Categories: MSDN / DotNet / Java / Scripts / Linux / PHP Ask - La ask - La Answer
Programmers Tech >> Developer Tech >> Database

Database Connection/User Authentication

I have been working on an ASP page (with VB Background) that is a basic user login page. It is being run on our Intranet within my organization, however, it's not working. Can anyone provide some suggestions?

I've included the code for the .aspx page and for the code behind on the "Login" button.

Front end:
%@ Page Language="vb" AutoEventWireup="false" Codebehind="login.aspx.vb" Inherits="PIF_VB.login" %>
<HTML>
<HEAD>
<title>Login</title>
<meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" content="Visual Basic .NET 7.1">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body bgColor="#cccccc" MS_POSITIONING="GridLayout">
<form id="Form1" method="post" runat="server">
<asp:textbox id="UserName" style="Z-INDEX: 101; LEFT: 200px; POSITION: absolute; TOP: 104px"
runat="server" Width="152px"></asp:textbox><asp:label id="Label1" style="Z-INDEX: 102; LEFT: 112px; POSITION: absolute; TOP: 112px" runat="server"
Width="82px" Font-Bold="True">User Name:</asp:label><asp:label id="Label2" style="Z-INDEX: 103; LEFT: 128px; POSITION: absolute; TOP: 152px" runat="server"
Width="64px" Font-Bold="True">Password:</asp:label><INPUT runat="server" style="Z-INDEX: 104; LEFT: 248px; POSITION: absolute; TOP: 184px"
type="submit" value="Login" id="Submit1" name="Submit1"><INPUT style="Z-INDEX: 105; LEFT: 200px; WIDTH: 152px; POSITION: absolute; TOP: 144px; HEIGHT: 24px"
type="password" size="20" id="password">

Backend on Login Button Click:

Private Sub Submit1_ServerClick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Submit1.ServerClick

Dim cn As New System.Data.SqlClient.SqlConnection("PROVIDER=SQLOLEDB;DATA SOURCE=themisto;UID=acadia_pif;PWD=pi32fs;DATABASE=AHOSP_PIF")

'here is where you will put the code to go after the login info
Try
'build a command from the connection
Dim cmd As New SqlClient.SqlCommand
cmd.Connection = cn
cmd.Parameters.Add("@username", System.Data.SqlDbType.Text, 80)
cmd.Parameters.Add("@password", System.Data.SqlDbType.Text, 80)
cmd.Parameters("@username").Value = UserName.Text
cmd.Parameters("@password").Value = password.Text
cmd.CommandText = "Select count(*) from AHOSP_Users where user_id=@username and password=@password"
'open the connection (execute scalar may do this for you)
cn.Open()
'return the number of records that match the credentials!
Dim cnt As Integer = cmd.ExecuteScalar

If cnt > 0 Then
'you found a match
'so go to the application pages!

'lblmsg.Text = "Congrats!"
'lblmsg.Visible = True
Response.Redirect("tab.aspx")
Else
'you didn't so give them a message
lblmsg.Text = "That username and password combination is not valid. Please try again."
lblmsg.Visible = True
End If

Catch ex As Exception

Finally
'be sure to dispose of the connection
cn.Dispose()
End Try
End Sub


End Class

If anyone can save my life, I'd truly appreciate it. Thanks!
[3877 byte] By [kateel] at [2007-11-11 8:33:44]
«« Using Validator with Resource Bundles
»» OCR-Like Apps
# 1 Re: Database Connection/User Authentication
Whats the error?
sremiger at 2007-11-11 23:47:00 >
# 2 Re: Database Connection/User Authentication
That's the weird thing, there's no error. When I click the login button, the page just refreshes to the login page.
kateel at 2007-11-11 23:48:08 >
# 3 Re: Database Connection/User Authentication
Have you set up

<authentication mode="Forms"/>

in your Web.Config file?

Or, if you want to make things even easier and you're set up on your local network with a Domain, you can use Active Directory to automatically validate users with:

<authentication mode="Windows"/>

If you must have users log in using the login form you created, vs. using the web browser's ugly popup login box, it's easiest to go with Forms authentication.

For details, see http://www.developer.com/net/asp/article.php/3299111

and

http://www.developer.com/net/asp/article.php/2170361

There is information there on Forms authentication using either the web.config file, or a database, for storing names and users to check against.

Whichever way you choose to store credentials, with Forms authentication, I'd look into either Encrypting, or at least Hashing, the password values before storing them. So you never look at the password; when the user enters his password, you Hash (or Encrypt) it and check the Hashed (or Encrypted) value against the Hash (or Encrypted value) stored on the server. It's pretty easy to do this with .NET, Hashing and Encryption are built in.

HTH,

-Andrew
Andrew Cushen at 2007-11-11 23:49:06 >
# 4 Re: Database Connection/User Authentication
Take out the try catch block to reveal any errors - or write a response.write ex.message/tostring in the catch block.

You don't need the PROVIDER= part of your connection string - you need this for oledb connections but not for a sqlclient connection - Not sure if this would cause an error though. Also, I use "Initial Catalog=" rather than "DATABASE="

Are you using ASP.NET 2.0? - If so you should look at the built in membership providers. As Andrew posted, you should hash users passwords for extra security - ASP.NET 2.0 will do this for you.
Wiseman82 at 2007-11-11 23:50:06 >
Developer Tech
Database

Developer Tech

All Classified

Developer Tech New Topic

Developer Tech Hot Topic