Wrox Programmer Forums
|
ASP.NET 1.0 and 1.1 Basics ASP.NET discussion for users new to coding in ASP.NET 1.0 or 1.1. NOT for the older "classic" ASP 3 or the newer ASP.NET 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 1.0 and 1.1 Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old November 4th, 2003, 07:06 PM
Authorized User
 
Join Date: Oct 2003
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default ASPX role authentication

Ok, as my previous message alluded, I am looking for .NET authentication, which I found. To further the project, I am looking to have role-based authentication so I can assign security levels against a database. I found an extensive tutorial on Microsoft's website, and it almost works, but for the chunk of code below. I print the value in the immediate window and the UID and PASS check out (I populated the database myself, so I know it's spelled right). retVal still returns False. Also, when I print dr.Item("PASS") in debug mode, it returns an error, but prints "thepassword with the double quotes in front of the string but not after. Any thoughts?

    Function ValidateUser(ByVal uid As String, ByVal passwd As String) As Boolean
        Dim cnn As SqlConnection
        Dim cmd As SqlCommand
        Dim dr As SqlDataReader
        Dim retVal As Boolean = False
        cnn = New SqlConnection("server=localhost;uid=XX;pwd=XXXXX;d atabase=XXXXX;")
        cmd = New SqlCommand("Select * from AUTHENTICATION where userid = '" & uid & "'", cnn)
        cnn.Open()
        dr = cmd.ExecuteReader()
        While (dr.Read())
            If StrComp(dr.Item("PASS"), passwd, 1) = 0 Then
                retVal = True
            End If
        End While
        cnn.Close()
        ValidateUser = retVal
    End Function

 
Old November 5th, 2003, 10:46 AM
planoie's Avatar
Friend of Wrox
 
Join Date: Aug 2003
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

May I suggest a few alterations/suggestions to your code?

    Function ValidateUser(ByVal uid As String, ByVal passwd As String) As Boolean
        Dim cnn As SqlConnection
        Dim cmd As SqlCommand
        <s>Dim dr As SqlDataReader</s>
        Dim retVal As Boolean = False
        cnn = New SqlConnection("server=localhost;uid=XX;pwd=XXXXX;d atabase=XXXXX;")
        <s>cmd = New SqlCommand("Select * from AUTHENTICATION where userid = '" & uid & "'", cnn)</s>
        cmd = New SqlCommand("Select Count(userid) from AUTHENTICATION where userid = @uid And pass = @passwd", cnn)
        cmd.Parameters.Add("@uid", uid)
        cmd.Parameters.Add("@passwd", passwd)
        cnn.Open()
        <s>dr = cmd.ExecuteReader()
        While (dr.Read())
            If StrComp(dr.Item("PASS"), passwd, 1) = 0 Then
                retVal = True
            End If
        End While</s>
        If CType(cmd.ExecuteScalar(), Integer) = 1 Then
            retVal = True
        End If
        cnn.Close()
        <s>ValidateUser = retVal</s>
        Return retVal
    End Function

- By using SqlParameters you can make your SQL statement more readable, and you don't have to deal with excaping the special SQL characters (' -> '').
- You should always try to avoid selecting all columns particularly when you know exactly what you need.
- Don't bother with the password test in the code, just let SQL handle it, then just check for a user count.
- Use the Return keyword to return a value from a function.

Peter
----------------------------------------
Work smarter, not harder.
 
Old November 5th, 2003, 11:30 AM
Authorized User
 
Join Date: Oct 2003
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Many thanks, Peter, that worked spectacularly! If have time, and you know, why did the string comparison keep evaluating false for dr.Item---->passwd? Just for curiosity sake.

Again, Thanks!
Steve

 
Old November 5th, 2003, 11:48 AM
planoie's Avatar
Friend of Wrox
 
Join Date: Aug 2003
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

Good question. Your comparison looks ok.

One thing I try to do when I create a new .Net project is remove Microsoft.VisualBasic from the default imports of the project. That way I catch myself using old VB syntax. I am trying to get off the VB syntax and standardize on framework syntax. I can't say whether one is more optimized than the other, but I figure I should try to stick to framework syntax as much as possible. Only reason I mention this is because StrComp is VB specific.

Peter
------------------------------------------------------
Work smarter, not harder.





Similar Threads
Thread Thread Starter Forum Replies Last Post
Why can't open the Role.aspx? allanhu BOOK: ASP.NET Website Programming Problem-Design-Solution 1 November 13th, 2004 10:59 PM
Authentication and Role-Based Security swandown ASP.NET 1.0 and 1.1 Basics 0 October 11th, 2004 04:07 PM
Authentication in ASPX(VB .NET) CFerthorney ASP.NET 1.0 and 1.1 Professional 5 September 9th, 2003 10:58 AM
SQL authentication is ASPX application saint SQL Server ASP 11 June 14th, 2003 04:19 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.