ASP.NET Web Application Simple Login form

Question

I am beginner in .Net Technology . I want to develop a web Application , Login Module with Username,Password and Button component. I have got issue on it .So plz help me to do login mod properly .

Login Module Design

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;
using System.Configuration;


namespace WebApplication2_loginPageTest
{
public partial class _Default : System.Web.UI.Page
{

    protected void btnlogin_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection("DataBase=SOUMENROY-PC;Server=(local)");
        SqlDataAdapter da ;
        string mSql = " Select * from login1 where username = '" + tbusername.Text +   
 "' + and password = '" +  tbpassword.Text + "' ";
        da = new SqlDataAdapter(mSql, con);
        con.Open();
        DataSet ds = new DataSet();
        da.Fill(ds);
        if (ds.Tables[0].Rows.Count > 0)
        {
            Response.Write("<Script> alert (uid & pass taken.)</script>");
        }
        else 
        {
            Response.Write("<Script> alert (uid & pass ok.)</script>");
        }




    }
 }
 }

There are gazillions of examples available on net, you just need to google it. — Taimur Khan, Nov 13 '13 at 04:28
http://www.asp.net/web-forms/tutorials/security/introduction/an-overview-of-forms-authentication-cs and many more will help you just google and try your self.. come to stackoverflow, when you will face any problem.. — Ram Singh, Nov 13 '13 at 04:33
This code is vulnerable to SQL Injections, make sure you parameterize your queries !!! — Dimitar Dimitrov, Nov 13 '13 at 04:34

score 1 · Accepted Answer · answered Nov 13 '13 at 05:04

1

While we wait for more info on the problem you're facing, I'd like to point out that your query at the moment is vulnerable to SQL injections. Here is how I'd rewrite it:

using(var con = new SqlConnection("DataBase=SOUMENROY-PC;Server=(local)"))
using (var cmd = new SqlCommand("select count(*) from login1 where username = @username and password = @password", con))
{
    cmd.Parameters.AddWithValue("@username", username);
    cmd.Parameters.AddWithValue("@password", password);

    con.Open();
    var result = (int)cmd.ExecuteScalar();

    if (result > 0)
    {
        // credentials are valid
    }
}

Let me know if you need any clarifications on it.

answered Nov 13 '13 at 05:04

Dimitar Dimitrov

14,868
8
51
79

@Mak This means that your connection string is not correct (it can't establish a connection). Here is a good site to help you determine your connection string: http://www.connectionstrings.com/ – Dimitar Dimitrov Nov 13 '13 at 10:20
@Mark How about you give this a try -> http://stackoverflow.com/a/10480011/940072 – Dimitar Dimitrov Nov 13 '13 at 10:23

ASP.NET Web Application Simple Login form

1 Answers1