Authenticating Login

Posted by Njoroge under ASP.NET on 9/7/2013 | Points: 10 | Views : 2001 | Status : [Member] | Replies : 6

Write New Post |

Search Forums | Answered

Resolved Posts |

Un Answered Posts |

Forums Home

Hi. Iam having a problem with my login page in my aspx application. Once I provide a correct UserId and Password, an error message still pops up and the user cannot login. Anyone to assist me, maybe I send them my code they look at it and point out some flaws?

Reply | Reply with Attachment

Alert Moderator

Responses

Posted by: Bandi on: 9/7/2013 [Member] [MVP] Platinum | Points: 25

0	without code no one will be able to tell the solution...... put a break point for login authentication code and debug the application to check how the control goes on? Mark This Response as Answer -- Chandu http://www.dotnetfunda.com/images/dnfmvp.gif Njoroge, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Njoroge on: 9/7/2013 [Member] Starter | Points: 25

0	This is my code. Imports System.Data.SqlClient Imports System.Data Imports System Imports System.Web.Security Imports System.Data.SqlClient.SqlDataAdapter Partial Class Home Inherits System.Web.UI.Page Dim conn As New SqlConnection Dim comm As SqlCommand Protected Sub Register_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Register.Click Response.Redirect("RegisterUsers.aspx") End Sub Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click conn = New SqlConnection("Data Source=NJOROGE-PC\SQLEXPRESS;Initial Catalog=HotelPortal;User ID=Njoroge;Password=leonard") Dim Type As String Type = UserType.SelectedItem.Value 'conn = New SqlConnection() Dim Cmd As SqlCommand = New SqlCommand("Authenticate", conn) Cmd.CommandType = CommandType.StoredProcedure Dim Convert As String = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "SHA1") Dim ParamUsername As SqlParameter = New SqlParameter("@UserId", SqlDbType.NVarChar, 50) ParamUsername.Value = txtUsername.Text Cmd.Parameters.Add(ParamUsername) Dim ParamPassword As SqlParameter = New SqlParameter("@Password", SqlDbType.NVarChar, 50) ParamPassword.Value = Convert Cmd.Parameters.Add(ParamPassword) Dim ParamType As SqlParameter = New SqlParameter("@Type", SqlDbType.Char, 10) ParamType.Value = UserType.SelectedItem.Value Cmd.Parameters.Add(ParamType) 'Dim ParamOutres As SqlParameter = New SqlParameter("@OutRes", SqlDbType.Int, 4) 'Cmd.Parameters.Add(ParamOutres) 'Cmd.Parameters("@OutRes").Direction = ParameterDirection.Output Try conn.Open() 'Dim ReturnCode As Integer = (Cmd.Parameters("@OutRes").Value) Dim ReturnCode As Integer = CInt(Cmd.ExecuteScalar()) If ReturnCode = 1 Then 'FormsAuthentication.RedirectFromLoginPage(UserName.Text, False) If Type = "Admin" Then Response.Redirect("AdminHome.aspx") ElseIf Type = "Visitor" Then Response.Redirect("UserHome.aspx") Else PopUp.Text = "Wrong UserName, UserType Or Password!" End If Else PopUp.Text = "Wrong UserName, UserType Or Password!" End If Catch ex As Exception PopUp.Text = ex.ToString conn.Close() End Try End Sub End Class And this is the stored Procedure. create procedure [dbo].[Authenticate] @UserId nvarchar (50), @Password nvarchar (50), @Type char (10) as begin declare @Count int select @Count = count(UserId) from Users where [UserId] = @UserId And [Password] = @Password And [Type] = @Type if (@Count=1) begin select 1 as ReturnCode end else begin select -1 as ReturnCode end end Njoroge, if this helps please login to Mark As Answer. \| Alert Moderator

This is my code.
Imports System.Data.SqlClient
Imports System.Data
Imports System
Imports System.Web.Security
Imports System.Data.SqlClient.SqlDataAdapter
Partial Class Home
Inherits System.Web.UI.Page
Dim conn As New SqlConnection
Dim comm As SqlCommand

Protected Sub Register_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Register.Click
Response.Redirect("RegisterUsers.aspx")
End Sub

Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click

conn = New SqlConnection("Data Source=NJOROGE-PC\SQLEXPRESS;Initial Catalog=HotelPortal;User ID=Njoroge;Password=leonard")
Dim Type As String
Type = UserType.SelectedItem.Value
'conn = New SqlConnection()
Dim Cmd As SqlCommand = New SqlCommand("Authenticate", conn)
Cmd.CommandType = CommandType.StoredProcedure
Dim Convert As String = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "SHA1")

Dim ParamUsername As SqlParameter = New SqlParameter("@UserId", SqlDbType.NVarChar, 50)
ParamUsername.Value = txtUsername.Text
Cmd.Parameters.Add(ParamUsername)

Dim ParamPassword As SqlParameter = New SqlParameter("@Password", SqlDbType.NVarChar, 50)
ParamPassword.Value = Convert
Cmd.Parameters.Add(ParamPassword)

Dim ParamType As SqlParameter = New SqlParameter("@Type", SqlDbType.Char, 10)
ParamType.Value = UserType.SelectedItem.Value
Cmd.Parameters.Add(ParamType)

