good way of validating login info vs SQL D/B

the easiest way is to enable asp.net membership provider, it creates all the required tables and procedures for you. drag and drop create user wizard to your webform, then run the page. when you create your first user, asp.net creates the membership tables in your AppData folder. then drag and drop a login control, when you enter the credentials that you previously registered, you will see that login successes or fails.

that simple eh ? many thanks for your reply. Does this method provide a means of edting login credentials? For example if I have an administrator user type and a general user type, the admin should be able to edit the general user

Yes, you have all the controls in your Toolbar if you are using Visual Studio 2005, or 2008.

hmm ok thanks fo your ideas both of you. however what serkansendur has suggested is great but I do not want to create users onthefly. I want to have a prebuilt DB to validate against you see. any suggestions ?

hi majestic0110,
There is ASP Login Control exists in VS 2005 OR VS 2008, but you still want to use traditional database technique to design login control. For this, i have one article which help's you a lot.
Just check this link, hope this will help you.

http://www.4guysfromrolla.com/webtech/100500-1.shtml

If problem persist then feel free to share with us.
Thanks & Regards
Dilip Kumar Vishwakarma
Programmer
.Net Consulting

that simple eh ? many thanks for your reply. Does this method provide a means of edting login credentials? For example if I have an administrator user type and a general user type, the admin should be able to edit the general user

Everything you can do with login controls,can be done programmatically. To create users belonging to different groups, you must enable roles. Then programmatically you can add users to those roles. Also you can use create user wizard to set user roles. Add an extra step to create user wizard and add a checkbox there determining whether the user is an admin or not. Create user wizard is derived from wizard control so it can be added as many steps as wanted

hmm ok thanks fo your ideas both of you. however what serkansendur has suggested is great but I do not want to create users onthefly. I want to have a prebuilt DB to validate against you see. any suggestions ?

ok, basically you need to modify your web.config file's <authention element. set the authentication type to Forms. then create your own login page using your own textboxes. query your database with the credentials, if the credentials match then in the button_click handler of your login button add this code : FormsAuthentication.RedirectFromLoginPage(string username,bool createPersistentCookie); if you want you can add a checkbox so that user credentials be remembered. pass the checkbox.checked value to createPersistentCookie parameter.

the trouble I am mainly having is in connecting to the Db. When I use the WAT utility I keep getting error messages saying I am not connected to db

you dont have to use WAT, you can manually configure the web.config file. google search the element name like <authentication or just type web.config authentication or so.

Membership would be the fastest and easiest yes, by far. However, if you wish to create a simple login and compare the values of the user's input to the database, do something like this:

Dim conn As New SqlConnection( connectionstring )
Dim cmdSelect As New SqlCommand( "SELECT TOP 1 UserPassword FROM Users WHERE UserName=@UserName", conn )
cmdSelect.Parameters.AddWithValue( "@UserName", Trim(tbUserName.Text) )
Dim DBPass As String

Try
  conn.Open()
  DBPass = cmdSelect.ExecuteScalar()
  conn.Close()
Catch ex As SqlException
  response.write(ex)
  response.end
End Try

if string.compare(DBPass, Trim(tbPassword.Text), False) = 0 then
  'user logged in
else
  'invalid information
end if

ok thanks. so fiddly trying to configure this stuff. why is it so user-unfriendly?lol

lol we must have posted at same time shesaid

It's set for a programmer. Watch a tutorial (video) on how to set up a membership. It will lead you through what you need to do :)

ok thanks for the help all will let you know how it goes

Im unclear, If I use membership does that mean I shouldnt use Roles or do they go hand in hadn?

Im unclear, If I use membership does that mean I shouldnt use Roles or do they go hand in hadn?

they go hand in hand

ok thanks, will have to figure out how - was afraid you'd say that - my code needs completely recoding lol

I don't rely on any software to build my applications, however it would be less time consuming if I did lol.

I even encrypt and decrypt all my stuff that goes in and out of my hands through the databases. I don't rely on microsoft's "hashing" method. If you look at it, words will always be the same coding. The word Lost will be encoded the same away as the next word. Therefore, it's easy to figure out how it hashes. You can "salt" it but that, to me, is a waste of Database space.

the main thing that confuses me is the defaultprovider elements - what are the providers used for, explicitly?

connecting to the database.

ok here is my web.config.
red- isnt that where database is connected to ?

<?xml version="1.0"?>

<configuration>
	<appSettings/>
	<connectionStrings>
		<add name="string"
         connectionString="data source=(local);Initial Catalog=demo;Integrated Security=SSPI"/>
	</connectionStrings>
	<system.web>
  <authorization>
			<deny users="?"/>
		</authorization>
		<membership defaultProvider="AspNetSqlRoleProvider">
   <providers>
    <add connectionStringName="string"
     commandTimeout="10" enablePasswordRetrieval="false" enablePasswordReset="true"
     requiresQuestionAndAnswer="true" requiresUniqueEmail="false"
     passwordFormat="Hashed" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10"
     minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="0"
     name="AspNetSqlRoleProvider" type="System.Web.Security.SqlMembershipProvider" />
   </providers>
  </membership>
				<compilation debug="true"/>
		

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
	</system.web>
</configuration>