Login controls

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • shilpareddy2787
    New Member
    • Nov 2007
    • 11
    #1

    Login controls

    Hi,

    I am new to asp.net. I created an application using login controls.Now I have a problem. In SQLserver I have a database. In that I created a signup table.
    the data which I enter in sign up application which contains username,passwo rd and email are stored in to that table.when user wants to login he enters username and password, Now these username and password values check with all the values in the table. If this username and password are in table, then user goes to next page, other wise A error message should be thrown. How the code for this.can you help me.
    Tags: None
    • shweta123
      Recognized Expert Contributor
      • Nov 2006
      • 692
      #2
      Hi,

      You can do it like this way ,
      e.g. You have taken Login control called as Login1

      Code:
       
     Dim Comm as new OleDbCommand
    Comm.CommandText = "Select loginame from signup where login_name = '" & Login1.UserName.Trim & "' and password ='" & Login1.Password.Trim & "' "

            Comm.CommandType = CommandType.Text
            Comm.Connection = conn

           Dim login_name as string = ""
            If Not IsNothing(Comm.ExecuteScalar()) Then
                 login_name = Comm.ExecuteScalar().ToString()
           End If

            If  login_name = "" Then
                ''''''''Display Error Message , if loginId does not exist
            Else
                    '''''''Redirect to the page you want
                  Response.Redirect("Someotherpage.asp")
            End If
      Originally posted by shilpareddy2787
      Hi,

      I am new to asp.net. I created an application using login controls.Now I have a problem. In SQLserver I have a database. In that I created a signup table.
      the data which I enter in sign up application which contains username,passwo rd and email are stored in to that table.when user wants to login he enters username and password, Now these username and password values check with all the values in the table. If this username and password are in table, then user goes to next page, other wise A error message should be thrown. How the code for this.can you help me.

        Comment

        • aaronsandoval
          New Member
          • Nov 2007
          • 13
          #3
          There are many ways to approach this scenario and accomplish what you are trying to write. The above sample code posted by shweta123 is a nice example but I do recommend a little different road to take.

          This example above uses in-line SQL statements, one major mistake if you want to become victim of SQL injection attacks. But it really just depends on how secure and "code tight" you want your application. In the beginning, I think every developer used in-line SQL but as we continue to learn from others and keep an open mind every developer I know uses stored procedures to accomplish these types of tasks.

          I am going to provide you an example of how my team would write out this type of EXAMPLE code to check the database for User Name, Password and Email so we can continue with the script. We would have all of this code broken down into different layers (Data Access, Business Logic and Presentation) but this is a simple code example.

          THIS EXAMPLE BELOW IS RELATED TO SIGNING UP A USER, BUT YOU CAN GATHER THE SYNTAX FROM IT TO CHECK WHETHER THE USERS USERNAME AND PASSWORD ARE CORRECT.

          DATABASE TABLE
          [code=sql]
          App_Users (DATABASE TABLE)
          UserID (integer)
          UserName (nvarchar(64))
          UserPassword (nvarchar(256))
          UserEmail (nvarchar(50))
          [/code]
          DATABASE STORED PROCEDURE
          [code=sql]
          CREATE PROCEDURE [App_Users_SignU pUser]
          (
          @UserName nvarchar(64),
          @UserPassword nvarchar(256),
          @UserEmail nvarchar(50)
          )
          AS
          IF EXISTS(SELECT UserID FROM App_Users WHERE UserName = @UserName OR UserEmail = @UserEmail)
          BEGIN
          -- USER EXISTS SO THROW ERROR IN CODE MATCHING VALUE USEREXISTS AND HAVE USER FILL OUT DIFFERENT INFORMATION
          -- return table 1
          SELECT 'UserExists' AS 'STATUS'
          END
          ELSE
          BEGIN
          -- USER DOES NOT EXIST YOU CAN CONTINUE CREATING NEW USER
          -- return table 1
          SELECT 'NoUserExisted' AS 'STATUS'
          -- insert new user information into table
          INSERT INTO App_Users ( UserName, UserPassword, UserEmail ) VALUES ( @UserName, @UserPassword, @UserEmail )
          END
          GO
          [/code]

