Create register for ASP.Net Web App

From TRCCompSci - AQA Computer Science
Revision as of 16:20, 19 October 2024 by Admin (talk | contribs) (Creating the Page)
Jump to: navigation, search

Creating the Page

Add a new Razor Page and call it `register`.

Now add the following HTML form: 

	<h1 class="display-4">Register</h1>
	<form method="post">
		Username: <input type="text" name="user" />
		Email: <input type="text" name="email" />
		Password: <input type="text" name="pass1"/>
		Confirm: <input type="text" name="pass2" />
		<input type="submit" />
	</form>

Adding the code to handle the form

The code below initially gets the data from the form and stores it in some local variables. My `User` table essentially has an additional field called `status`. This is so we can approve users or have users with different access ability. Status of 0 could be unverified. The code below will also check that password and the confirm password are equal. 

public IActionResult OnPost()
{
	string username = Request.Form["user"];
	string email = Request.Form["email"];
	string pass1 = Request.Form["pass1"];
	string pass2 = Request.Form["pass2"];
	int status = 0;

	if (pass1 == pass2)
	{
		using var connection = GetConnection;

		connection.Open();
		string sql = "insert into test values(@p1, @p2, @p3, @p4);";
		using var Command = new MySqlCommand(sql, connection);
		Command.Parameters.AddWithValue("@p1", username);
		Command.Parameters.AddWithValue("@p2", pass1);
		Command.Parameters.AddWithValue("@p3", email);
		Command.Parameters.AddWithValue("@p4", status);

		Command.ExecuteNonQuery();
		connection.Close();
	}

	return Page();
}

The code above uses `parameterised` SQL, add in the parameters in this way will protect from SQL Injection attacks. The data fields taken from the form is treated as a single item and are never treated as SQL.

Storing Passwords

Passwords should never be stored in a readable format. Instead they should be encrypted or hashed to make them unreadable. In order to use a suitable hashing function you need to include this line in the using section: 

using System.Security.Cryptography;

Now, we need to hash the password before we save it (this should go in the if statement which checks if pass1 & pass2 are equal): Passwords should never be stored in a readable format. Instead they should be encrypted or hashed to make them unreadable. In order to use a suitable hashing function you need to include this line in the using section: 

	string hash = "";
	var inputBytes = Encoding.UTF8.GetBytes(pass1);
	var inputHash = SHA256.HashData(inputBytes);
	hash = Convert.ToHexString(inputHash);

Now in the SQL Parameters section, make sure the hash is used instead of the password.

Adapting your login code

Now we are hashing password when the user registers, we need to hash the password when they login as well.

Retrieved from ‘http://www.trccompsci.online/mediawiki/index.php?title=Create_register_for_ASP.Net_Web_App&oldid=9000