|
Subject:
|
Forms-based authentication using database
|
|
Posted By:
|
chanchoth
|
Post Date:
|
9/18/2006 1:10:22 AM
|
Hi,
I want to autheticate my user with SQL database before they can go to the admin site.
I have the following script callled login.aspx.
<%@ Page Language="C#" Debug="true" %>
<%@ import Namespace="System.Web.Security" %>
<%@ import Namespace="System.Data" %>
<%@ import Namespace="System.Data.SqlClient" %>
<script runat="server">
void btnLogin_Click(Object sender, EventArgs e) {
string connectionString = "server=\'ASKHPNHLT0001\'; user id=\'sa\'; password=\'AspDotNet\'; database=\'Student\'";
System.Data.IDbConnection dbConnection = new System.Data.SqlClient.SqlConnection(connectionString);
string queryString = "SELECT Password FROM tblAuthentication WHERE UserName= '" + txtUserName.Text + "'";
System.Data.IDbCommand dbCommand = new System.Data.SqlClient.SqlCommand();
dbCommand.CommandText = queryString;
dbCommand.Connection = dbConnection;
dbConnection.Open();
System.Data.IDataReader dataReader = dbCommand.ExecuteReader(System.Data.CommandBehavior.CloseConnection);
if (dataReader.Read())
{
//Response.Write("The password is " + txtPassword.Text + "<br />");
//Response.Write("The password from DataReader is " + dataReader["Password"].ToString());
if (dataReader["Password"].ToString() == txtPassword.Text)
{
Msg.Text="Congratulations! You can access this site."; //It never falls under this condition even though it has the correct username and password. Please advice.
}
else
{
Msg.Text="Invalid Password.";
}
}
else
{
Msg.Text="Login name not found.";
dataReader.Close();
}
}
</script>
<html>
<head>
<title>Login</title> <style type="text/css">.style1 {
FONT-WEIGHT: bold; COLOR: #ffffff
}
</style>
</head>
<body>
<form runat="server">
<table bordercolor="#0000ff" width="300" align="center" border="1">
<tbody>
<tr>
<td bgcolor="#000099">
<div class="style1" align="center">
<div align="center">Corporate Software Authentication
</div>
</div>
</td>
</tr>
<tr>
<td>
<table width="300" border="0">
<tbody>
<tr>
<td width="116">
User Name</td>
<td width="10">
:</td>
<td width="160">
<asp:TextBox id="txtUserName" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td width="116">
Password</td>
<td width="10">
:</td>
<td width="160">
<asp:TextBox id="txtPassword" runat="server" TextMode="Password"></asp:TextBox>
</td>
</tr>
<tr>
<td>
</td>
<td>
</td>
<td>
<asp:Button id="btnLogin" onclick="btnLogin_Click" runat="server" Text="Login"></asp:Button>
</td>
</tr>
</tbody>
</table>
<div>
<div align="center"><asp:Label id="Msg" runat="server"></asp:Label>
</div>
</div>
</td>
</tr>
<tr>
<td valign="center" align="middle" bgcolor="#000099">
<div class="style1" align="center">
<div align="center">Copyright by Plan International Cambodia
</div>
</div>
</td>
</tr>
</tbody>
</table>
</form>
</body>
</html>
For web.config I have:
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="login.aspx" protection="Validation" timeout="60" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</configuration>
And my database structure is as following:
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[tblAuthentication]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[tblAuthentication]
GO
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[tblStudent]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[tblStudent]
GO
CREATE TABLE [dbo].[tblAuthentication] (
[UserName] [char] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[Password] [char] (25) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [dbo].[tblStudent] (
[ID] [int] IDENTITY (1, 1) NOT FOR REPLICATION NOT NULL ,
[Name] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[Sex] [char] (1) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
[DOB] [datetime] NULL
) ON [PRIMARY]
GO
Even I enter to my form with the correct username and password, it always say that "Invalid Password.". Could you please kindly advice me on how could I make this authentication works?
Many thanks,
Chanchoth
|
|
