Best practice action result targeting

Question

Best practice action result targeting

Asked 10 years, 1 month ago

Viewed 144 times

3

I need to direct the administrator to a location, the first-time student to another and the student who has already accessed, to another.

My validations are working, everything is going well. However, I would like to know if there is a best practice to apply for such:

[HttpPost]
        public ActionResult Validar(String cpf, String senha)
        {
            var bdAluno = CONSUL_CA_AlunoAplicacaoConstrutor.CONSUL_CA_AlunoAplicacaoEF();
            var alunos = bdAluno.ListarTodos().Where(x => x.Senha == senha);
            if (alunos.Count() == 1)
            {
                var aluno = alunos.First();

                if (aluno.Cpf == "1413914")
                {
                    FormsAuthentication.SetAuthCookie("admin", false);
                    return RedirectToAction("Index", "HomeADM", new { area = "Administrador" });
                }

                else if (aluno.Senha == "sbe123") {
                    FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
                    return RedirectToAction("AlterarSenha", "HomeAL", new { area = "Aluno" });

                }
                else { 
                FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
                return RedirectToAction("Index", "HomeAL", new { area = "Aluno" });
                }
            }

            return RedirectToAction("Index");
        }

1 answer

Browser other questions tagged c# asp.net-mvc

You are not signed in. Login or sign up in order to post.

by Carlos Nascimento • 36 points · Answer 1 · 2014-05-20T14:58:21+00:00

The redirection per se is ok, but surely the way decisions are made so that these redirects are made needs a good refactoring.

First the following line can find students who have the same password so making some students may be log with the CPF other students by accident:

var alunos = bdAluno.ListarTodos().Where(x => x.Senha == senha);
// Deve ficar
var alunos = bdAluno.ListarTodos().Where(x =>x.Cpf == cpf && x.Senha == senha);

Nor is it good practice to put data hardcoded in your code as for example in these lines:

if (aluno.Cpf == "1413914")
//e
if (aluno.Senha == "sbe123")

Indicate who are administrators and new students in the student class itself:

class Aluno {
    public String Cpf {get;set;}
    public String Senha {get;set;}
    public boolean JaAcessouOSistema {get;set;}
    public boolean Administrador {get;set;}
}

public ActionResult Validar(String cpf, String senha)
    {
        var bdAluno = CONSUL_CA_AlunoAplicacaoConstrutor.CONSUL_CA_AlunoAplicacaoEF();
        var alunos = bdAluno.ListarTodos().Where(x => x.Cpf == cpf x.Senha == senha);
        if (alunos.Count() == 1)
        {
            var aluno = alunos.First();

            if (aluno.Administrador)
            {
                FormsAuthentication.SetAuthCookie("admin", false);
                return RedirectToAction("Index", "HomeADM", new { area = "Administrador" });
            }

            else if (!aluno.JaAcessouOSistema) {
                FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
                return RedirectToAction("AlterarSenha", "HomeAL", new { area = "Aluno" });

            }
            else { 
            FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
            return RedirectToAction("Index", "HomeAL", new { area = "Aluno" });
            }
        }

        return RedirectToAction("Index");
    }

Other good practices would be the use of 3-tier architecture (not only the MVC but the presentation layer, business and data access layer), Ioc and treat the case the user is not found on the system.