2 Replies - 10982 Views - Last Post: 10 February 2011 - 07:11 AM Rate Topic: -----

#1 hacksys   User is offline

  • New D.I.C Head
  • member icon

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 27-December 08

Asp.Net VB User Authentication Against SQL Server

Posted 10 January 2011 - 08:17 AM

Hey guys im in the process of coding a new site using Visual Web Developer 2010 So far this is what i have

Basic ASP.Net Website Built From a New Project.
- Changes I Have made are a custom user registration that stores the user data into a SQL Server 2008 Table.

Registration Markup
<%@ Page Title="Home Page" Language="vb" MasterPageFile="~/Site.Master" AutoEventWireup="false"
    CodeBehind="Register.aspx.vb" Inherits="Custom_Web_Application._Default" %>

<asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent">
    <style type="text/css">
        .style1
        {
            width: 342px;
        }
        .style2
        {
            width: 342px;
            height: 25px;
        }
        .style3
        {
            height: 25px;
        }
    </style>
</asp:Content>
<asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent">
    <h2>
        My ASP.Net Application</h2>

        
            <asp:Wizard ID="Wizard1" runat="server" ActiveStepIndex="0" Width="911px" 
                BackColor="#EFF3FB" BorderColor="#B5C7DE" BorderWidth="1px" 
                Font-Names="Verdana" Font-Size="Medium">
                <HeaderStyle BackColor="#284E98" BorderColor="#EFF3FB" BorderStyle="Solid" 
                    BorderWidth="2px" Font-Bold="True" Font-Size="0.9em" ForeColor="White" 
                    HorizontalAlign="Center" />
                <NavigationButtonStyle BackColor="White" BorderColor="#507CD1" 
                    BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="0.8em" 
                    ForeColor="#284E98" />
                <SideBarButtonStyle BackColor="#507CD1" Font-Names="Verdana" 
                    ForeColor="White" />
                <SideBarStyle BackColor="#507CD1" Font-Size="0.9em" VerticalAlign="Top" />
                <StartNavigationTemplate>
                    <asp:Button ID="StartNextButton" runat="server" CommandName="MoveNext" 
                        Text="Next" />
                </StartNavigationTemplate>
                <StepStyle Font-Size="0.8em" ForeColor="#333333" />
                <WizardSteps>
                    <asp:WizardStep runat="server" Title="User Registration" StepType="Start">
                        <table style="width:100%;">
                            <tr>
                                <td class="style2" align="right">
                                    <asp:Label ID="Label1" runat="server" Text="Email Adress:" Font-Size="Small"></asp:Label>
                                </td>
                                <td class="style3">
                                    <asp:TextBox ID="Email" runat="server" Width="239px"></asp:TextBox>
                                    </td>
                            </tr>
                            <tr>
                                <td class="style1" align="right">
                                    <asp:Label ID="Label2" runat="server" Text="Email Address Confirmation:" 
                                        Font-Size="Small"></asp:Label>
                                </td>
                                <td>
                                    <asp:TextBox ID="Email_Confirm" runat="server" Width="239px"></asp:TextBox>
                                </td>
                            </tr>
                            <tr>
                                <td class="style1" align="right">
                                    <asp:Label ID="Label3" runat="server" Text="Password:" Font-Size="Small"></asp:Label>
                                </td>                                
                                <td>
                                    <asp:TextBox ID="Password" runat="server" Width="239px"></asp:TextBox>
                                </td>
                            </tr>
                            <tr>
                                <td class="style1" align="right">
                                    <asp:Label ID="Label4" runat="server" Text="Password Confirmation:" 
                                        Font-Size="Small"></asp:Label>
                                </td>                                
                                <td>
                                    <asp:TextBox ID="Password_Confirm" runat="server" Width="239px"></asp:TextBox>
                                </td>
                            </tr>
                            <tr>
                                <td class="style1" align="right">
                                    <asp:Label ID="Label5" runat="server" Text="First Name:" Font-Size="Small"></asp:Label>
                                </td>                                
                                <td>
                                    <asp:TextBox ID="FirstName" runat="server" Width="239px"></asp:TextBox>
                                </td>
                            </tr>
                            <tr>
                                <td class="style1" align="right">
                                    <asp:Label ID="Label6" runat="server" Text="Last Name:" Font-Size="Small"></asp:Label>
                                </td>                                
                                <td>
                                    <asp:TextBox ID="LastName" runat="server" Width="239px"></asp:TextBox>
                                </td>
                            </tr>
                            <tr>
                                <td class="style1" align="right">
                                    <asp:Label ID="Label7" runat="server" Text="Date of Birth:" Font-Size="Small"></asp:Label>
                                </td>                                
                                <td>
                                <p>&nbsp;Month:
                                    <asp:DropDownList ID="Month" runat="server" AutoPostBack="True">
                                        <asp:ListItem>1</asp:ListItem>
                                        <asp:ListItem>2</asp:ListItem>
                                        <asp:ListItem>3</asp:ListItem>
                                        <asp:ListItem>4</asp:ListItem>
                                        <asp:ListItem>5</asp:ListItem>
                                        <asp:ListItem>6</asp:ListItem>
                                        <asp:ListItem>7</asp:ListItem>
                                        <asp:ListItem>8</asp:ListItem>
                                        <asp:ListItem>9</asp:ListItem>
                                        <asp:ListItem>10</asp:ListItem>
                                        <asp:ListItem>11</asp:ListItem>
                                        <asp:ListItem>12</asp:ListItem>
                                    </asp:DropDownList>
                                    &nbsp;&nbsp;Day:
                                    <asp:DropDownList ID="Day" runat="server" AutoPostBack="True">
                                    </asp:DropDownList>
                                    &nbsp;&nbsp;Year:
                                    <asp:DropDownList ID="Year" runat="server" AutoPostBack="True">
                                        <asp:ListItem>2011</asp:ListItem>
                                    </asp:DropDownList>
                                </td>
                            </tr>
                        <tr>
                            <td align="right">