'Dim ParamOutres As SqlParameter = New SqlParameter("@OutRes", SqlDbType.Int, 4)
'Cmd.Parameters.Add(ParamOutres)
'Cmd.Parameters("@OutRes").Direction = ParameterDirection.Output
Try
conn.Open()
'Dim ReturnCode As Integer = (Cmd.Parameters("@OutRes").Value)
Dim ReturnCode As Integer = CInt(Cmd.ExecuteScalar())
If ReturnCode = 1 Then
'FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)
If Type = "Admin" Then
Response.Redirect("AdminHome.aspx")
ElseIf Type = "Visitor" Then
Response.Redirect("UserHome.aspx")

Else
PopUp.Text = "Wrong UserName, UserType Or Password!"
End If
Else
PopUp.Text = "Wrong UserName, UserType Or Password!"

End If

Catch ex As Exception
PopUp.Text = ex.ToString
conn.Close()
End Try
End Sub
End Class

And this is the stored Procedure.
create procedure [dbo].[Authenticate]
@UserId nvarchar (50),
@Password nvarchar (50),
@Type char (10)
as
begin
declare @Count int
select @Count = count(UserId) from Users
where [UserId] = @UserId And [Password] = @Password And [Type] = @Type
if (@Count=1)
begin
select 1 as ReturnCode
end
else
begin
select -1 as ReturnCode
end
end

Njoroge, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Bandi on: 9/7/2013 [Member] [MVP] Platinum | Points: 25

0	may be try this...(removed inner else block).... If ReturnCode = 1 Then 'FormsAuthentication.RedirectFromLoginPage(UserName.Text, False) If Type = "Admin" Then Response.Redirect("AdminHome.aspx") ElseIf Type = "Visitor" Then Response.Redirect("UserHome.aspx") End If Else PopUp.Text = "Wrong UserName, UserType Or Password!" End If if the above is not working change procedure else part value to zero instead of -1 Mark This Response as Answer -- Chandu http://www.dotnetfunda.com/images/dnfmvp.gif Njoroge, if this helps please login to Mark As Answer. \| Alert Moderator

may be try this...(removed inner else block)....

If ReturnCode = 1 Then



'FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)



If Type = "Admin" Then



Response.Redirect("AdminHome.aspx")



ElseIf Type = "Visitor" Then



Response.Redirect("UserHome.aspx")



End If



Else

PopUp.Text = "Wrong UserName, UserType Or Password!"

End If

if the above is not working change procedure else part value to zero instead of -1

Mark This Response as Answer
--
Chandu
http://www.dotnetfunda.com/images/dnfmvp.gif

Njoroge, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Njoroge on: 9/7/2013 [Member] Starter | Points: 25

0	I just tried both approaches, still returning an error. Any more tips? Njoroge, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Bandi on: 9/7/2013 [Member] [MVP] Platinum | Points: 25

0	i doesn't have VS now... can you put break point at btn click event and then debug application to verify return vale from procedure and also if else statements flow..... note: press F10 to go through each line execution Mark This Response as Answer -- Chandu http://www.dotnetfunda.com/images/dnfmvp.gif Njoroge, if this helps please login to Mark As Answer. \| Alert Moderator

Posted by: Bandi on: 9/10/2013 [Member] [MVP] Platinum | Points: 25

0	Hi Njoroge, Look into the following piece of code Dim Cmd As SqlCommand = New SqlCommand("Authenticate", conn) Cmd.CommandType = CommandType.StoredProcedure Dim Convert As String = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "SHA1") Dim ParamUsername As SqlParameter = New SqlParameter("@UserId", SqlDbType.NVarChar, 50) ParamUsername.Value = txtUsername.Text Cmd.Parameters.Add(ParamUsername) Dim ParamPassword As SqlParameter = New SqlParameter("@Password", SqlDbType.NVarChar, 50) ParamPassword.Value = Convert Cmd.Parameters.Add(ParamPassword) How you stored Password in database? If password in DB is plain text then the above code will popup incorrect password message.. Reason: You are trying to compare plain DB password with encrypted password(in application) Mark This Response as Answer -- Chandu http://www.dotnetfunda.com/images/dnfmvp.gif Njoroge, if this helps please login to Mark As Answer. \| Alert Moderator

Hi Njoroge,
Look into the following piece of code

Dim Cmd As SqlCommand = New SqlCommand("Authenticate", conn) 

Cmd.CommandType = CommandType.StoredProcedure 

Dim Convert As String = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "SHA1") 



Dim ParamUsername As SqlParameter = New SqlParameter("@UserId", SqlDbType.NVarChar, 50) 

ParamUsername.Value = txtUsername.Text 

Cmd.Parameters.Add(ParamUsername) 



Dim ParamPassword As SqlParameter = New SqlParameter("@Password", SqlDbType.NVarChar, 50) 

ParamPassword.Value = Convert   

Cmd.Parameters.Add(ParamPassword)

How you stored Password in database?
If password in DB is plain text then the above code will popup incorrect password message..
Reason: You are trying to compare plain DB password with encrypted password(in application)

Mark This Response as Answer
--
Chandu
http://www.dotnetfunda.com/images/dnfmvp.gif

Njoroge, if this helps please login to Mark As Answer. | Alert Moderator

Latest Posts