          C# ASP.NET 2.0 CODE
          Assuming you already have these items below here is the code behind page:
          1. Three textbox server controls and a button on the page with the OnClick event equal to btnSignIn_Click
          2. Downloaded SQL Helper from Microsoft (I can provide this if needed)
          3. You have a connection string declared in your web.config

          [code=cpp]
          public DataSet App_Users_SignU pUserMethod(str ing userName, string userPassword, string userEmail)
          {
          DataSet ds = new DataSet();


          try
          {
          // this sets up connection string from web.config file
          // in order for the configuration manager to display, you
          // must declare using System.Configur ation namespace at top of page
          string strMyConnection String = ConfigurationMa nager.Connectio nStrings["MY_DB_CONN "].ConnectionStri ng;

          // this sqlhelper saves lots of time
          ds = SqlHelper.Execu teDataset(strMy ConnectionStrin g, "App_Users_Sign UpUser", userName, userPassword, userEmail);
          }
          catch (Exception ex)
          {
          throw new Exception(ex.Me ssage);
          }

          return ds;
          }

          protected void btnSignIn_Click (object sender, EventArgs e)
          {
          string userName = txtUserName.Tex t.Trim(); string userPassword = txtUserPassword .Text.Trim();st ring userEmail = txtUserEmail.Te xt.Trim();

          DataSet ds;
          ds = App_Users_SignU pUserMethod(use rName, userPassword, userEmail);

          // this STATUS is what is returned from the stored procedure
          string status = ds.Tables[0].Rows[0]["STATUS"].ToString();

          // now we want to specify what we are doing next depending
          // on what status was returned from the database
          try
          {
          switch (status)
          { case "NoUserExisted" :
          // now you can write your method here for next step
          // maybe you want to redirect them to thank you page
          // note: this information has been inserted
          // into the database because the user did not exist

          case "UserExists ":
          // now because a user exists with this information
          // you may want to let them know in a label server control
          lblMessage.Visi ble = true;
          // in order for color.red to show, you must declare
          // using System.Drawing namespace at top of page
          lblMessage.Fore Color = Color.Red;
          lblMessage.Text = "User Name / Email Already Exists";
          break;
          }
          }
          catch (Exception ex)
          {
          throw new Exception(ex.Me ssage);
          }
          }
          [/code]
          SHORT ENDING
          Please remember every developer has their own style of coding. So once you find yours, you will be able to accomplish anything you set your mind to and be able to do it in your own way. This example is simply how we would have written it quickly. Also, of course I don't recommend using raw text for passwords stored in database neither so you may want to look into Rijndael Encryption Methods to encrypt the users passwords.

          ALSO, IF YOU WANT AN EXAMPLE ON FORMS AUTHENTICATION WE MAY WANT TO TYPE IT UP IN A DIFFERENT THREAD.
          Last edited by Frinavale; Nov 20 '07, 07:14 PM. Reason: Added [code] tags

            Comment

            • Frinavale
              Recognized Expert Expert
              • Oct 2006
              • 9749
              #4
              Originally posted by aaronsandoval
              There are many ways to approach this scenario and accomplish what you are trying to write. The above sample code posted by shweta123 is a nice example but I do recommend a little different road to take.

              This example above uses in-line SQL statements, one major mistake if you want to become victim of SQL injection attacks. But it really just depends on how secure and "code tight" you want your application. In the beginning, I think every developer used in-line SQL but as we continue to learn from others and keep an open mind every developer I know uses stored procedures to accomplish these types of tasks.

              I am ...
              Way to go Aaronsandoval!
              Your response was very impressive.
              Thanks

              -Frinny

                Comment

                • shilpareddy2787
                  New Member
                  • Nov 2007
                  • 11
                  #5
                  Thank you for your help.it is very helpful for me.

                    Comment

                    Previous template Next
                    Working...