Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- CREATE PROCEDURE [dbo].[uspLogin]
- (
- @pUserName VARCHAR(150),
- @pPassword VARCHAR(150),
- @responseMessage NVARCHAR(250)='' OUTPUT
- )
- AS
- BEGIN
- -- SET NOCOUNT ON added to prevent extra result sets from
- -- interfering with SELECT statements.
- SET NOCOUNT ON
- DECLARE @userID INT
- IF EXISTS (SELECT TOP 1 ID FROM dbo.[User] WHERE UserName = @pUserName)
- BEGIN
- SET @userID = (SELECT ID FROM dbo.[User] WHERE UserName = @pUserName AND PasswordHash=HASHBYTES('SHA2_512', @pPassword+CAST(Salt AS NVARCHAR(36))))
- IF(@userID IS NULL)
- SET @responseMessage='Incorrect password'
- ELSE
- SET @responseMessage='Success'
- END
- ELSE
- SET @responseMessage = 'Invalid Login'
- END
- [HttpPost]
- public IActionResult Index(User user)
- {
- //return RedirectToAction("Success", "Home", new { @email = user.EmailAddress });
- var userName = user.UserName;
- var password = user.Password;
- var message = new SqlParameter
- {
- ParameterName = "responseMessage",
- SqlDbType = SqlDbType.NVarChar,
- Size = 250,
- Direction = ParameterDirection.InputOutput,
- };
- _context.Database.ExecuteSqlCommand("dbo.uspLogin @p0, @p1, @responseMessage", userName, password, message);
- return RedirectToAction("Success", "Home", new { email = message.SqlValue });
- }
Add Comment
Please, Sign In to add comment