Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 1.0 and 1.1 > ASP.NET 1.0 and 1.1 Basics
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
ASP.NET 1.0 and 1.1 Basics ASP.NET discussion for users new to coding in ASP.NET 1.0 or 1.1. NOT for the older "classic" ASP 3 or the newer ASP.NET 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 1.0 and 1.1 Basics section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old November 4th, 2003, 07:06 PM
Authorized User
 
Join Date: Oct 2003
Location: , , .
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default ASPX role authentication

Ok, as my previous message alluded, I am looking for .NET authentication, which I found. To further the project, I am looking to have role-based authentication so I can assign security levels against a database. I found an extensive tutorial on Microsoft's website, and it almost works, but for the chunk of code below. I print the value in the immediate window and the UID and PASS check out (I populated the database myself, so I know it's spelled right). retVal still returns False. Also, when I print dr.Item("PASS") in debug mode, it returns an error, but prints "thepassword with the double quotes in front of the string but not after. Any thoughts?

    Function ValidateUser(ByVal uid As String, ByVal passwd As String) As Boolean
        Dim cnn As SqlConnection
        Dim cmd As SqlCommand
        Dim dr As SqlDataReader
        Dim retVal As Boolean = False
        cnn = New SqlConnection("server=localhost;uid=XX;pwd=XXXXX;d atabase=XXXXX;")
        cmd = New SqlCommand("Select * from AUTHENTICATION where userid = '" & uid & "'", cnn)
        cnn.Open()
        dr = cmd.ExecuteReader()
        While (dr.Read())
            If StrComp(dr.Item("PASS"), passwd, 1) = 0 Then
                retVal = True
            End If
        End While
        cnn.Close()
        ValidateUser = retVal
    End Function

  #2 (permalink)  
Old November 5th, 2003, 10:46 AM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

May I suggest a few alterations/suggestions to your code?

    Function ValidateUser(ByVal uid As String, ByVal passwd As String) As Boolean
        Dim cnn As SqlConnection
        Dim cmd As SqlCommand
        <s>Dim dr As SqlDataReader</s>
        Dim retVal As Boolean = False
        cnn = New SqlConnection("server=localhost;uid=XX;pwd=XXXXX;d atabase=XXXXX;")
        <s>cmd = New SqlCommand("Select * from AUTHENTICATION where userid = '" & uid & "'", cnn)</s>
        cmd = New SqlCommand("Select Count(userid) from AUTHENTICATION where userid = @uid And pass = @passwd", cnn)
        cmd.Parameters.Add("@uid", uid)
        cmd.Parameters.Add("@passwd", passwd)
        cnn.Open()
        <s>dr = cmd.ExecuteReader()
        While (dr.Read())
            If StrComp(dr.Item("PASS"), passwd, 1) = 0 Then
                retVal = True
            End If
        End While</s>
        If CType(cmd.ExecuteScalar(), Integer) = 1 Then
            retVal = True
        End If
        cnn.Close()
        <s>ValidateUser = retVal</s>
        Return retVal
    End Function

- By using SqlParameters you can make your SQL statement more readable, and you don't have to deal with excaping the special SQL characters (' -> '').
- You should always try to avoid selecting all columns particularly when you know exactly what you need.
- Don't bother with the password test in the code, just let SQL handle it, then just check for a user count.
- Use the Return keyword to return a value from a function.

Peter
----------------------------------------
Work smarter, not harder.
  #3 (permalink)  
Old November 5th, 2003, 11:30 AM
Authorized User
 
Join Date: Oct 2003
Location: , , .
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Many thanks, Peter, that worked spectacularly! If have time, and you know, why did the string comparison keep evaluating false for dr.Item---->passwd? Just for curiosity sake.

Again, Thanks!
Steve

  #4 (permalink)  
Old November 5th, 2003, 11:48 AM
planoie's Avatar
Friend of Wrox
Points: 16,481, Level: 55
Points: 16,481, Level: 55 Points: 16,481, Level: 55 Points: 16,481, Level: 55
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Aug 2003
Location: Clifton Park, New York, USA.
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

Good question. Your comparison looks ok.

One thing I try to do when I create a new .Net project is remove Microsoft.VisualBasic from the default imports of the project. That way I catch myself using old VB syntax. I am trying to get off the VB syntax and standardize on framework syntax. I can't say whether one is more optimized than the other, but I figure I should try to stick to framework syntax as much as possible. Only reason I mention this is because StrComp is VB specific.

Peter
------------------------------------------------------
Work smarter, not harder.
 


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why can't open the Role.aspx? allanhu BOOK: ASP.NET Website Programming Problem-Design-Solution 1 November 13th, 2004 10:59 PM
Authentication and Role-Based Security swandown ASP.NET 1.0 and 1.1 Basics 0 October 11th, 2004 04:07 PM
Authentication in ASPX(VB .NET) CFerthorney ASP.NET 1.0 and 1.1 Professional 5 September 9th, 2003 10:58 AM
SQL authentication is ASPX application saint SQL Server ASP 11 June 14th, 2003 04:19 AM



All times are GMT -4. The time now is 02:20 AM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.