Hi, im facing some problem when i have to verify user at my login function. Im using Visual Web Developer with vb programming and MS SQL Server 2000 as my database.
Basically my login form have few textbox for user to input the id and password, 1 radiolist for user to select its identity and 1 button to login.

User have to select the identity from the radiolist, then radiolist will point to different table to verify user based on the selection. Seems like i having problem at verify user. No matter the password is correct or not the user still able to login. Anyone please give me some advice~ thanks alot!

Imports System.Data.SqlClient
Imports System.Data
Partial Class _Default
Inherits System.Web.UI.Page
Protected WithEvents rblSubject As RadioButtonList
Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click
Dim setting As ConnectionStringSettings
setting = System.Configuration.ConfigurationManager.ConnectionStrings("MyConnection")
Dim connectionString As String = setting.ConnectionString
Dim objConn As New SqlConnection(connectionString)
Dim comm As New SqlClient.SqlCommand
Dim Users As SqlClient.SqlDataReader
Dim mySql As String
Dim ds As DataSet = New DataSet()
Dim dv As DataView = New DataView()
Try
objConn.Open()
Users = comm.ExecuteReader(Data.CommandBehavior.CloseConnection)
Catch ex As Exception
Me.Label2.Text = "Errors while attempting to connect to the system database"
Exit Sub
End Try

While Users.Read
Select Case RadioButtonList1.SelectedIndex
Case 0
'Select the Student Table from database
mySql = "SELECT * FROM Student"
If String.Compare(Users("Stud_ID").ToString, Me.txtID.Text.ToString) = 0 Then
' user id is found
' Compare Password
If String.Compare(Users("Password").ToString, Me.txtPassword.Text) <> 0 Then
Me.Label2.Text = "Invalid password"
Users.Close()
Exit Sub
Else ' Valid user name and password
Session.Add("StudID", Users("Stud_ID").ToString)
Users.Close()
Response.Redirect("Student_Main.aspx")
Exit Sub
End If
End If
' txtID.Text = "You selected: " & rbList1.SelectedItem.Text
Case 1
'Select the Lecturer Table from database
mySql = "SELECT * FROM Lecturer"
If String.Compare(Users("Lec_ID").ToString, Me.txtID.Text.ToString) = 0 Then
' user id is found
' Compare Password
If String.Compare(Users("Password").ToString, Me.txtPassword.Text) <> 0 Then
Me.Label2.Text = "Invalid password"
Users.Close()
Exit Sub
Else ' Valid user name and password
Session.Add("LecID", Users("Lec_ID").ToString)
Users.Close()
Response.Redirect("Lecturer_Main.aspx")
Exit Sub
End If
End If
End Select
End While
End Sub
End Class

I dont know Visual Web Developer but if you are using .net 2 framework then everything is built in for you. Use the membership class. Even if you dont use it and roll your own you should have one table for logins and passwords and then the users have roles (one is lecturer and one is student) so get the roles for the user.
This is the same for membership class. it is very straightforward to use if you read up on it. VS2005 has controls to use too so you need 1 line of html to login a user.

The above code is adequate for window application but when it is web application the code is not sufficient , please implement the proper “ FORM authentication “ mechanism which further includes web.config configurations with authentication, authorization tags

This article has been dead for over six months. Start a new discussion instead.