I'm trying to create a login screen that will verify a user's username and password from within a SQL table. If the credentials are found in the table, they should be sent to a Main Menu screen. If the credentials are not found, I will throw a message on the screen. Does anyone have code to accomplish this? I am at a total standstill.
Thanks,
BoydMCheck out this tutorial to use .NET security features:
http://www.dotnetjunkies.com/quickstart/aspplus/doc/authandauth.aspx
You can expand on that stuff to use the database or if you want to go ad hoc and not use the .NET security features you could always just have them submit their username and password from the form and compare them to values in the database and whether or not they match depends on where they go. Hope this helps.
- Jesse Williams|||Thanks Jesse. I've read a few articles regarding forms-based authentication, but they all seem to use 1 username and password to compare against (For example, if the username entered equals 'john@.abc.com' and the password equals 'password', then process accordingly). In my situation, I want to compare what the user enters against a table of usernames and passwords to verify they have entered valid credentials.
Any ideas?
Thanks,
BoydM|||You could create your username and password tables in the database and write a stored procedure to execute from your application code. Also if you want to base their privlidges I'd add a userRole (Admin, user, etc.) column in too. The store procedure would have three parameters: username, password, and return value (return the role of the user). Here's what I would envision the procedure to look like:
CREATE PROCEDURE GetUserRole
( @.username varchar(25),
@.password varchar(10),
@.userRole varchar(10) OUTPUT
)
AS
BEGIN
IF EXISTS (SELECT userName, password FROM UsersTable WHERE userName = @.userName AND password = @.password)
BEGIN
SELECT @.userRole = userRole FROM UsersTable WHERE userName = @.userName AND password = @.password
RETURN @.userRole
END
ELSE
RETURN -1
END
This is off the top of my head, so I don't know if it's going to run properly. Just configure your SqlCommands in your code to have parameters sending and receiving values and test it out. Anymore help, please post here. Hope this helps. Good luck.
- Jesse Williams|||Thanks. The more I research, the more I'm beginning to realize that I need to use a stored procedure to query the SQL table. I'm fairly new to stored procedures, and even newer to asp.net. A couple questions:
Where do I place the 'CREATE PROCEDURE' code in my aspx.vb file?
Secondly, how do I code my parameters for sending and receiving values?
Thanks again,
BoydM (phellow phan)|||You actually dont place the stored procedure code in your code file. What database are you using? If you are using SQL Server and Enterprise Manager you can use that or Query Analyzer (I prefer Query Analyzer). To create the procedure you would write the code I provided you and execute to create the procedure. This will create the procedure, no need to worry about the create proc stuff anymore. You will execute the proc from your code with the parameters. Here's some code to help you a little more:
'Import SQL Namespace; Required
Import System.Data
Import System.Data.SqlClientDim strSQL As String
Dim strConString As String
'Get Connection String From Web.config
strConString = System.Configuration.ConfigurationSettings.AppSettings("sqlCon")
'SQL Statement to execute proc
strSQL = "EXEC GetUserRole"
Dim conSQL As New SqlConnection(strConString)
Dim cmdSqlCommand as New SqlCommand(strSQL, conSQL)
'Add Parameters too command
cmdSqlCommand.Parameters.Add("@.userName", txtUserName.text)
cmdSqlCommand.Parameters.Add("@.password", txtPassword.text)
cmdSqlCommand.Parameters.Add("@.userRole", SqlDbType.VarChar, 10).Direction = ParameterDirection.Output
cmdSqlCommand.Parameters.Add("RETURN_VALUE", SqlDbType.Int, 4).Direction = ParameterDirection.ReturnValue
'Execute the command
cmdSqlCommand.ExecuteNonQuery()
'Retrieve Return Value
. . .
'Do the Rest of your code here
. . .
Again, this is off the top of my head, so some stuff may need fixing. Hope this helps and good luck.
- Jesse Williams