                            <asp:Label ID="DOB2" runat="server" Font-Size="Small" Text="Birthday Confirmation:"></asp:Label>
                            
                            </td>
                            <td>
                            
                            <asp:Label ID="DOB" runat="server" Font-Size="Small"></asp:Label>

                            </td>
                        </tr>
                        </table>

                    </asp:WizardStep>
                    <asp:WizardStep runat="server" Title="User Setup" StepType="Step">
                        <table style="width:100%;">
                            <tr>
                                <td align="right" class="style2">
                                    <asp:Label ID="Label8" runat="server" Font-Size="Small" Text="Facebook URL:"></asp:Label>
                                </td>
                                <td class="style3">
                                    <asp:TextBox ID="Facebook_URL" runat="server" Width="239px"></asp:TextBox>
                                </td>
                            </tr>
                            <tr>
                                <td align="right" class="style1">
                                    <asp:Label ID="Label9" runat="server" Font-Size="Small" 
                                        Text="Myspace URL:"></asp:Label>
                                </td>
                                <td>
                                    <asp:TextBox ID="Myspace_URL" runat="server" Width="239px"></asp:TextBox>
                                </td>
                            </tr>
                            <tr>
                                <td align="right" class="style1">
                                    <asp:Label ID="Label10" runat="server" Font-Size="Small" Text="Twitter URL:"></asp:Label>
                                </td>
                                <td>
                                    <asp:TextBox ID="Twitter_URL" runat="server" Width="239px"></asp:TextBox>
                                </td>
                            </tr>
                            
                        </table>
                    </asp:WizardStep>
                    <asp:WizardStep runat="server" Title="Processing" StepType="Step">                        
                        &nbsp;<asp:Label ID="Label11" runat="server" Text="Label"></asp:Label>
                    </asp:WizardStep>
                    <asp:WizardStep runat="server" Title="Finish" StepType="Finish">
                        <asp:Label ID="Label12" runat="server" Text="Label"></asp:Label>
                    </asp:WizardStep>
                </WizardSteps>
            </asp:Wizard>
  

    </asp:Content>




Registration VB Code
Public Class _Default
    Inherits System.Web.UI.Page
    Dim month31 As New List(Of String)
    Dim month30 As New List(Of String)
    Dim month28 As New List(Of String)

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        month31.Add("1")
        month28.Add("2")
        month31.Add("3")
        month30.Add("4")
        month31.Add("5")
        month30.Add("6")
        month31.Add("7")
        month31.Add("8")
        month30.Add("9")
        month31.Add("10")
        month30.Add("11")
        month31.Add("12")


