Click here to Skip to main content
14,774,467 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
i complete login and log out code in asp.net mvc5 but if i enter any url then any page are open..so what code i add thire so page not serve without login ???

What I have tried:

[HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult login(reshabregi u)
        {
            if(ModelState.IsValid)
            {
                var v = db1.reshabregis.Where(a => a.Username1.Equals(u.Username1) && a.Password1.Equals(u.Password1)).FirstOrDefault();
                if(v != null)
                {
                    Session["username"] = u.Username1;
                    return RedirectToAction("Index", "uploadfile");
                }
               else
                {
                    ViewBag.message = "ENter username and password properly";
                }
            }
            return View();
        }
Posted
Updated 15-Feb-16 1:07am
v2
Comments
Richard Deeming 15-Feb-16 9:53am
   
You're storing passwords in plain text. That is an extremely bad idea. You should only ever store a salted hash of the password, using a unique salt per record.

Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

Why are you re-inventing the wheel? ASP.NET has several perfectly good authentication systems available out of the box. For example:
ASP.NET Identity[^]

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900