David Buckley
Reputation: 13
Be more specific in what has failed c# ef4.0
How can i be more specific in what has fialed ie how would i report back that is the username or password failed and not just report back failed.
So i can return username was correct but password was not
////////////////////////////////////////////////////////////////////////////////////////////////////
/// <summary> Validates the user. </summary>
///
/// <remarks> Dave, 2/15/2014. </remarks>
///
/// <exception cref="EntityContextException"> Thrown when an Entity Context error condition
/// occurs. </exception>
///
/// <param name="username"> The username. </param>
/// <param name="password"> The password. </param>
///
/// <returns> The NaviHrUsers. </returns>
////////////////////////////////////////////////////////////////////////////////////////////////////
public NaviHrUsers ValidateUser(string username, string password)
{
try
{
NaviHrUsers currentUser = naviEntities.NaviHrUsers.FirstOrDefault(r => r.login == username && r.password == password);
if (currentUser != null)
{
return currentUser;
}
else
{
return null;
}
}
catch (Exception ex)
{
throw new EntityContextException("ValidateUser failed.", ex);
}
}
Upvotes: 0
Views: 44
Answers (1)
Adam Modlin
Reputation: 3024
It's poor security practice to let a user know the the username was correct but the password was incorrect. That gives an attacker the ability to guess the password again.
Upvotes: 2
Related Questions
- Sql Exception With .net 4 & EF
- type error in EF 4.1
- Entity Framework Exception
- "Specified method is not supported" in Entity Framework
- Entity framework 4.0 getting 3032 error
- How do I fix this weird entity framework error?
- Entity framework Problems
- Struggling With Entity Framework 4
- Error with Entity Framework 4 and MVC 3
- Entity Framework Logical Entity Error