Search
Winners

Win Prizes

Social Presence
Twitter Twitter LinkedIn YouTube Google

Like us on Facebook
Advertisements
Top Forums Author
Thu, 24-Jul-2014 Authors
Jayakumars
20
Nayeem@Dotnetfunda
10
Rajkatie
10
All Time Authors
Jayakumars
4120
Karthikanbarasan
3455
Chvrsri
3140

Latest members | More ...


(Statistics delayed by 5 minutes)

login page coding

Karodegaurav
Posted by Karodegaurav under ASP.NET on 1/15/2010 11:37:34 PM | Views : 3390 | Status : [Member] | Replies : 6


hi i want to learn the login page coding in asp.net im simple way and to connect it to the sql server databdase please help me.



Posted by: Poster on: 1/16/2010 [Member] Starter

Hi Karo...

As far as the username and passord validation are concerned, following method will help you.

public object Login(string userName, string password, string currentDateTime)

{
object obj = null;

SqlConnection conn = new SqlConnection("your database connectionstring");
try
{
conn.Open();

strSql = "Select AutoID from userslogintable where UserName = @userName and UserPassword = @password order by UserName";

SqlParameter[] prms = new SqlParameter[2];
prms[0] = new SqlParameter("@userName", SqlDbType.String);
prms[0].Value = userName;
prms[1] = new SqlParameter("@password", SqlDbType.String);
prms[1].Value = password;

obj = base.ExecuteScalarParameterized(conn, strSql, prms);
}
catch
{
throw;
}
finally
{
conn.Close();
conn.Dispose();
}

return obj;
}



This method will return object, if object is null means username and password doesn't exists else use exists, and athentication should be pass, proceed with below given articles on how to do if authentication passed.

http://www.dotnetfunda.com/articles/article423-forms-authentication.aspx

http://www.dotnetfunda.com/articles/article141.aspx

http://www.dotnetfunda.com/articles/article114.aspx


Hope this helps.

Thank you.

Karodegaurav, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Sagarp on: 1/16/2010 [Member] Bronze

System.Data.SqlClient.SqlConnection SQLCon = new
System.Data.SqlClient.SqlConnection("server=localhost;database=netdb");
// get row back based on username/password
//System.Data.SqlClient.SqlDataAdapter System.Data.SqlClient.SqlDataAdapter("Select * From emp Where Username='" +
UserName.Text + "' And Password = '" +
Password.Text + "'");
System.Data.DataSet ds = new System.Data.DataSet();
SqlCmd.Fill( ds );

// check to see if the dataset contains no rows (if it is EOF (i.e.
// contains no rows), then the user is invalid)
if( ds.Tables["Person"].Rows.Count == 0 )
{
Message.Text = "Invalid User Name and Password. Try Again.";
} else {
Message.Text = "Congratulations!!! You have successfully signed in.";

Thanks
SagarP
http://www.emanonsolutions.net
http://emanonsolutions.blogspot.com/

Karodegaurav, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Puneet20884 on: 1/16/2010 [Member] Bronze

Very good ideas given there

http://www.eggheadcafe.com/community/aspnet/17/10113334/implementing-login-functi.aspx

had seen in my early days

Best Regards,
Puneet Sharma - Infosys
Pune, India

Karodegaurav, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Bubbly on: 1/18/2010 [Member] Bronze

Hello,

You can check this link

msdn.microsoft.com/en-us/library/ms178331.aspx

++
Thanks & Regards,
Deepika

Karodegaurav, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Rtpharry on: 1/18/2010 [Member] [MVP] Bronze

Hi,

The best way to implement login functionality with an asp.net is to use a codeless solution.

Asp.net application services provides built in support for membership, roles, authentication, authorization and profiles.

You simply need to put the <asp:Login> control on to the page and you don't have to write any code. Of course there are a few more steps you should take if you want to store the database in a proper sql database rather than in an app_code database.

Check this tutorial out for an introduction:
http://msdn.microsoft.com/en-us/library/ms998347.aspx

Dont worry about the mention of 2.0 as this is when it was introduced into the asp.net platform and it hasn't changed since then so it is still relevant.

Karodegaurav, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Rtpharry on: 1/18/2010 [Member] [MVP] Bronze

Sargarp the code that you posted has a security vulnerability in it.

This section:
System.Data.SqlClient.SqlDataAdapter("Select * From emp Where Username='" + UserName.Text + "' And Password = '" + Password.Text + "'"); 


leaves you open to what is known as a sql injection attack.

Please refer to these links for more information:
http://msdn.microsoft.com/en-us/library/ms998271.aspx#paght000002_step3
http://www.mikesdotnetting.com/Article/113/Preventing-SQL-Injection-in-ASP.NET
http://www.asp.net/learn/security-videos/video-8718.aspx

If you have used that code on any production sites you should fix it immediately.

Karodegaurav, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response


Found interesting? Add this to: