Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Basics
Password Reminder
Register
| FAQ | Members List | Search | Today's Posts | Mark Forums Read
ASP.NET 2.0 Basics If you are new to ASP or ASP.NET programming with version 2.0, this is the forum to begin asking questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Basics section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old August 18th, 2006, 12:15 AM
Registered User
 
Join Date: Aug 2006
Location: Philadelphia, PA, USA.
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to AndyC5279
Default Please Help! Login page

Hi there

i am new to asp.net, i have a little problem that i can't figure out, could anyone help?

i am using asp.net, SQL server 05, and C#.

i am trying to build a sample custom login page, will ask user to enter a username and password to login, and i want to get "that" user's ID and UserRole so i can save user profile and redirect that user to a specific page. assuming i have a database table name Users and attribute are ID, username, password, userrole.

please help!!!

thank you.:)



Andy Chiu
Reply With Quote
  #2 (permalink)  
Old August 18th, 2006, 01:10 AM
Friend of Wrox
 
Join Date: Feb 2006
Location: , , USA.
Posts: 116
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Andy. I might be able to help.

I am not quite sure what you mean by a "custom" login page, but typically you will want to use the asp.net login control, forms authentication, and either a SqlMembershipProvider or an ActiveDirectoryMembershipProvider. To capture the logged in username you can use Server.HtmlEncode(User.Identity.Name).

Your web.config is where you would typically configure the membership provider, something like this:

Code:
<system.web>
       <authentication mode="Forms">
            <forms 
                loginUrl="~Login.aspx" 
                defaultUrl="~Default.aspx" 
                name=".AuthCookie" 
                timeout="30"/>
        </authentication>
       <membership defaultProvider="MyADMembershipProvider">
            <providers>
                <add 
                     name="MyADMembershipProvider"
                     type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                     connectionStringName="ADConnectionString"
                     connectionUsername="[your username here]" 
                     connectionPassword="[your password here]" connectionProtection="Secure" 
                     attributeMapUsername="sAMAccountName" />
            </providers>
        </membership>
</system.web>
You could also skip using a provider and hard code the usernames and passwords right into the web.config. What type are you planning to use?

Also if you need to redirect to a different page depending upon who logs in I think you would need to handle the login controls LoggedIn event which occurs after the user is authenticated.

Neil

Neil Timmerman
Programmer II
School of Medicine
University of Missouri Columbia
Reply With Quote
  #3 (permalink)  
Old August 18th, 2006, 11:53 AM
Registered User
 
Join Date: Aug 2006
Location: Philadelphia, PA, USA.
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to AndyC5279
Default

Thank you Neil,

i don't want to use Membership api, i am trying to hardcode it. i have a default.aspx page, with 2 textbox 1 for username and 1 for password, and 1 submit button, when the user click submit button after enter username and password, i want to check if username and password match on my database table, if it match, i want to check "that" user's UserID, userType, and role, so i can redirect the user to the page where he/she belong base on UserType, and send he/she a cookie with role field's value. assuming i have a database table, attributes are UserID, UserName, Password, UserType, Role.

Thank you again Neil

Andy Chiu
Reply With Quote
  #4 (permalink)  
Old August 18th, 2006, 11:59 AM
Registered User
 
Join Date: Aug 2006
Location: Philadelphia, PA, USA.
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to AndyC5279
Default

Hi Neil,

its me again, i think i have to use ado.net, Dataset and use datarow to store a row, so i can check each field, but i keep trying, and it dont work. thanks again!

Andy

Andy Chiu
Reply With Quote
  #5 (permalink)  
Old August 22nd, 2006, 12:49 AM
Friend of Wrox
 
Join Date: Feb 2006
Location: , , USA.
Posts: 116
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Andy, sorry it's been a few days since I've checked back to this forum.

Ok, so I assume you know that you don't have to develop this yourself and that using the SqlMembershipProvider, the asp.net login control, and a sql server database you can get this functionality without writing any code.

That being said, it sounds like you have your reasons and that you want to use your own users and roles tables. As it turns out I have to do this next week myself with an old project I am upgrading. Though I haven't used this solution yet, it sounds like we both need to implement a custom MembershipProvider.

A few seconds of googling pulled up what looks to be a decent article on this topic:

http://www.15seconds.com/issue/050216.htm

Also, this is on Microsofts "Channel 9" and has some type of video.

http://channel9.msdn.com/ShowPost.aspx?PostID=180276

Let me know how this goes because like I said, I have to do this exact same thing next week and I would be curious if there are any snags along the way.