        If month31.Contains(Month.SelectedValue.ToString) Then
            For i = 1 To 31
                Day.Items.Add(i)
            Next
        End If

        If Not Month.SelectedValue.ToString = Nothing Then
            If Not Day.SelectedValue.ToString = Nothing Then
                If Not Year.SelectedValue.ToString = Nothing Then
                    DOB.Text = Month.SelectedValue.ToString & "/" & Day.SelectedValue.ToString & "/" & Year.SelectedValue.ToString
                End If
            End If
        End If
    End Sub

    Protected Sub Month_SelectedIndexChanged(ByVal sender As Object, ByVal e As EventArgs) Handles Month.SelectedIndexChanged
        Day.Items.Clear()
        If month31.Contains(Month.SelectedValue.ToString) Then
            For i = 1 To 31
                Day.Items.Add(i)
            Next
        End If

        If month30.Contains(Month.SelectedValue.ToString) Then
            For i = 1 To 30
                Day.Items.Add(i)
            Next
        End If

        If month28.Contains(Month.SelectedValue.ToString) Then
            For i = 1 To 28
                Day.Items.Add(i)
            Next
        End If

    End Sub

   
    Protected Sub Day_TextChanged(ByVal sender As Object, ByVal e As EventArgs) Handles Day.TextChanged
        Year.Items.Clear()

        For i = 1900 To 2011
            Year.Items.Add(i)
        Next
    End Sub

    Protected Sub Wizard1_ActiveStepChanged(ByVal sender As Object, ByVal e As EventArgs) Handles Wizard1.ActiveStepChanged
        Dim stepp As String
        stepp = Wizard1.ActiveStepIndex

        If stepp = 2 Then
            Dim conn As New SqlClient.SqlConnection
            Dim sqlCommand As String

            ' Need to get Connection String Working
            conn.ConnectionString = "Integrated Security=SSPI;data source=*Removed*;persist security info=False;initial catalog=*Removed*;"
            Try
                conn.Open()
                sqlCommand = "INSERT INTO [SocialLife].[dbo].[Userinfo]([Email],[Password],[FirstName],[LastName],[DOB],[Facebook_URL],[Myspace_URL],[Twitter_URL]) VALUES ('" & Email.Text & "','" & Password.Text & "','" & FirstName.Text & "','" & LastName.Text & "','" & DOB.Text & "','" & Facebook_URL.Text & "','" & Myspace_URL.Text & "','" & Twitter_URL.Text & "')"
                Dim cmd As New SqlClient.SqlCommand(sqlCommand, conn)
                cmd.ExecuteNonQuery()
                Label11.Text = "Registration Complete."
            Catch ex As Exception
                Label11.Text = "Sorry We could Not Process your request at this time."
            Finally
                conn.Close()
            End Try
        End If
    End Sub
End Class



This coding works and does insert all the user data into the table

The issue comes when i try to grip the concept of authenticating the user against the table using a custom login. Can Someone help with this, ideas and code are both appreciated.

Thanks
Isaiah Williams

Is This A Good Question/Topic? 0
  • +

Replies To: Asp.Net VB User Authentication Against SQL Server

#2 hacksys   User is offline

  • New D.I.C Head
  • member icon

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 27-December 08

Re: Asp.Net VB User Authentication Against SQL Server

Posted 09 February 2011 - 05:54 PM

I went ahead and just used the vb.net db for holding user info as well as inserting into sql server for querying against the user
Was This Post Helpful? 0
  • +
  • -

#3 eclipsed4utoo   User is offline

  • Not Your Ordinary Programmer
  • member icon

Reputation: 1534
  • View blog
  • Posts: 5,972
  • Joined: 21-March 08

Re: Asp.Net VB User Authentication Against SQL Server

Posted 10 February 2011 - 07:11 AM

Please, Please, Please change this...

sqlCommand = "INSERT INTO [SocialLife].[dbo].[Userinfo]([Email],[Password],[FirstName],[LastName],[DOB],[Facebook_URL],[Myspace_URL],[Twitter_URL]) VALUES ('" & Email.Text & "','" & Password.Text & "','" & FirstName.Text & "','" & LastName.Text & "','" & DOB.Text & "','" & Facebook_URL.Text & "','" & Myspace_URL.Text & "','" & Twitter_URL.Text & "')"



You are opening yourself up to SQL Injection attacks. Please either use parameterized queries or a stored procedure.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1