Hi, I have written a C# dll and I have a SQL Db that has three columns (username, password, role). The role element is a class of user eg admin, user; each role needs a different login completion event. The login form I am using is an ASP.net web page that makes calls to the login dll (which in turn connects to the Db and where my validation needs to occur). THe issue I am having is how is the validation done?
Now I have read this article :
http://www.daniweb.com/forums/thread87556-2.html
but that deals with Access Db, not SQL. any ideas ? Thanks for your time!

ok here is my connection/validation code

using System;
using System.Collections.Generic;
using System.Text;
using System.Data;
using System.Data.SqlClient;

namespace blah
{
    public class UserLogin
    {
        private SqlConnection connection = new SqlConnection();

        public UserLogin()
        {
            ///create sql connection
            
            connection.ConnectionString = "Data Source=Phil;Initial Catalog=demo;Integrated Security = SSPI";
            connection.Open();
        }
        public Boolean Login(String username, String password)
        {
            SqlCommand cmd = new SqlCommand("SELECT password FROM users WHERE username = '"+username+"' ",connection);
            SqlDataReader reader = cmd.ExecuteReader();
            while (reader.Read())
            {
                String s = (String)reader[0];
            }
            return false;
        }


    }
}

here is my loginpage code

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

using System.Data.SqlClient;

public partial class _Default : System.Web.UI.Page 
{
    private UserLogin UserID;

    protected void Page_Load(object sender, EventArgs e)
    {

    }
    
    protected void Button1_Click(object sender, EventArgs e)
    {
        UserID = new UserLogin();
        UserID.Login(UserText.Text, PasswordText.Text);

    }
    
}

My question is how can I validate user input in the username/password textboxes agaisnt username/password columns in the sql db I have? thanks

First, your ASP is the one connecting to the database using the credendials of the web site setup. (Windows authentication mode).

You are to validating the information from the login screen against the database. Just keep in mind that SQL sees the web service as the one logged in not the credentials or person supplied in the query. IOW, the user is not logged in as the user. You connection string is using windows authentication, meaning it takes the web service credentials as the logged in user.

Does that help ?

how is this working ??
I tried this code but its neither redirecting to the destined page after sucessfull login nor giving error message

please help .... i need to develop my training project in this weak itself :(

thnks

Comments
New questions in new threads please, don't resurrect dead threads! :)
This question has already been answered. Start a new discussion instead.