Best practice targeting action result

Question

Best practice targeting action result

Navigation

#1 by (2 votes)

3

I need to direct the administrator to one location, the first-time student to another, and the student you have / p>

My validations are working, everything is working. However, I wonder if there is a best practice to apply for it:

[HttpPost]
        public ActionResult Validar(String cpf, String senha)
        {
            var bdAluno = CONSUL_CA_AlunoAplicacaoConstrutor.CONSUL_CA_AlunoAplicacaoEF();
            var alunos = bdAluno.ListarTodos().Where(x => x.Senha == senha);
            if (alunos.Count() == 1)
            {
                var aluno = alunos.First();

                if (aluno.Cpf == "1413914")
                {
                    FormsAuthentication.SetAuthCookie("admin", false);
                    return RedirectToAction("Index", "HomeADM", new { area = "Administrador" });
                }

                else if (aluno.Senha == "sbe123") {
                    FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
                    return RedirectToAction("AlterarSenha", "HomeAL", new { area = "Aluno" });

                }
                else { 
                FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
                return RedirectToAction("Index", "HomeAL", new { area = "Aluno" });
                }
            }

            return RedirectToAction("Index");
        }

c# asp.net-mvc

asked by anonymous 14.05.2014 / 20:08

1 answer

How to send JSONObject to a Web Service? How to copy a text to the clipboard using ZeroClipboard?

score 2 · Accepted Answer

Redirecting per se is ok, but certainly the way decisions are made for redirects to be made needs good refactoring.

First the following line can find students who have the same password thus making some students could be log in with the other students CPF by accident:

var alunos = bdAluno.ListarTodos().Where(x => x.Senha == senha);
// Deve ficar
var alunos = bdAluno.ListarTodos().Where(x =>x.Cpf == cpf && x.Senha == senha);

It is also not good practice to put hardcoded data in your code, for example in these lines:

if (aluno.Cpf == "1413914")
//e
if (aluno.Senha == "sbe123")

State who are administrators and novice students in the student class itself:

class Aluno {
    public String Cpf {get;set;}
    public String Senha {get;set;}
    public boolean JaAcessouOSistema {get;set;}
    public boolean Administrador {get;set;}
}

public ActionResult Validar(String cpf, String senha)
    {
        var bdAluno = CONSUL_CA_AlunoAplicacaoConstrutor.CONSUL_CA_AlunoAplicacaoEF();
        var alunos = bdAluno.ListarTodos().Where(x => x.Cpf == cpf x.Senha == senha);
        if (alunos.Count() == 1)
        {
            var aluno = alunos.First();

            if (aluno.Administrador)
            {
                FormsAuthentication.SetAuthCookie("admin", false);
                return RedirectToAction("Index", "HomeADM", new { area = "Administrador" });
            }

            else if (!aluno.JaAcessouOSistema) {
                FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
                return RedirectToAction("AlterarSenha", "HomeAL", new { area = "Aluno" });

            }
            else { 
            FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
            return RedirectToAction("Index", "HomeAL", new { area = "Aluno" });
            }
        }

        return RedirectToAction("Index");
    }

Other good practices would be to use the 3-tier architecture (not only the MVC, but the presentation layer, business and data access), IoC and treat the user's case not being found in the system.