttpPost]
    public ActionResult SaveData(Account acc)
    {
        connectionString();
        con.Open();
        com.Connection = con;
        com.CommandText = "insert into Staff (StaffNRIC,StaffEmail,StaffContact,StaffName,StaffAddress,BranchID,StaffRole,StaffPositionID,StaffAccountStatus)" +
            "values ('" + acc.StaffNRIC + "','" + acc.StaffEmail + "','" + acc.StaffContact + "','" + acc.StaffName + "','" + acc.StaffAddress + "','" + acc.BranchID + "',' NULL ','" + acc.StaffPositionID + "', 'Pending' )";
        dr = com.ExecuteReader();
        if (dr.Read())
        {
            con.Close();
            return View("Register");
        }
        else
        {
            con.Close();
            return View("Login");
        }


    }
    [HttpPost]
    public ActionResult Verify(Account acc)
    {
        connectionString();
        con.Open();
        com.Connection = con;
        com.CommandText = "select * from Staff where StaffNRIC='" + acc.StaffNRIC + "' and StaffContact='" + acc.StaffContact + "' and StaffAccountStatus = 'Approved'";
        dr = com.ExecuteReader();
        if (dr.Read())
        {
            con.Close();

            return View("Home");
        }
        else
        {
            con.Close();
            return View("Login");
        }


    }

View Page:

    <form action="Verify" method="post">
        <div class=" w3l-form-group">
            <label>NRIC:</label>
            <div class="group">
                <i class="fas fa-user"></i>
                <input type="text" name="StaffNRIC" class="form-control" placeholder="StaffNRIC" required="required">
            </div>
        </div>
        <div class=" w3l-form-group">
            <label>Password:</label>
            <div class="group">
                <i class="fas fa-unlock"></i>
                <input type="password" name="StaffContact" class="form-control" placeholder="StaffContact" required="required">
            </div>
        </div>

        <button type="submit">Login</button>
    </form>
</div>
Vy Do
  • 46,709
  • 59
  • 215
  • 313
zan berzanus
  • 63
  • 2
  • 8

2 Answers2

2

First, from your description, it seems that your application is an Asp.net MVC application, instead of Asp.net Core MVC application. So, you could directly use a session to store the User information in the session:

Code as below, save value to session:

Session("UserName") = UserName;

Then, when you read data from the session, you could use the following code:

        if (Session["UserName"] != null)  
        {  
            return View();  
        } else  
        {  
            return RedirectToAction("Login");  
        }

More detail information about session state management in asp.net , please check the following articles:

ASP.NET Session State Overview

Simple Login Application using Sessions in ASP.NET MVC

Second, Asp.net provides a Identity system, we could use its build-in method to achieve Login function, Manager users, roles and more and store login user information with cookie. You could try to use it with your MVC application. Please check the following articles:

Introduction to ASP.NET Identity

Adding ASP.NET Identity to an Empty or Existing Web Forms Project

Adding ASP.NET MVC5 Identity Authentication to an existing project

Besides, if your application is Asp.net Core MVC application, you have to enable the session middleware in Startup.cs. More detail information about using session and Identity in asp.net core, you could check the following articles:

Session and state management in ASP.NET Core

Introduction to Identity on ASP.NET Core

How add ASP.NET Core identity to existing Core mvc project?

Zhi Lv
  • 18,845
  • 1
  • 19
  • 30
0
  1. First of all your code is vulnerable for sql injects.
  2. MVC project has build in user authentication system, why not to use it?
  3. If you don't want to use build in user authentication, you can implement cookie which will store current user session.
Adlorem
  • 1,457
  • 1
  • 11
  • 10