正在执行SPROC-返回值=-1
本文关键字:返回值 SPROC- 执行 | 更新日期: 2023-09-27 18:00:01
我设置了一个SPROC来验证登录凭据,但当我从代码中执行它时,似乎无法让它返回正确的值。当我尝试从C#执行它时,即使我输入了正确的用户名和密码组合,它也会不断返回值"-1",但当我直接从SSMS执行时,它运行得非常好。
SPROC
USE [database]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROC [dbo].[usp_ReadUserLogin]
@LoginUsername VARCHAR(50),
@LoginPassword VARCHAR(100)
AS
BEGIN
SET NOCOUNT ON;
DECLARE @Salt CHAR(25);
DECLARE @PasswordSalt VARCHAR(125);
DECLARE @PasswordHash VARBINARY(255);
SELECT @Salt = [dbo].[users].[salt], @PasswordHash = [dbo].[users].[password]
FROM [dbo].[users] WHERE [dbo].[users].[username] = @LoginUsername;
SET @PasswordSalt = @Salt + @LoginPassword;
IF (HASHBYTES('SHA2_512', @PasswordSalt) = @PasswordHash)
RETURN 0; /*Match*/
ELSE
RETURN 1; /*No Match*/
END;
GO
控制器
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(User u)
{
if (ModelState.IsValid) // this is check validity
{
using (WebFTS.Models.webftsEntities db = new WebFTS.Models.webftsEntities())
{
//Method 1 - Still returns value = -1
//var sql = "EXEC [dbo].[usp_ReadUserLogin] @LoginUsername, @LoginPassword";
//var usernameParam = new SqlParameter("@LoginUsername", u.username);
//var passwordParam = new SqlParameter("@LoginPassword", u.password);
//var query = db.Database.ExecuteSqlCommand(sql, usernameParam, passwordParam);
//Method 2 - Still returns value = -1
var query = db.usp_ReadUserLogin(u.username, u.password);
if (query != 0)
{
ViewBag.message = "Incorrect username and/or password.";
}
else
{
var d = db.users.Where(model => model.username.Equals(u.username)).FirstOrDefault();
if (d != null)
{
Session["lid"] = d.user_id.ToString();
Session["lun"] = d.username.ToString();
return RedirectToAction("AfterLogin");
}
}
}
}
return View(u);
}
查看
<div style="margin-right:auto; margin-left:auto;">
<table style="overflow:hidden;">
<tr>
<td>Username</td>
<td>@Html.TextBoxFor(a => a.username)</td>
<td><b>@Html.ValidationMessageFor(a => a.username)</b></td>
</tr>
<tr>
<td>Password</td>
<td>@Html.PasswordFor(a => a.password) </td>
<td><b>@Html.ValidationMessageFor(a => a.password)</b></td>
</tr>
<tr>
<td></td>
<td></td>
<td align="right"><input type="submit" value="Login" class="button" /></td>
</tr>
</table>
</div>
如有任何帮助,我们将不胜感激。非常感谢。
SPROC(更新)
USE [database]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROC [dbo].[usp_ReadUserLogin]
@LoginUsername VARCHAR(50),
@LoginPassword VARCHAR(100)
AS
BEGIN
--SET NOCOUNT ON;
DECLARE @userid INT;
DECLARE @Salt CHAR(25);
DECLARE @PasswordSalt VARCHAR(125);
DECLARE @PasswordHash VARBINARY(255);
SELECT @userid = [dbo].[users].[user_id], @Salt = [dbo].[users].[salt], @PasswordHash = [dbo].[users].[password]
FROM [dbo].[users] WHERE [dbo].[users].[username] = @LoginUsername;
SET @PasswordSalt = @Salt + @LoginPassword;
IF (HASHBYTES('SHA2_512', @PasswordSalt) = @PasswordHash)
SELECT @userid; /*Match*/
ELSE
SELECT 0; /*No Match*/
END;
GO
控制器(更新)
System.Nullable<int> query = db.ReadUserLogin(u.username, u.password).SingleOrDefault();
if (query == 0)
ViewBag.message = "Incorrect username and/or password.";
else if (query.HasValue)
{
//follow the rest of the code to select the user.
}
多亏了Dude Pascalou我才得以解决我的问题。他提供的链接就是答案。我还更新了代码,所以如果有人需要它,他们可以看到之前和之后。感谢您的帮助!
要使其工作,可以用SELECT替换RETURN并删除SET NOCOUNT ON;语句。