|
ASP.NET 1.0 and 1.1 Basics ASP.NET discussion for users new to coding in ASP.NET 1.0 or 1.1. NOT for the older "classic" ASP 3 or the newer ASP.NET 2.0. |
Welcome to the p2p.wrox.com Forums.
You are currently viewing the ASP.NET 1.0 and 1.1 Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
|
|
|
November 4th, 2003, 07:06 PM
|
Authorized User
|
|
Join Date: Oct 2003
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
ASPX role authentication
Ok, as my previous message alluded, I am looking for .NET authentication, which I found. To further the project, I am looking to have role-based authentication so I can assign security levels against a database. I found an extensive tutorial on Microsoft's website, and it almost works, but for the chunk of code below. I print the value in the immediate window and the UID and PASS check out (I populated the database myself, so I know it's spelled right). retVal still returns False. Also, when I print dr.Item("PASS") in debug mode, it returns an error, but prints "thepassword with the double quotes in front of the string but not after. Any thoughts?
Function ValidateUser(ByVal uid As String, ByVal passwd As String) As Boolean
Dim cnn As SqlConnection
Dim cmd As SqlCommand
Dim dr As SqlDataReader
Dim retVal As Boolean = False
cnn = New SqlConnection("server=localhost;uid=XX;pwd=XXXXX;d atabase=XXXXX;")
cmd = New SqlCommand("Select * from AUTHENTICATION where userid = '" & uid & "'", cnn)
cnn.Open()
dr = cmd.ExecuteReader()
While (dr.Read())
If StrComp(dr.Item("PASS"), passwd, 1) = 0 Then
retVal = True
End If
End While
cnn.Close()
ValidateUser = retVal
End Function
|
November 5th, 2003, 10:46 AM
|
|
Friend of Wrox
|
|
Join Date: Aug 2003
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
|
|
May I suggest a few alterations/suggestions to your code?
Function ValidateUser(ByVal uid As String, ByVal passwd As String) As Boolean
Dim cnn As SqlConnection
Dim cmd As SqlCommand
<s>Dim dr As SqlDataReader</s>
Dim retVal As Boolean = False
cnn = New SqlConnection("server=localhost;uid=XX;pwd=XXXXX;d atabase=XXXXX;")
<s>cmd = New SqlCommand("Select * from AUTHENTICATION where userid = '" & uid & "'", cnn)</s>
cmd = New SqlCommand("Select Count(userid) from AUTHENTICATION where userid = @uid And pass = @passwd", cnn)
cmd.Parameters.Add("@uid", uid)
cmd.Parameters.Add("@passwd", passwd)
cnn.Open()
<s>dr = cmd.ExecuteReader()
While (dr.Read())
If StrComp(dr.Item("PASS"), passwd, 1) = 0 Then
retVal = True
End If
End While</s>
If CType(cmd.ExecuteScalar(), Integer) = 1 Then
retVal = True
End If
cnn.Close()
<s>ValidateUser = retVal</s>
Return retVal
End Function
- By using SqlParameters you can make your SQL statement more readable, and you don't have to deal with excaping the special SQL characters (' -> '').
- You should always try to avoid selecting all columns particularly when you know exactly what you need.
- Don't bother with the password test in the code, just let SQL handle it, then just check for a user count.
- Use the Return keyword to return a value from a function.
Peter
----------------------------------------
Work smarter, not harder.
|
November 5th, 2003, 11:30 AM
|
Authorized User
|
|
Join Date: Oct 2003
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Many thanks, Peter, that worked spectacularly! If have time, and you know, why did the string comparison keep evaluating false for dr.Item---->passwd? Just for curiosity sake.
Again, Thanks!
Steve
|
November 5th, 2003, 11:48 AM
|
|
Friend of Wrox
|
|
Join Date: Aug 2003
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
|
|
Good question. Your comparison looks ok.
One thing I try to do when I create a new .Net project is remove Microsoft.VisualBasic from the default imports of the project. That way I catch myself using old VB syntax. I am trying to get off the VB syntax and standardize on framework syntax. I can't say whether one is more optimized than the other, but I figure I should try to stick to framework syntax as much as possible. Only reason I mention this is because StrComp is VB specific.
Peter
------------------------------------------------------
Work smarter, not harder.
|
|
|