CODEWITHSUNDEEP
c#asp.net-mvcasp.net-coreasp.net-core-mvc
XamDev
XamDev

Reputation: 3647

Working with password field in mvc

Whenever I am trying to insert records it gives me error message for password field as '

The value 'SomePassword' is not valid for password

Model

public byte[] Password { get; set; }

View

<label class="input">
<i class="icon-append fa fa-tag"></i>
@Html.PasswordFor(model => model.Class.Password, new { @class = "form-control", @id = "txtPassword" })
<span asp-validation-for="Class.Password" class="text-danger"></span>
</label>

When checked in controller the ModelState is invalid and error message is coming why is it so ?. I have tried with DataType.Password on Password field, but still no success

The Password column has datatype 'Varbinary' in sql server.

Any help on this appreciated !

Upvotes: 2

Views: 13066

Answers (3)

ste-fu
ste-fu

Reputation: 7434

A password is never entered by the user as a byte arrray, it is converted into one before hashing.

The mvc model binder has no built in capability to convert any input to a byte array, and even though you could write a custom model binder I don't see why you would want to, as a plain string is much easier to type.

Even though the SQL type may be varbinary, you do not want the user to enter this representation in your model.

You should set the Class.Password property to be a string, and then in your server side code, you should be hashing the password.

Encoding.UTF8.GetBytes(password); will convert the string password into a byte[] but it on it's own it is not sufficient for secure password storage.

I strongly recommend you take a look at https://www.asp.net/identity if you have the option to upgrade your password requriements.

Upvotes: 4

Peter B
Peter B

Reputation: 24136

What you wrote would only work if class Model has a property called Class, and the property Class has a property Password.

Try using this instead:

@Html.PasswordFor(model => model.Password, ...

Also, the Password property in your ViewModel needs to be a string. Both the Web and MVC cannot use byte[] for text input controls.

You can store a byte[] - hashed and encrypted, the best approach! - but it first comes in as a string.

Upvotes: 1

SKLTFZ
SKLTFZ

Reputation: 950

why dont you start with the Password model of the Default Account, and modify it to fit your actual need? or you have a very unusal password requirement which need byte[]? otherwise you should just convert it when you actually needed to...

Model

[Required]
[StringLength(100, ErrorMessage = "The {0} must be at least {2} characters long.", MinimumLength = 6)]
[DataType(DataType.Password)]
[Display(Name = "Password")]
public string Password { get; set; }

View

<div class="form-group">
    @Html.LabelFor(m => m.Password, new { @class = "col-md-2 control-label" })
    <div class="col-md-10">
        @Html.PasswordFor(m => m.Password, new { @class = "form-control" })
    </div>
</div>

Upvotes: 2

Related Questions