4 Replies - 932 Views - Last Post: 04 September 2015 - 04:40 AM Rate Topic: -----

#1 wantocode   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 18
  • Joined: 27-August 15

question about securing asp.net login

Posted 31 August 2015 - 08:18 PM

hello i have experienced developing apps using c# and vb.net

but for now i have a project using asp.net web forms and mssql

i'm afraid that my application will cause some bugs

like if the user typed the url Homepage but he didn't login first

he can use the homepage. how do i fix those things?

as of now im using stored procedure for my login

is it good to use the Login control? instead of creating my own login?
like dragging two textbox and two button then add code for it?

sorry for my bad english.

and can someone link me to a good article. ive googled some stuff but im confused

i like asp.net web forms because it look similar to vb.net and c#.

Is This A Good Question/Topic? 0
  • +

Replies To: question about securing asp.net login

#2 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 14088
  • View blog
  • Posts: 56,440
  • Joined: 12-June 08

Re: question about securing asp.net login

Posted 01 September 2015 - 07:26 AM

You would roll it like any other webpage - see if sessions do what you need.

https://msdn.microso...y/ms178581.aspx

User enters credentials -> query DB to see if credentials are right.

If credentials are right -> create session -> set your session info -> redirect to page.
If credentials are wrong -> flash error -> do not move off page.

Any other page you want to have had the user logged into means you need to check, in the code behind's page load, if the session has been created or not. If not send to the login page.. if so do nothing.
Was This Post Helpful? 0
  • +
  • -

#3 wantocode   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 18
  • Joined: 27-August 15

Re: question about securing asp.net login

Posted 03 September 2015 - 09:02 PM

what's wrong with my cod? it says invalid. i even checked the database to make sure.

protected void Login_Authenticate(object sender, AuthenticateEventArgs e)
        {
            //int userId = 0;
            string constr = ConfigurationManager.ConnectionStrings["Mydbconn"].ConnectionString;
            using (SqlConnection con = new SqlConnection(constr))
            {
                using (SqlCommand cmd = new SqlCommand("Validate_User"))
                {
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.AddWithValue("@Username", Login.UserName);
                    cmd.Parameters.AddWithValue("@Password", Login.Password);
                    cmd.Connection = con;
                    con.Open();
                    SqlDataReader reader = cmd.ExecuteReader();
                    if (reader.Read())
                    {
                        //HttpCookie _userinfoCookies = new HttpCookie("Userinfo");
                        //_userinfoCookies["UsernameCookie"] = Convert.ToString(reader["username"]);
                        //_userinfoCookies["UserFullNameCookie"] = Convert.ToString(reader["userfullname"]);
                        //_userinfoCookies["Expire"] = "30 minutes";

                        //_userinfoCookies.Expires = DateTime.Now.AddMinutes(30);
                        //Response.Cookies.Add(_userinfoCookies);

                        //http://www.codeproject.com/Articles/32545/Exploring-Session-in-ASP-Net
                        //Session["UserNameSession"] = Convert.ToString(reader["Username"]);
                        Response.Redirect("Home.aspx");

                    }
                    //userId = Convert.ToInt32(cmd.ExecuteScalar());
                    //con.Close();
                }
                //switch (userId)
                //{
                //    case -1:
                //        Login.FailureText = "Username and/or password is incorrect.";
                //        break;
                //    case -2:
                //        Login.FailureText = "Account has not been activated.";
                //        break;
                //    default:
                //        //FormsAuthentication.SetAuthCookie(Login.Username, true);
                //        //Response.Redirect("HomePage.aspx");
                //        FormsAuthentication.RedirectFromLoginPage(Login.UserName, Login.RememberMeSet);
                //        break;
                //}
            }
        }

Was This Post Helpful? 0
  • +
  • -

#4 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2537
  • View blog
  • Posts: 10,169
  • Joined: 03-December 12

Re: question about securing asp.net login

Posted 04 September 2015 - 04:32 AM

Need to be more specific than that. What are the errors?
Was This Post Helpful? 0
  • +
  • -

#5 wantocode   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 18
  • Joined: 27-August 15

Re: question about securing asp.net login

Posted 04 September 2015 - 04:40 AM

the code didn't work well

i checked the database and the credentials enterd is correct but the code doesn't work as expected

this part of the code doesnt work,
if (reader.Read())
                    {
                        Response.Redirect("Home.aspx");
                    }
                    else
                    {
                    }



as far as i know if i entered credentials correctly it will redirect to the homepage.aspx but it didn't.

sorry for my bad english.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1