Hi all
iam developing a login page in asp.net 
I want to check the password and username in the table 
if proper user then set the session and go further
and if login is not proper itshould remain in the same page
what way i can do it 
normally in asp we used to do Recordset.RecordCount>0 then
login is proper else login fails
how can it do this in asp.net 
Please help me out


-------------------------------------------------
Sify Mail - now with Anti-virus protection powered by Trend Micro, USA.
Know more at http://mail.sify.com

Take the shortest route to success! 
Click here to know how http://education.sify.com

You can do something like this:

Dim objConnect As New OleDbConnection("your connect string")
Dim objDataReader As System.Data.OleDb.OleDbDataReader
Dim strSQL As String = "SELECT * from <yourtable> WHERE Login='" _
   & txtLogin.Value & "' AND Password='" & txtPwd.Value & "'"
'assumes your input fields are called txtLogin and txtPwd

Try
   objConnect.Open()
   Dim objCommand As New OleDbCommand(strSQL, objConnect)
   objDataReader = objCommand.ExecuteReader()
   'if we get a row back, user is authenticated
   If objDataReader.Read() Then
      blnIsAuthenticated = True
   End If
   objDataReader.Close()
   objConnect.Close()
   Catch objError As Exception
     <display error details>
      Exit Sub
End Try
If blnIsAuthenticated Then
   Session("IsValid") = True
   FormsAuthentication.RedirectFromLoginPage(txtLogin.Value, False)	
   'will redirect from your login page specified in your web.config file
   'to your "good" page (default.aspx)
Else
   <some message saying invalid login but user stays on login page>
End If

That came out of a book I had when I first started.  There are, what I 
think, faster and better ways to do it but that should give you a start.
Jim

> Hi all
iam developing a login page in asp.net 
I want to check the password and username in the table 
if proper user then set the session and go further
and if login is not proper itshould remain in the same page
what way i can do it 
normally in asp we used to do Recordset.RecordCount>0 then
login is proper else login fails
how can it do this in asp.net 
Please help me out


-------------------------------------------------
Sify Mail - now with Anti-virus protection powered by Trend Micro, USA.
Know more at http://mail.sify.com

Take the shortest route to success! 
Click here to know how http://education.sify.com

Jim -

Thanks for your post. I am learning about logins and registration pages 
and it helps me quite a bit.

I have a couple of questions, though.

1) In the Catch section, where does 'Exit Sub' come from? Where did you 
begin this Sub?

2) Can you explain this line please?

FormsAuthentication.RedirectFromLoginPage(txtLogin.Value, False)

What are the two parameters doing?

Thanx,
Dan

Hi Dan.
1) The "Exit Sub" under the "Catch objError As Exception" simply tells it 
to stop executing the subroutine.  For example, if you had a routine as:
Sub Check_Login(ByVal objSender As Object, ByVal objArgs As EventArgs)
   "my previous code here"
End Sub
the code would keep executing past the "Catch objError As Exception". 
What I'm simply telling it to do is to <handle my error> ie..maybe 
display a message...and then stop so it doesn't execute code below that 
line.
2) If you look in your web.config file, you'll find an area dealing 
with "authentication".  The comments above that area tell you that it can 
be "windows", "forms", "passport", and "none".  It also has 
an "authorization" area.
I use "forms" authentication so my web.config has a line such as:
<authentication mode="Forms">		
<forms name="credit" path="/" loginUrl="default.aspx" protection="All"  
timeout="30" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
I am telling my solution/project to use mode "forms" and that after it 
authenticates via my login page, it is to redirect to "default.aspx".
Then I tell my authorization to deny all users until they are 
authenticated.
The line FormsAuthentication.RedirectFromLoginPage(txtLogin.Value, False) 
simply tells it to redirect to my "loginURL" specified in my web.config 
file (which as you can see above is "default.aspx").  
The parameter "txtLogin.Value" is the authenticated users login name.  
Since we are using a form and probably an input stmt, it would be 
something like <input id=txtLogin blah>, therefore to get the text they 
typed in, I would use txtLogin.value.
The 2nd paramater "False" simply tells it I don't want a "persistent" 
cookie.  That means, once the browser is shut down, the user will have to 
login again.  If you make it TRUE, then if you shut down the browser, 
open it up again (if the cookie hasn't expired) it will take you 
automatically into your application without logging in.....which I 
consider a security breach because someone could hop on the computer 
after you are gone and simply go into the application using your 
authentication and authorization by reopening Internet Explorer.  By 
making it False, once the browser is shut down, if the browser is 
reopned, they cannot get into the application without logging in.
-Jim



> Jim -

> Thanks for your post. I am learning about logins and registration pages 
a> nd it helps me quite a bit.

