通过SQL表进行用户身份验证

我正在尝试在我的应用程序中实现一些安全性。我有一个名为USER_AUTHORIZATION的表，其中包含要使用该应用程序的用户的有效单点登录ID列表。格式为COMPANYNAME''111222333，存储在名为UNAME的字段中。我试图在访问应用程序时进行检查，查看当前登录的用户是否在有效用户表中。如果他们的SSO不在表中，我想显示一条错误消息。

查看

@model IEnumerable<BillingApp.Models.HOLIDAY_DATE_TABLE>
@using System.Data;
@using System.Data.SqlClient;
@{
ViewBag.Title = "Table 8: Holiday Date Table";
Layout = "../Shared/Layout2.cshtml";
var whoareyoupeople = @User.Identity.Name;
DateTime date = DateTime.Now;
string myerrorstring = "User " + whoareyoupeople + " attempted unauthorized access on " + date + ".";
string connStringswag = "Data Source=SWDB10DSQL;Initial Catalog=BillingUI;Integrated     Security=True;MultipleActiveResultSets=True;Application Name=EntityFramework";
using (SqlConnection _connyswagyolo = new SqlConnection(connStringswag))
{
   _connyswagyolo.Open();
   string checkauth = "SELECT COUNT(*) FROM USER_AUTHORIZATION WHERE UNAME == " + whoareyoupeople + ")";
   SqlCommand Command223 = new SqlCommand(checkauth, _connyswagyolo);
   Command223.ExecuteNonQuery();
   _connyswagyolo.Close();
}
@section featured2 {
@if (whoareyoupeople not found in table){
    <center><h2 style="color:red">Access Denied for user @User.Identity.Name. You are not authorized to view this application.</h2></center>
    string fileName = "C:''BillingExport''SECURITY''seclog.txt";
    using (FileStream fs = new FileStream(fileName, FileMode.Append, FileAccess.Write)){
    using (StreamWriter sw = new StreamWriter(fs))
    {
        sw.WriteLine(myerrorstring);
    }
}
}
else{
  //actual content to be displayed (table information) goes here

我最大的两个问题是，如何形成if语句来检查查询的结果？此外，我收到错误"CS1513:}预期"。

您会注意到以下代码部分在using sqlconnection行中缺少一个闭包breacket。这是因为无论出于何种原因，visualstudio2012总是将第一个右括号识别为代码块的末尾（即：@{}）。

更新：我将代码移动到我的控制器

 public ActionResult HolidayDateTable()
    {
        var whoareyoupeople = User.Identity.Name;
        DateTime date = DateTime.Now;
        string myerrorstring = "User " + whoareyoupeople + " attempted unauthorized access on " + date + ".";
        string connStringswag = "Data Source=SWDB10DSQL;Initial Catalog=BillingUI;Integrated Security=True;MultipleActiveResultSets=True;Application Name=EntityFramework";
        using (SqlConnection _connyswagyolo = new SqlConnection(connStringswag))
        {
            _connyswagyolo.Open();
            string checkauth = "SELECT COUNT(*) FROM USER_AUTHORIZATION WHERE UNAME == " + whoareyoupeople + ")";
            SqlCommand Command223 = new SqlCommand(checkauth, _connyswagyolo);
            int count = (int)Command223.ExecuteScalar();
            _connyswagyolo.Close();
            if (count == 0)
            {
                return RedirectToAction("AccessDenied");
            }
            else
            {
                return View(db.HOLIDAY_DATE_TABLE);
            }
        }
    }

当前收到错误"'='附近的语法不正确。"指向行int count=（int）Command223.ExecuteScaler（）；

更新2:我已经试过我的代码，但无论我做什么，建议的解决方案int count=（int）Command223.ExecuteScaler（）；似乎不起作用。下面是我更新的控制器代码。

 public ActionResult HolidayDateTable()
    {
        var whoareyoupeople = User.Identity.Name;
        DateTime date = DateTime.Now;
        string myerrorstring = "User " + whoareyoupeople + " attempted unauthorized access on " + date + ".";
        string query = "SELECT COUNT(*) FROM USER_AUTHORIZATION WHERE UNAME == " + whoareyoupeople + ")";
        SqlConnection conn = new SqlConnection("Data Source=SWDB10DSQL;Initial Catalog=BillingUI;Integrated Security=True;MultipleActiveResultSets=True;Application Name=EntityFramework");
        conn.Open();
        SqlCommand cmd = conn.CreateCommand();
        {
            cmd.CommandText = string.Format("SELECT COUNT(*) FROM USER_AUTHORIZATION WHERE UNAME == " + whoareyoupeople + ")");
            int count = (int)cmd.ExecuteScalar();
            if (count == 0)
            {
                return RedirectToAction("AccessDenied");
            }
            else
            {
                return View(db.HOLIDAY_DATE_TABLE);
            }
        }
        }          

更新3:问题是我的查询字符串，而不是C#代码。我不得不去掉一个等号。现在我遇到的问题是

Incorrect syntax near ''601011308'.

指向int count=（int）cmd.ExecuteScaler（）；

这是表UNAME字段中某个值的部分条目。它前面缺少COMPANYNAME（即COMPANYNAME''601011308）。我认为count应该返回SSO与数据库的匹配数量（即，如果登录的用户SSO是601011308，并且是存储在表中的应用程序的有效用户，则count应该返回1）。

我在更新3:中遇到上述问题的最新控制器代码

 public ActionResult HolidayDateTable()
    {
        var whoareyoupeople = User.Identity.Name;
        DateTime date = DateTime.Now;
        string myerrorstring = "User " + whoareyoupeople + " attempted unauthorized access on " + date + ".";
        SqlConnection conn = new SqlConnection("Data Source=SWDB10DSQL;Initial Catalog=BillingUI;Integrated Security=True;MultipleActiveResultSets=True;Application Name=EntityFramework");
        conn.Open();
        SqlCommand cmd = conn.CreateCommand();
        {
            cmd.CommandText = string.Format("SELECT COUNT(*) FROM AUTHORIZED_USERS WHERE UNAME = " + whoareyoupeople + ")");
            int count = (int)cmd.ExecuteScalar();
            if (count == 0)
            {
                return RedirectToAction("AccessDenied");
            }
            else
            {
                return View(db.HOLIDAY_DATE_TABLE);
            }
        }
        }