0

i have deploy my .Net web application.
i can retrieve the first page that is the login.aspx page.
but, when i click the login button, the error has occur.
Execute Reader: Connection property has not been initialized.

After user click login button from the login page, menu page should be displayed if the username and password is valid.
in the visual studio 2008 environment, when i debug the code, it work properly.
so, i dont know what is wrong with that.
is it something wrong with my coding or other setting?

i am writing database connection code for my web application in a C# Class. this is the code for my database connection class.

public class DBConn
    {
        SqlConnection SQLConn = new SqlConnection(@"Data Source=user-05911940da\sqlexpress;Initial Catalog=BDAS;Integrated Security=True");

        public SqlConnection OpenDB()
        {
            try
            {
                SQLConn.Open();
                return SQLConn;
            }

            catch (SqlException exp)
            {
                Console.Out.WriteLine("SQL error!!" + exp);
                return null;
            }
        }

        public void CloseDB()
        {
            try
            {
                SQLConn.Close();
            }
            catch (SqlException exp)
            {
                Console.Out.WriteLine("SQL error!!" + exp);
            }
        }
    }

Every page will invoke the database connection class to perform task with database such as saving data and so on.

this is the code for my login page that calls the DBConn Class:

namespace BDAS
{
    public partial class Login : System.Web.UI.Page
    {
        DBConn myDB = new DBConn();
        SqlConnection SQLConn = new SqlConnection();

        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void btnEnter_Click(object sender, EventArgs e)
        {
            String username = txtUsername.Text;
            String password = txtPassword.Text;

                try
                {
                    SQLConn = myDB.OpenDB();
                    string selectString = "SELECT * FROM BDE WHERE username='" + username + "' AND password='" + password + "'";

                    SqlCommand cmd = new SqlCommand(selectString, SQLConn);
                    SqlDataReader sdr = cmd.ExecuteReader();

                    if (sdr.Read())
                    {
                        Session.Add("user1", password);
                        Response.Redirect("MainPage.aspx");
                    }

                    else
                    {
                        Response.Write("<script>alert('Invalid Username or Password!!!')</script>");
                        throw new Exception();
                    }
                }

                catch (Exception ex)
                {
                    Response.Write("<script>alert('" + ex.Message + "')</script>");
                }

                finally
                {
                    myDB.CloseDB();
                }
        }
    }
}
2
Contributors
2
Replies
7
Views
7 Years
Discussion Span
Last Post by maria_mj
0

You must read "ASP.NET Page life-cycle" article. (I'm not going to explain page execution here).

You are working on web-application not a windows desktop application. You must not use the code pattern you have written for your application.

After the execution of command, connection object must be closed/disposed immediately.

Don't use SQL query by concatenating hard-coded strings. (Use parametrized query or stored-procedure).

protected void btnEnter_Click(object sender, EventArgs e)
        {
            String username = txtUsername.Text;
            String password = txtPassword.Text;
   SqlConnection SQLConn = new SqlConnection(@"Data Source=user-05911940da\sqlexpress;Initial Catalog=BDAS;Integrated Security=True");
            string selectString = "SELECT * FROM BDE WHERE username=@username AND password=@password";

            SqlCommand cmd = new SqlCommand(selectString, SQLConn);

            //Prevent SQL Injection.
            cmd.Parameters.AddWithValue("@username",username);
            cmd.Parameters.AddWithValue("@password",password);

             
            SQLConn.Open();
            SqlDataReader sdr = cmd.ExecuteReader();

            bool found=false;
            if(sdr.Read()) found=true;
            
            sdr.Close();
            SQLConn.Close();

            if (found)
            {
                // Session.Add("user1", password); // Why password?
                Session["user1"]=username;
                Response.Redirect("MainPage.aspx");
            }
            else
            {
                Response.Write("<script>alert('Invalid Username or Password!!!')</script>");
             }
             
        
        }
0

I have make changes to my coding. But, i got an error.

Server Error in '/webBDAS' Application.
--------------------------------------------------------------------------------

Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.

Source Error:


Line 44: cmd.Parameters.AddWithValue("@password", password);
Line 45:
Line 46: SQLConn.Open();
Line 47: SqlDataReader sdr = cmd.ExecuteReader();
Line 48:

i dont know where to fix the problem. could you help me?

here is my code:

public partial class Login : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void btnEnter_Click(object sender, EventArgs e)
        {
            String username = txtUsername.Text;
            String password = txtPassword.Text;

            if (rdoUser.SelectedItem.Value == "BDE")
            {
                    SqlConnection SQLConn = new SqlConnection(@"Data Source=sawapp501;Initial Catalog=BDAS;Integrated Security=True");
                    string selectString = "SELECT * FROM BDE WHERE username=@username AND password=@password";

                    SqlCommand cmd = new SqlCommand(selectString, SQLConn);

                    //Prevent SQL Injection.
                    cmd.Parameters.AddWithValue("@username", username);
                    cmd.Parameters.AddWithValue("@password", password);

                    SQLConn.Open();
                    SqlDataReader sdr = cmd.ExecuteReader();

                    bool found = false;
                    
                    if (sdr.Read()) found=true;

                    sdr.Close();
                    SQLConn.Close();

                    if (found)
                    {
                        Session["user1"] = username;
                        Response.Redirect("MainPage.aspx");
                    }

                    else
                    {
                        Response.Write("<script>alert('Invalid Username or Password!!!')</script>");
                        
                    }
            }
      }
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.