Neil

Neil Timmerman
Programmer II
School of Medicine
University of Missouri Columbia
Reply With Quote
  #6 (permalink)  
Old August 22nd, 2006, 11:15 PM
Registered User
 
Join Date: Aug 2006
Location: Philadelphia, PA, USA.
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to AndyC5279
Default

Hi Neil,

its me again,thank you for reply. well i am from philly and i just graduated from college 2 months ago, my major is computer science, i have study java for the first 4 years of my college, but i found out that i like to play around with ASP.NET starting the beginning of my senior year, and i know it is something i really want to do, so i have been stay home for the past year, read couple books about asp.net and try out some examples using C#, its pretty fun. but this problem seems like i really wanna solve, i have been trying for 2 weeks, but seems go nowhere.

assuming i have a datatable name Users, and fields are UserID, UserName, Password, UserType,and UserRole. all the datas are pre install, so this won't allowed user to register, means this web application is for some company internal use only.

on my default.aspx page, i have 2 textbox,1 for UserName, and 1 for Password, and i have a buttom the user can click after user enter something, in the buttom_click event handler, i have 2 thing need to take care, 1) check if this user's userName and Password match in the database. 2) if it does, what is that user's userType? if that user's userType = 1, redirect that user to main.aspx, userType = 2, redirect that user to General.aspx.
from what i had learn the pass couple day is that i have to use ado.net's dataset, and use datacolumn and datarow from dataset, so when i say [select UserType from Users where UserName = " + UserName.text + " AND Password = " + Password.text]. when the UserType return, i can parse UserType object back to string, then i can compare UserType's value, then i can redirect the user to a specific page. but seems like i keep getting confuse, so i will spend more time on it and let you know see what i get by this weekend. thank you Neil.:)

Andy

Andy Chiu
Reply With Quote
  #7 (permalink)  
Old August 31st, 2006, 09:02 PM
Authorized User
Points: 333, Level: 6
Points: 333, Level: 6 Points: 333, Level: 6 Points: 333, Level: 6
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Apr 2005
Location: Fresno, California, USA.
Posts: 94
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quick word of advice, use parameters. If you do not have some validation along with the code and your login code has the textboxes for the login and password directly inserted into your login check SQL statement, you will open up a SQL Injection hole.

Reply With Quote
  #8 (permalink)  
Old September 6th, 2006, 11:36 AM
Registered User
 
Join Date: Aug 2006
Location: Philadelphia, PA, USA.
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to AndyC5279
Default

Hi Quick209

so what should i do? i don't want to use membershipprovider, i just want to use functions to hard code the login page. thanks!!!

Andy Chiu
Reply With Quote
  #9 (permalink)  
Old September 8th, 2006, 07:07 PM
Authorized User
Points: 333, Level: 6
Points: 333, Level: 6 Points: 333, Level: 6 Points: 333, Level: 6
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Apr 2005
Location: Fresno, California, USA.
Posts: 94
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Sorry for long taking to reply. Started my online classes and work taking up more time.

Look up how to use parameters. It will help out a lot in covering sql insertion as it checks for that datatype and they cannot be rem'ed or close single ticked out of.
After you find out about parameters, use those to carry your input to the sql server. Here is a quick example.
I build my sqlcommand like
SqlCommand command = new SqlCommand(query, connection);
my query would contain the parameters like so.

Select Count(*) From [User Table] WHERE login = @login AND password = @password

I would tell sql what to use for the parameters like so:

command.Parameters.Add("@password", SqlDbType.NVarChar);

The add above takes in the string of the parameter you are identifying and the datatype. Do the same for the login and then tell it what tp input into the parameter like so.

command.Parameters["@password"].Value = txtpassword.text;

With the above the cannot close out your query with a single tick and make up their own query. If you wish to do it your way then you should put and expression validator out there for each textbox to only accept numbers and letters and nothing else..or eliminate "'" and "-" and quotes too hehe.

If you want secrets on best ways to store passwords, look up salted hash at
http://www.msdn.com

  Of course you will not know the password either but the method makes it extremely hard to crack passwords as any password entered will be hashed and salted and compared to a hashed and salted password for validity but never unhashed.

Reply With Quote
  #10 (permalink)  
Old September 13th, 2006, 06:42 AM
Authorized User
 
Join Date: Sep 2006
Location: Bangalore, Karnataka, India.
Posts: 19
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi,
This page looks like a great conversation. Thanks to the two of you. Membership and logins have multiple options which I have seen now of.

I too dont like to use the controls that are provided. However you could use the controls as a template to start with and then get on to the real hard code of login page. Secondly, the existing control itself can be demoted and made into a template. You can do this by clicking on the shortcut key which looks like > on top right of the control and then choose convert to template option. What this will do is retain the buttons and text boxes, validations etc and make sure you have stuff in a table.

Well thats what I do for a quick re-code!!


Vincent Thomas
Bangalore
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Login Page kumar.deepak1984 JSP Basics 1 May 12th, 2008 06:41 AM
login page abaso.jadhav01 ASP.NET 2.0 Basics 3 February 3rd, 2007 05:05 AM
Login page back to original page pablohoney Classic ASP Basics 1 October 3rd, 2006 07:09 PM
LOGIN PAGE (does not link to the next page) jim.sullivan@telus.net Classic ASP Databases 7 April 5th, 2006 01:28 PM
Newbie Help. Login to unique login page per user Kainan Classic ASP Professional 10 May 3rd, 2005 07:47 AM



All times are GMT -4. The time now is 05:59 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.