Authenticating Login

Posted by Njoroge under ASP.NET on 9/7/2013 | Points: 10 | Views : 1224 | Status : [Member] | Replies : 7
Hi. Iam having a problem with my login page in my aspx application. Once I provide a correct UserId and Password, an error message still pops up and the user cannot login. Anyone to assist me, maybe I send them my code they look at it and point out some flaws?




Responses

Posted by: Bandi on: 9/7/2013 [Member] [MVP] Platinum | Points: 25

Up
0
Down
without code no one will be able to tell the solution...... put a break point for login authentication code and debug the application to check how the control goes on?

Mark This Response as Answer
--
Chandu
http://www.dotnetfunda.com/images/dnfmvp.gif

Njoroge, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Njoroge on: 9/7/2013 [Member] Starter | Points: 25

Up
0
Down
This is my code.
Imports System.Data.SqlClient
Imports System.Data
Imports System
Imports System.Web.Security
Imports System.Data.SqlClient.SqlDataAdapter
Partial Class Home
Inherits System.Web.UI.Page
Dim conn As New SqlConnection
Dim comm As SqlCommand


Protected Sub Register_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Register.Click
Response.Redirect("RegisterUsers.aspx")
End Sub

Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click


conn = New SqlConnection("Data Source=NJOROGE-PC\SQLEXPRESS;Initial Catalog=HotelPortal;User ID=Njoroge;Password=leonard")
Dim Type As String
Type = UserType.SelectedItem.Value
'conn = New SqlConnection()
Dim Cmd As SqlCommand = New SqlCommand("Authenticate", conn)
Cmd.CommandType = CommandType.StoredProcedure
Dim Convert As String = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "SHA1")

Dim ParamUsername As SqlParameter = New SqlParameter("@UserId", SqlDbType.NVarChar, 50)
ParamUsername.Value = txtUsername.Text
Cmd.Parameters.Add(ParamUsername)

Dim ParamPassword As SqlParameter = New SqlParameter("@Password", SqlDbType.NVarChar, 50)
ParamPassword.Value = Convert
Cmd.Parameters.Add(ParamPassword)

Dim ParamType As SqlParameter = New SqlParameter("@Type", SqlDbType.Char, 10)
ParamType.Value = UserType.SelectedItem.Value
Cmd.Parameters.Add(ParamType)

'Dim ParamOutres As SqlParameter = New SqlParameter("@OutRes", SqlDbType.Int, 4)
'Cmd.Parameters.Add(ParamOutres)
'Cmd.Parameters("@OutRes").Direction = ParameterDirection.Output
Try
conn.Open()
'Dim ReturnCode As Integer = (Cmd.Parameters("@OutRes").Value)
Dim ReturnCode As Integer = CInt(Cmd.ExecuteScalar())
If ReturnCode = 1 Then
'FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)
If Type = "Admin" Then
Response.Redirect("AdminHome.aspx")
ElseIf Type = "Visitor" Then
Response.Redirect("UserHome.aspx")

Else
PopUp.Text = "Wrong UserName, UserType Or Password!"
End If
Else
PopUp.Text = "Wrong UserName, UserType Or Password!"

End If

Catch ex As Exception
PopUp.Text = ex.ToString
conn.Close()
End Try
End Sub
End Class


And this is the stored Procedure.
create procedure [dbo].[Authenticate]
@UserId nvarchar (50),
@Password nvarchar (50),
@Type char (10)
as
begin
declare @Count int
select @Count = count(UserId) from Users
where [UserId] = @UserId And [Password] = @Password And [Type] = @Type
if (@Count=1)
begin
select 1 as ReturnCode
end
else
begin
select -1 as ReturnCode
end
end


Njoroge, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Bandi on: 9/7/2013 [Member] [MVP] Platinum | Points: 25

Up
0
Down
may be try this...(removed inner else block)....
If ReturnCode = 1 Then


'FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)

If Type = "Admin" Then

Response.Redirect("AdminHome.aspx")

ElseIf Type = "Visitor" Then

Response.Redirect("UserHome.aspx")

End If

Else
PopUp.Text = "Wrong UserName, UserType Or Password!"
End If


if the above is not working change procedure else part value to zero instead of -1

Mark This Response as Answer
--
Chandu
http://www.dotnetfunda.com/images/dnfmvp.gif

Njoroge, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Njoroge on: 9/7/2013 [Member] Starter | Points: 25

Up
0
Down
I just tried both approaches, still returning an error. Any more tips?

Njoroge, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Bandi on: 9/7/2013 [Member] [MVP] Platinum | Points: 25

Up
0
Down
i doesn't have VS now... can you put break point at btn click event and then debug application to verify return vale from procedure and also if else statements flow.....
note: press F10 to go through each line execution

Mark This Response as Answer
--
Chandu
http://www.dotnetfunda.com/images/dnfmvp.gif

Njoroge, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Satyapriyanayak on: 9/8/2013 [Member] [MVP] Silver | Points: 25

Up
0
Down
http://www.dotnetgallery.com/kb/resource6-Login-authentication-using-LDAP-Active-Directory-for-ASPNET-applications.aspx

If this post helps you mark it as answer
Thanks

Njoroge, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Bandi on: 9/10/2013 [Member] [MVP] Platinum | Points: 25

Up
0
Down
Hi Njoroge,
Look into the following piece of code
Dim Cmd As SqlCommand = New SqlCommand("Authenticate", conn) 

Cmd.CommandType = CommandType.StoredProcedure
Dim Convert As String = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "SHA1")

Dim ParamUsername As SqlParameter = New SqlParameter("@UserId", SqlDbType.NVarChar, 50)
ParamUsername.Value = txtUsername.Text
Cmd.Parameters.Add(ParamUsername)

Dim ParamPassword As SqlParameter = New SqlParameter("@Password", SqlDbType.NVarChar, 50)
ParamPassword.Value = Convert
Cmd.Parameters.Add(ParamPassword)


How you stored Password in database?
If password in DB is plain text then the above code will popup incorrect password message..
Reason: You are trying to compare plain DB password with encrypted password(in application)

Mark This Response as Answer
--
Chandu
http://www.dotnetfunda.com/images/dnfmvp.gif

Njoroge, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response