C# 使用私有属性getter(用于密码)在控制器上绑定ASP.NET核心模型
我有一个简单的用户类,对于Password属性,我想使getter私有(仅在内部使用-公开一个公共VerifyPassword方法,该方法将在内部执行验证并返回布尔值) 现在问题来了,我的控制器中的路由上的模型绑定。当我尝试使用C# 使用私有属性getter(用于密码)在控制器上绑定ASP.NET核心模型,c#,razor,asp.net-core-mvc,private,model-binding,C#,Razor,Asp.net Core Mvc,Private,Model Binding,我有一个简单的用户类,对于Password属性,我想使getter私有(仅在内部使用-公开一个公共VerifyPassword方法,该方法将在内部执行验证并返回布尔值) 现在问题来了,我的控制器中的路由上的模型绑定。当我尝试使用asp for标记帮助器指向Model.Password时,它告诉我“由于get访问器不可用,因此无法在此上下文中使用Password” 我是初学者。我认为将getter保密是保护它不被曝光的明智之举。但是现在我不能在模型绑定中使用它 所以有几个问题: 这是保护密码的正确
asp for using System;
namespace user_signup.Models {
public class User
{
private string username;
private string email;
private string password;
public string Username {
get => username;
set {
if (value.Length < 5) {
throw new ArgumentException("Username is too short.");
}
if (value.Length > 15) {
throw new ArgumentException("Username is too long.");
}
username = value;
}
}
public string Email {
get => email;
set {
// email validation here
email = value;
}
}
public string Password {
// the getter is private (only accessable internally)
private get => password;
set {
if (value.Length < 5) {
throw new ArgumentException("Password is too short.");
}
if (value.Length > 15) {
throw new ArgumentException("Password is too long.");
}
password = value;
}
}
// public means of verifying a password (the password itself is never exposed)
public bool VerifyPassword(string pass) => Password.Equals(pass);
// counter of all users that have been instantiated (prevents overlapping IDs)
// static so it is at the Class level (can be counted globally outside of all User instances)
private static int NextId = 0;
// can only be set internally (private setter)
// defaults to the CURRENT VALUE of NextId and THEN increments NextId for the next instantiation
public int UserId { get; } = NextId++;
// can only be set internally (private setter)
// defaults to current DateTime in string format
public string CreateDate { get; private set; } = DateTime.Now.ToString();
// the model will be populated from form data sent in a Request
public User() {}
// for creating a user by other means (manually)
public User(string u, string e, string p) {
Username = u;
Email = e;
Password = p;
}
public override string ToString() {
return String.Format(
"UserId: {0}\nUsername: {1}\nEmail: {2}\n\n",
UserId,
Username,
Email
);
}
}
}
@using user_signup.Controllers
@model UserController.ViewModel
<!DOCTYPE html>
<html>
<head>
<title>title</title>
</head>
<body>
<div>
<form asp-controller="User" asp-action="Add" method="post">
<label>Username: </label>
<input type="text" asp-for="@Model.User.Username" required/>
<label>Email: </label>
<input type="text" asp-for="@Model.User.Email"/>
<label>Password: </label>
<input type="password" asp-for="@Model.User.Password" required/>
<label>Verify Password: </label>
<input type="password" name="verify" required/>
<input type="submit" value="Sign Up"/>
</form>
</div>
</body>
</html>
@使用用户注册控制器
@模型UserController.ViewModel
标题
用户名:
电邮:
密码:
验证密码:
- 不要在数据库中将密码存储为纯文本
- 用于管理身份验证
- 不要直接在视图中使用域实体(
,在这种情况下),而是使用UserViewModel - 用于验证用户输入的用户
- 不要在数据库中将密码存储为纯文本
- 用于管理身份验证
- 不要直接在视图中使用域实体(
,在这种情况下),而是使用UserViewModel - 用于验证用户输入的用户
私有视图模型私有视图模型@using user_signup.Controllers
@model UserController.ViewModel
<!DOCTYPE html>
<html>
<head>
<title>title</title>
</head>
<body>
<div>
<form asp-controller="User" asp-action="Add" method="post">
<label>Username: </label>
<input type="text" asp-for="@Model.User.Username" required/>
<label>Email: </label>
<input type="text" asp-for="@Model.User.Email"/>
<label>Password: </label>
<input type="password" asp-for="@Model.User.Password" required/>
<label>Verify Password: </label>
<input type="password" name="verify" required/>
<input type="submit" value="Sign Up"/>
</form>
</div>
</body>
</html>