Home/ Questions/Q 8563379
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T16:56:50+00:00

Hello everyone I have used [Authorize] but when redirect to login view I can

  • 0

Hello everyone I have used [Authorize] but when redirect to login view I can login any username or password so what is the problem and also checking user logged or not?

public ActionResult Login()
        {
            return View();
        }
        [HttpPost]
        public ActionResult Login(Panel model, string Username, string Password)
        {
            if (ModelState.IsValid)
            {
                if (model.Username == Username && model.Password == Password)
                {
                    FormsAuthentication.SetAuthCookie(model.Username, false);
                    return RedirectToAction("Index", "Test");
                }
                else
                {
                    ModelState.AddModelError("", "Wrong username or password");
                }
            }
            return View();
        }

        [Authorize]
        public ActionResult Index()

        {

            return View();
        }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The following test is wrong and it will always return true:

    if (model.Username == Username && model.Password == Password)

    The Panel model’s Username and Password properties are bound from the request and have the same values as the Username and Password arguments.

    You should check the username and password against some database or something. For example if you are using the Membership provider:

    [HttpPost]
public ActionResult Login(Panel model)
{
    if (ModelState.IsValid)
    {
        if (Membership.ValidateUser(model.Username, model.Password))
        {
            FormsAuthentication.SetAuthCookie(model.Username, false);
            return RedirectToAction("Index", "Test");
        }
        else
        {
            ModelState.AddModelError("", "Wrong username or password");
        }
    }
    return View();
}
    • 0