2

I'm currently developing a dating site for a school project, and I'mm currently trying to make a log in feature for it. We are not supposed to use the automatic register and login feature.

Any contact we have with the database should go through the WCF service application. I know how to implement it without using the WCF, but I need to use it now, and I can't find this on Google after searching .

 public bool login(string UserName, string PassWord, bool isActive = true) {
      try {
           DALDataContext db = new DALDataContext();
           var qry = from m in db.tblUsers
                      where m.userName == UserName && m.password == PassWord && m.isActive == isActive
                      select m;
            if (qry.Count() > 0) {
                return true;
            } else {
                return false;
            }
        }
        catch (Exception) {
            return false;
        }
    }

That's how I made it, so this should work if I implement it in my web application like this:

ServiceReference1.Service1Client obj = new ServiceReference1.Service1Client();
protected void btnLoginUser_Click1(object sender, EventArgs e) {
     try {
          string UserName = txtUserName.Text;
          string PassWord = txtPassWord.Text;
          obj.login(UserName, PassWord);

           if (true) {
               Session["me"] = UserName;
               Response.Redirect("~/MyProfile.aspx");
               }
      }
      catch (Exception){

       }
   }

I've been working with this for hours, the register part of this works... so I'm doing something really wrong or something. I'm using Visual Studio 2010 and SQL Server 2008 R2.

[SOLVED]

this is how i solved it

protected void btnLoginUser_Click1(object sender, EventArgs e)
    {
        try
        {
            string UserName = txtUserName.Text;
            string PassWord = txtPassWord.Text;
            bool isActive = true;


            if (obj.login(UserName, PassWord, isActive))
            {
                Session["me"] = UserName;
                Response.Redirect("~/MyProfile.aspx");
            }
            else
            {
                lblErr.Text = "fail";
            }
            }

        catch (Exception)
        {

        }

    }
}

}

Improve this question

2 Answers 2

Reset to default
5

You are ignoring the return value of your login method:

obj.login(UserName, PassWord); // <-- returns true/false.

if (true) // <-- Why?
{ 
    ...

Did you mean to do

if (obj.login(UserName, PassWord))
{
     Session["me"] = UserName;
     Response.Redirect("~/MyProfile.aspx");
} ...
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

i was just playing around with some code in vs, been at if for hours and it logs in all the time
still need to check if its true, i made it like this now 'if (obj.login(UserName, PassWord)) { Session["me"] = UserName; Response.Redirect("~/MyProfile.aspx"); } else { lblErr.Text = "fail"; } }'
thats what if (expression) does. expression must evaluate to true to enter the block. obj.login(UserName, Password) will be true or false, so you will only enter the if block when obj.login returns true. As you have it now, if (true), will always enter the if block.
OK Sorry, I see your updated comment. What isn't working now exactly? Are you getting an error?
im not getting any error, its just when i write the correct password it doesnt login and redirect me to MyProfile.aspx, it should check what i write and then check if username exist and paswword but now it just says fail when i try to log in
|
-2

Suggest to return user from WCF service by name, like:

public tblUser login(string UserName);

In the client side you can retrieve user by name:

var user = obj.login(UserName);
if (user != null && user.password == txtPassWord.Text)
  DoLogin();
else
  ShowError();
Improve this answer

3 Comments

Just note, anyone inspecting the WCF response would be able to see the users password. Might not be something you want.
Password can be encrypted in DB. In this case it should be decrypted before comparing.
No. You check the password only on the server. Never do it on the client.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.