Reputation: 13
How can i be more specific in what has fialed ie how would i report back that is the username or password failed and not just report back failed.
So i can return username was correct but password was not
////////////////////////////////////////////////////////////////////////////////////////////////////
/// <summary> Validates the user. </summary>
///
/// <remarks> Dave, 2/15/2014. </remarks>
///
/// <exception cref="EntityContextException"> Thrown when an Entity Context error condition
/// occurs. </exception>
///
/// <param name="username"> The username. </param>
/// <param name="password"> The password. </param>
///
/// <returns> The NaviHrUsers. </returns>
////////////////////////////////////////////////////////////////////////////////////////////////////
public NaviHrUsers ValidateUser(string username, string password)
{
try
{
NaviHrUsers currentUser = naviEntities.NaviHrUsers.FirstOrDefault(r => r.login == username && r.password == password);
if (currentUser != null)
{
return currentUser;
}
else
{
return null;
}
}
catch (Exception ex)
{
throw new EntityContextException("ValidateUser failed.", ex);
}
}
Upvotes: 0
Views: 44
Reputation: 3024
It's poor security practice to let a user know the the username was correct but the password was incorrect. That gives an attacker the ability to guess the password again.
Upvotes: 2