Create register for ASP.Net Web App

From TRCCompSci - AQA Computer Science
Revision as of 14:56, 19 October 2024 by Admin (talk | contribs) (Adding the code to handle the form)
Jump to: navigation, search

Creating the Page

Add a new Razor Page and call it `register`.

Now add the following HTML form: 

	<form method="post">
		Username: <input type="Text" name="user">
		Email: <input type=Email" name="email">
		Password: <input type="Password" name="pass1">
		Confirm:  <input type="Password" name="pass2">
		<input type="submit">
	</form>

Adding the code to handle the form

The code below initially gets the data from the form and stores it in some local variables. My `User` table essentially has an additional field called `status`. This is so we can approve users or have users with different access ability. Status of 0 could be unverified. The code below will also check that password and the confirm password are equal. 

public IActionResult OnPost()
{
	string username = Request.Form["user"];
	string email = Request.Form["email"];
	string pass1 = Request.Form["pass1"];
	string pass2 = Request.Form["pass2"];
	int status = 0;

	if (pass1 == pass2)
	{
		using var connection = GetConnection;

		connection.Open();
		string sql = "insert into test values(@p1, @p2, @p3, @p4);";
		using var Command = new MySqlCommand(sql, connection);
		Command.Parameters.AddWithValue("@p1", username);
		Command.Parameters.AddWithValue("@p2", pass1);
		Command.Parameters.AddWithValue("@p3", email);
		Command.Parameters.AddWithValue("@p4", status);

		Command.ExecuteNonQuery();
		connection.Close();
	}

	return Page();
}

The code above uses `parameterised` SQL, add in the parameters in this way will protect from SQL Injection attacks. The data fields taken from the form is treated as a single item and are never treated as SQL.

Storing Passwords

Passwords should never be stored in a readable format. Instead they should be encrypted or hashed to make them unreadable. In order to use a suitable hashing function you need to include this line in the using section: 

using System.Security.Cryptography;

Now, we need to hash the password before we save it (this should go in the if statement which checks if pass1 & pass2 are equal): Passwords should never be stored in a readable format. Instead they should be encrypted or hashed to make them unreadable. In order to use a suitable hashing function you need to include this line in the using section: 

	string hash = "";
	var inputBytes = Encoding.UTF8.GetBytes(pass1);
	var inputHash = SHA256.HashData(inputBytes);
	hash = Convert.ToHexString(inputHash);

Now in the SQL Parameters section, make sure the hash is used instead of the password.

Retrieved from ‘http://www.trccompsci.online/mediawiki/index.php?title=Create_register_for_ASP.Net_Web_App&oldid=8998