1

I am trying to make a simple login form in my asp.net page(I had a html page and now I am trying to make it to asp.net). It should take the entered username and password and connect to the mssql database. There I will make a SQL Select statment which selects the username and the password where the username is equal to the username entered in the textbox(and after that compare if the password entered is the same as the one in the database). If the username and the password is okay, then it should open another page - main.aspx. My index.aspx looks like this:

<form id="loginform" runat="server" method="post" action="/">
<div id="username_box"><p style="padding-top: 10px; margin: 0px">Username:</p></div>
<input type="text" value="" name="usernameTextBox" runat="server" id="username_input" /><br/>
<div id="password_box"><p style="padding-top: 10px; margin: 0px">Password:</p></div>
<input type="password" value="" name="passwordTextBox" runat="server" id="password_input" /><br/>
<a href="facebook.com" style="float: left;padding-left: 13px;padding-top: 8px;">Glemt kodeordet?</a>
<input type="submit" runat="server" id="LoginBtnClick" />
</form>

After the submit button is pressed, there is my c# code:

protected void LoginBtn_Click(object sender, EventArgs e)
{
    SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["myConnectionString"].ConnectionString);
    con.Open();
    SqlCommand cmd = new SqlCommand("select user_username, user_password FROM users WHERE user_username =@username and user_password=@password", con);
    cmd.Parameters.AddWithValue("@username", "user");
    cmd.Parameters.AddWithValue("@password", "1234");
    SqlDataAdapter da = new SqlDataAdapter(cmd);
    DataTable dt = new DataTable();
    da.Fill(dt);
    if (dt.Rows.Count > 0)
    {
        Response.Redirect("main.aspx");
    }else
    {
        ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Invalid Username and Password')</script>");
    }
}

Right now I am not using the username and the password that the user types in the textbox, but just a hardcoded username "user" and password "1234", which I have inserted in my database. I don't know how to get the text from the textbox. But even with the hardcoded username and password, this whole thing doesn't work.

And now in the end, this is what I added in my Web.Config to make the connection string:

<connectionStrings>
<add name="myConnectionString" providerName="System.Data.SqlClient"  connectionString="Data Source=hereistheipofmydb;Initial Catalog=mydb;User Id =myadmin;password=mypass;" />

One more question: is it necessary the whole project to be uploaded on the server(the same as database)? Right now I have my database on the hosting, but the website I am running through Visual Studio 2012.

Improve this question

2 Answers 2

Reset to default
2

You're working with the database the hard way. Your use of the connection string is also a potential source of a memory leak. Please consider using either LINQ-to-SQL or the Entity Framework. They will make your life seriously easier. Investigating proper use of events will also be very helpful for you. Please review these references:

  1. Publish/Subscribe event pattern
  2. Getting Started with LINQ in C#
  3. LINQ To SQL Tutorial for Beginners
  4. Adding a model to ASP.NET using MVC4 and Entity Framework
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Access the text boxes using

cmd.Parameters.AddWithValue("@username", username_input.Text);

If you can't connect I recommend that you install something to test the connection with like the SQL Server Express Managment tool. If that doesn't work either it can be anything between your pc and the sql server and not your program. Then check with your server provider to figure this one out or try open your firewall on port 1433 (standard port) to the server address.

Also, no, you only need to upload all aspx, js, images and the binaries (might be more). Source files you don't have to deploy. What you can do is to just right-click the project and select publish and it will help you create a deploy of the project.

Improve this answer

2 Comments

But I am not using mysql. I use mssql. And var username = username_input.Text; // gives me an error under Text. So I replaced it with username_input.Value, don't know if it is right.
I did what you said, but it still doesn't work. First if I make it: cmd.Parameters.AddWithValue("@username", username_input.Text); It gives me error on username_input.Text, looks like I can't use Text. If I make it username_input.Value then it is okay, but I don't know if it will work. I have connection with SQL Server Management studio.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.