0

I have to implement asp.net login control to site master:

What I did is:

I took 3 things

  • SiteMaster
  • Home.aspx
  • webform1.aspx

In site master I wrote following things:

<form id="form1" runat="server">
    <div>
        <asp:Login ID="Login1" runat="server" OnAuthenticate="Login1_Authenticate" OnLoginError="Login1_LoginError">
        </asp:Login>
    </div>
    <div>
        <asp:ContentPlaceHolder ID="ContentPlaceHolder1" runat="server">
        </asp:ContentPlaceHolder>
    </div>
</form>

In code behind I wrote following things: 

 public partial class SiteMaster1 : System.Web.UI.MasterPage
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!this.IsPostBack)
                ViewState["LoginErrors"] = 0;
        }

        #region Login Functionality
        /// <summary>
        ///  will validation if the username and password while click on login button from asp.net login button  
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
        {
            if (YourValidationFunction(Login1.UserName, Login1.Password))
            {
                //e.Authenticated = true;
                Login1.Visible = false;
                //MessageLabel.Text = "Successfully Logged In";
            }
            else
            {
                e.Authenticated = false;
            }
        }
        /// <summary>
        /// Will show the error
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        protected void Login1_LoginError(object sender, EventArgs e)
        {
            if (ViewState["LoginErrors"] == null)
                ViewState["LoginErrors"] = 0;

            int ErrorCount = (int)ViewState["LoginErrors"] + 1;
            ViewState["LoginErrors"] = ErrorCount;

            if ((ErrorCount > 3) && (Login1.PasswordRecoveryUrl != string.Empty))
                Response.Redirect(Login1.PasswordRecoveryUrl);
        }

        /// <summary>
        /// function to check the username and password to server 
        /// </summary>
        /// <param name="UserName"></param>
        /// <param name="Password"></param>
        /// <returns></returns>
        private bool YourValidationFunction(string UserName, string Password)
        {
            bool boolReturnValue = false;
            string strConnection = "i wrote correct string, cannot write here on stackoverflow";

            SqlConnection sqlConnection = new SqlConnection(strConnection);
            String SQLQuery = "SELECT UserName, Password FROM aspnet_Users";
            SqlCommand command = new SqlCommand(SQLQuery, sqlConnection);
            SqlDataReader Dr;
            sqlConnection.Open();
            Dr = command.ExecuteReader();
            while (Dr.Read())
            {
                if ((UserName == Dr["UserName"].ToString()) & (Password == Dr["Password"].ToString()))
                {
                    boolReturnValue = true;
                }
                Dr.Close();
                return boolReturnValue;
            }
            return boolReturnValue;
        }
        #endregion
    }

My problem is: I want to manage how to display

Asp.Net login control :

Let's say, when I go to other page webform1.aspx, I am still able to see asp.net login control ( even if I hide that control ). Instead of this, I want to display welcome [Username]

chue x
  • 18,573
  • 7
  • 56
  • 70
user2758785
  • 25
  • 1
  • 4

1 Answers1

0

Set the DestinationPageUrl property of the Login control to your desidered page

As a side note, your method to authenticate the user has serious problems

private bool YourValidationFunction(string UserName, string Password)
{
    bool boolReturnValue = false;
    string strConnection = "i wrote correct string, cannot write here on stackoverflow";

    String SQLQuery = "SELECT count(*) FROM aspnet_Users where Username=@uname AND Password = @pwd";
    using(SqlConnection sqlConnection = new SqlConnection(strConnection))
    using(SqlCommand command = new SqlCommand(SQLQuery, sqlConnection))
    {
        sqlConnection.Open();
        command.Parameters.AddWithValue("@uname", Username);
        command.Parameters.AddWithValue("@pwd", Password);
        int result = Convert.ToInt32(command.ExecuteScalar());
        boolReturnValue = (result > 0);
    }
    return boolReturnValue;
}

In this rewrite of your function I have used the using statement to be sure to close and destroy the connection after its use. Also I have introduced a parameterized query to avoid Sql Injection problems and I have changed the query command to use the ExecuteScalar method

A Connection is a precious resource and should be released to the OS immediately after the usage. The using statement ensures that even in case of an exception the connection is closed and disposed at the closing brace. The parameterized query avoids a malicious string to be passed to the database and allows the framework to format correctly strings, dates and decimals in numeric values. The ExecuteScalar is very useful when you need just a single value returned from the database like in your case where you need only to know if the pair user+password exists in the database.

Community
  • 1
  • 1
Steve
  • 213,761
  • 22
  • 232
  • 286
  • you did not mention the serious problems ! – user2758785 Sep 08 '13 at 12:01
  • really appreciate your help , but i want to hide the asp.net login control when i go to other page and also check the user is login or not – user2758785 Sep 08 '13 at 12:14
  • and also it will be help me , if you redirect some password , encrypt and decrypt method – user2758785 Sep 08 '13 at 12:17
  • Sorry, but I am not an expert on ASP.NET. However you could use some of the materials that you can find here about the Login control and ASP.NET Membership provider for your site security http://www.asp.net/web-forms/videos/building-35-applications/login-controls – Steve Sep 08 '13 at 12:32