> I have a couple of questions, though.

> 1) In the Catch section, where does 'Exit Sub' come from? Where did you 
b> egin this Sub?

> 2) Can you explain this line please?

> FormsAuthentication.RedirectFromLoginPage(txtLogin.Value, False)

> What are the two parameters doing?

> Thanx,
D> an

Sheesh...sorry Dan but I gave you partially wrong information.  In the 
web.config file the "loginURL" refers to the virtual path of the login 
page!!!  That means, it should be something like 
loginURL="mylogin.aspx".  That means that whenever someone tries to 
access part of your solution/application, they will be taken to that url 
where they login.  Once they login, 
the "FormsAuthentication.RedirectFromLoginPage(txtLogin.Value, False)" 
line takes them to "default.aspx".  NET defaults to "default.aspx" as the 
page it goes to after verifying login.
I'm sorry about that...hope I didn't confuse you...but it's been a long 
day....lol
In my applications, I normally prefer to use "UserControls" so I have 
an "ascx" page in the left frame that shows a little login form OR a menu 
(depending upon whether they have been authenticated or not).  So, what 
I'm saying is, I normally use the "default.aspx" page as my login page.
That means, in my code, I do something like this:
Private Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) 
Handles MyBase.Load
  If User.Identity.IsAuthenticated = False Then
     LeftPane.Controls.Add(Page.LoadControl("Authenticate/login.ascx"))
  Else
     LeftPane.Controls.Add(Page.LoadControl("menu.ascx"))
  End If
End Sub
You don't have to do it that way...you can have a completely different 
aspx page be your login page...just make sure the virtual url is 
specified in the web.config file in the "loginURL=" line of the 
<authentication>
I'm sorry for misinforming you but like I said, it's been a long day.
-Jim



-Jim

> Hi Dan.
1> ) The "Exit Sub" under the "Catch objError As Exception" simply tells 
it 
t> o stop executing the subroutine.  For example, if you had a routine as:
S> ub Check_Login(ByVal objSender As Object, ByVal objArgs As EventArgs)
 >   "my previous code here"
E> nd Sub
t> he code would keep executing past the "Catch objError As Exception". 
W> hat I'm simply telling it to do is to <handle my error> ie..maybe 
d> isplay a message...and then stop so it doesn't execute code below that 
l> ine.
2> ) If you look in your web.config file, you'll find an area dealing 
w> ith "authentication".  The comments above that area tell you that it 
can 
b> e "windows", "forms", "passport", and "none".  It also has 
a> n "authorization" area.
I>  use "forms" authentication so my web.config has a line such as:
<> authentication mode="Forms">		
<> forms name="credit" path="/" loginUrl="default.aspx" protection="All"  
t> imeout="30" />
<> /authentication>
<> authorization>
<> deny users="?" />
<> /authorization>
I>  am telling my solution/project to use mode "forms" and that after it 
a> uthenticates via my login page, it is to redirect to "default.aspx".
T> hen I tell my authorization to deny all users until they are 
a> uthenticated.
T> he line FormsAuthentication.RedirectFromLoginPage(txtLogin.Value, 
False) 
s> imply tells it to redirect to my "loginURL" specified in my web.config 
f> ile (which as you can see above is "default.aspx").  
T> he parameter "txtLogin.Value" is the authenticated users login name.  
S> ince we are using a form and probably an input stmt, it would be 
s> omething like <input id=txtLogin blah>, therefore to get the text they 
t> yped in, I would use txtLogin.value.
T> he 2nd paramater "False" simply tells it I don't want a "persistent" 
c> ookie.  That means, once the browser is shut down, the user will have 
to 
l> ogin again.  If you make it TRUE, then if you shut down the browser, 
o> pen it up again (if the cookie hasn't expired) it will take you 
a> utomatically into your application without logging in.....which I 
c> onsider a security breach because someone could hop on the computer 
a> fter you are gone and simply go into the application using your 
a> uthentication and authorization by reopening Internet Explorer.  By 
m> aking it False, once the browser is shut down, if the browser is 
r> eopned, they cannot get into the application without logging in.
-> Jim

> 

> > Jim -

> > Thanks for your post. I am learning about logins and registration 
pages 
a> > nd it helps me quite a bit.

> > I have a couple of questions, though.

> > 1) In the Catch section, where does 'Exit Sub' come from? Where did 
you 
b> > egin this Sub?

> > 2) Can you explain this line please?

> > FormsAuthentication.RedirectFromLoginPage(txtLogin.Value, False)

> > What are the two parameters doing?

> > Thanx,
D> > an