0

I have login in my asp page req name/pass and button.

I create the connecttion string to my database and SqlDataSource with the query well here in the SqlDataSource:

<asp:SqlDataSource ID="SqlDataSource1" runat="server" 
     ConnectionString="<%$ ConnectionStrings:CarRentalConnectionString %>" 
     SelectCommand="SELECT * FROM [Customers] WHERE (([UserName] = @UserName) AND ([PassWord] = @PassWord))">
     <SelectParameters>
        <asp:ControlParameter ControlID="uname" Name="UserName" PropertyName="Text" Type="String" />
        <asp:ControlParameter ControlID="pass" Name="PassWord" PropertyName="Text" Type="String" />
    </SelectParameters>
</asp:SqlDataSource>

My problem is I don't know how to active/execute it and how do I get the data that is returned from the query?

I have a feeling am going at this the wrong way (hope am wrong)

Hope one of you can give me a tip or point me in the right direction :)

Thanks in advance

Improve this question
1
  • It doesn't look like Classic ASP to me. I think you need to re-tag your question with an ASP.NET tag. Commented Jul 28, 2012 at 6:11

1 Answer 1

Reset to default
1

Using SqlDataSource is inappropriate as you're not simply retrieving data in a declaritive way. You'll want to define user verification (not validation) logic procedurally.

The usual approach follows. Note that you should hash your passwords rather than storing them in plaintext. Hash salting has been omited for brevity.

public static Boolean Authenticate(String userName, String password) {

    using(SqlConnection c = new SqlConnection("myConnectionString")
    using(SqlCommand cmd = c.CreateCommand()) {
        c.Open();
        cmd.CommandText = "SELECT UserName, PasswordHash, OtherDataEtc FROM Users WHERE UserName = @userName";

        cmd.Parameters.Add("@userName", SqlDbType.Varchar, 50).Value = userEnteredUserName;

        using(SqlDataReader rdr = cmd.ExecuteReader()) {
            if( !rdr.Read() ) return false; // no matching user found

            Byte[] passwordHash = rdr.GetBytes( 1 );
            Byte[] hash = Hash( userEnteredPassword ); // Use at least SHA1
            return Array.Equals( passwordHash, hash );
        }
    }
}

// Usage in ASP.NET:

public override OnPageLoad(Object sender, EventArgs e) {
    if( IsPostBack ) {
        Validate();
        if( IsValid ) {
            Boolean auth = Authenticate( this.userName, this.password ); // member textbox controls
            if( auth ) {
                FormsAuthentication.SetAuthCookie( this.userName, true );
                FormsAuthentication.RedirectFromLoginPage("somewhere", true);
            } else {
                Response.Redirect("loginFailedPage");
            }
        }
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

thx that helpt and it works ;) i think there is other way of doing it with Membership.ValidateUser but i dont really know how to set that up hope google can help :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.