David Buckley
David Buckley

Reputation: 13

Be more specific in what has failed c# ef4.0

How can i be more specific in what has fialed ie how would i report back that is the username or password failed and not just report back failed.

So i can return username was correct but password was not

   ////////////////////////////////////////////////////////////////////////////////////////////////////
        /// <summary>  Validates the user. </summary>
        ///
        /// <remarks>  Dave, 2/15/2014. </remarks>
        ///
        /// <exception cref="EntityContextException">  Thrown when an Entity Context error condition
        ///                                            occurs. </exception>
        ///
        /// <param name="username">    The username. </param>
        /// <param name="password">    The password. </param>
        ///
        /// <returns>  The NaviHrUsers. </returns>
        ////////////////////////////////////////////////////////////////////////////////////////////////////

        public NaviHrUsers ValidateUser(string username, string password)
        {

            try
            {
                NaviHrUsers currentUser = naviEntities.NaviHrUsers.FirstOrDefault(r => r.login == username && r.password == password);

                if (currentUser != null)
                {
                    return currentUser;
                }

                else
                {
                    return null;
                }
            }
            catch (Exception ex)
            {
                throw new EntityContextException("ValidateUser failed.", ex);
            }
        }

Upvotes: 0

Views: 44

Answers (1)

Adam Modlin
Adam Modlin

Reputation: 3024

It's poor security practice to let a user know the the username was correct but the password was incorrect. That gives an attacker the ability to guess the password again.

Upvotes: 2

Related Questions