Authenticate Username and Password

great example for login
http://www.daniweb.com/forums/thread6028.html

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDb" %>
<script language="VB" runat="server">
sub btnLogin_Click(sender as Object, e as EventArgs)
if tbPassword.length > 0 and tbUserName > 0 then
    Dim connString as String
    connString = "PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE=" & _
                   "C:\Inetpub\wwwroot\Projects.mdb;"
  
    Dim objConnection as OleDbConnection
    objConnection = New OleDbConnection(connString)
    'Specify our SQL statement
    Dim strSQL as String = "SELECT UserPassword FROM Users WHERE UserName=?"
    
    'Create the Command object
    Dim objCommand as OleDbCommand
    objCommand = New OleDbCommand(strSQL, objConnection)
    objCommand.Parameters.AddWithValue( "?UserName", Trim(tbUserName.Text) )

    objConnection.Open()   'open the connection
    Dim strPassword As String = objCommand.ExecuteScalar()

    if (String.Compare(strPassword, Trim(tbPassword.Text), False) = 0 then
        'login was a success.
    else
        'login failed.
    end if
else
    'login failed due to no or not enough parameters
end if
</script>

This performs a basic search of your mdb and grabs the password corresponding to the username. If no username exists, it will return false as strPassword will be Null or an empty string. String.Compare will return "0" if it is a success, and will return -1 or 1 if it is a failure.

Should be the simplest and quickest login you can do :)

This Code has to be written in login.aspx or in web.config file, Can you clarify please. Since am new to this if you could help me by giving the steps it would be of great help.

Thanks.

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDb" %>
<script language="VB" runat="server">
sub btnLogin_Click(sender as Object, e as EventArgs)
if tbPassword.length > 0 and tbUserName > 0 then
    Dim connString as String
    connString = "PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE=" & _
                   "C:\Inetpub\wwwroot\Projects.mdb;"
  
    Dim objConnection as OleDbConnection
    objConnection = New OleDbConnection(connString)
    'Specify our SQL statement
    Dim strSQL as String = "SELECT UserPassword FROM Users WHERE UserName=?"
    
    'Create the Command object
    Dim objCommand as OleDbCommand
    objCommand = New OleDbCommand(strSQL, objConnection)
    objCommand.Parameters.AddWithValue( "?UserName", Trim(tbUserName.Text) )

    objConnection.Open()   'open the connection
    Dim strPassword As String = objCommand.ExecuteScalar()

    if (String.Compare(strPassword, Trim(tbPassword.Text), False) = 0 then
        'login was a success.
    else
        'login failed.
    end if
else
    'login failed due to no or not enough parameters
end if
</script>

This performs a basic search of your mdb and grabs the password corresponding to the username. If no username exists, it will return false as strPassword will be Null or an empty string. String.Compare will return "0" if it is a success, and will return -1 or 1 if it is a failure.

Should be the simplest and quickest login you can do :)

that is written in an aspx file. the web.config file are just configuration settings and a place to store information you use frequently, like connection strings!

Put that information on an aspx file and change the connection string and your database name. Then build a form or modify the tbUserName and tbPassword elements of the sub function to the already in place textboxes on your current form. On your form, make the submit button an asp.net control and make it like the following:

<asp:Button id="btnLogin" Text="Login" OnClick="btnLogin_Click" runat="server" />

Since this is a button runat the server, when you click it, it will called the sub "btnLogin_Click" which will run the code within that sub. It is up to you to do any changes you wish for when the user successfully logs in and when the user fails to login. I would suggest creating a label called "lblError" and setting the visibility to false. That way if a user fails to login, you can then add the code to the sub function (btnLogin_Click) to set the lblError.Visibility = true and lblError.Text = "Failed to login. Try again" or something. If the user successfully logs in, set their ID or something in a session. This way you can keep people out of protected areas by checking to see if the session either exists or contains certain information. An example of this would be:

Session("userGood") = True
or
Session("userID") = "18279283749"

' Then
if Not Session("userGood") = True then response.redirect("/login.aspx")

'or
if Session("userID").length <= 0 or Session("userID") Is Nothing then response.redirect("/login.aspx")

using System;
using System.Data;
using System.Data.OleDb;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class _Default : System.Web.UI.Page 
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Login_Authenticate(object sender, AuthenticateEventArgs e)
    {
        OleDbConnection myconnection = new OleDbConnection();
        myconnection.ConnectionString = ConfigurationManager.ConnectionStrings["LBLDatabaseConnectionString"].ConnectionString;

        OleDbCommand mycommand = new OleDbCommand();
        mycommand.CommandText = "SELECT * FROM SYSTEMUSER WHERE SystemUser_Name=?";
        mycommand.Parameters.Add("SystemUser_Name", OleDbType.VarChar, 255, "SystemUser_Name");
        mycommand.Parameters["SystemUser_Name"].Value = this.Login1.UserName;

        mycommand.Connection = myconnection;

        OleDbDataAdapter myadapter = new OleDbDataAdapter(mycommand);

        DataSet mydataset = new DataSet();

        OleDbCommandBuilder mycommandbuilder = new OleDbCommandBuilder(myadapter);

        //myadapter.Fill(mydataset);
        myadapter.Fill(mydataset, "SYSTEMUSER");

        if (mydataset.Tables["SYSTEMUSER"].Rows.Count == 1)
        {

            if (string.Compare(mydataset.Tables["SYSTEMUSER"].Rows[0]["SystemUser_Password"].ToString(), this.Login1.Password) == 0)
            {
                e.Authenticated = true;

                if (mydataset.Tables["SYSTEMUSER"].Rows[0]["SystemUser_Type"].ToString() == "Customer")
                {
                    Session["CustomerID"] = mydataset.Tables["SYSTEMUSER"].Rows[0]["SystemUser_ID"];
                    this.Login1.DestinationPageUrl = "~/Customer/ViewProfile.aspx";
                }
                else if (mydataset.Tables["SYSTEMUSER"].Rows[0]["SystemUser_Type"].ToString() == "Administrator")
                {
                    Session["UserID"] = mydataset.Tables["SYSTEMUSER"].Rows[0]["SystemUser_ID"];
                    this.Login1.DestinationPageUrl = "~/PowerUser/PowerUserMain.aspx";
                }
                else if (mydataset.Tables["SYSTEMUSER"].Rows[0]["SystemUser_Type"].ToString() == "Employee")
                {
                    Session["UserID"] = mydataset.Tables["SYSTEMUSER"].Rows[0]["SystemUser_ID"];
                    this.Login1.DestinationPageUrl = "~/User/ViewRewardItem.aspx";
                }

            }
        }
    }
}

Hope this can help you...

Yeah, basically same concept. Mine is in VB.NET and his is in C#. Don't mix them, it won't work.

Anyway, Happy8899, two questions.. why are you using the dataset for this and why are you selecting everything in the row pertaining to that user if you are only using column[0]?

Datasets use up so much resources. a scalar would only grab one value, but that seems like you're only wanting one value anyway!

Yes, thx to remind me on that really appreaciate it. I use the datasets cause i want to get all the value from the database and compare it with the login ID and password.