G
gorden blom
Hello,
I'm working on a asp.net/C# project, but I haven't got a lot of
experience with programming with C# and the dotnet framework. I've
build a login screen at witch users can login. All goes fine until I
try to redirect the user to the protected pages. Can anyone help me?
The code is as followed:
using System;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Text;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Web.Security;
using Microsoft.ApplicationBlocks.Data;
public class login : System.Web.UI.UserControl {
public System.Web.UI.WebControls.TextBox txtUsername;
public System.Web.UI.WebControls.TextBox txtPassword;
public System.Web.UI.WebControls.Button btnLogin;
public System.Web.UI.WebControls.Label lblOutput;
#region Web Form Designer generated code
override protected void OnInit(EventArgs e) {
InitializeComponent();
base.OnInit(e);
}
private void InitializeComponent() {
this.btnLogin.Click += new
System.EventHandler(this.btnLogin_OnClick);
}
#endregion
public void btnLogin_OnClick(object sender, System.EventArgs e) {
lblOutput.Text = "";
SqlConnection sqlCon = new
SqlConnection(ConfigurationSettings.AppSettings.Get("DBconString"));
if(txtUsername.Text != ""){
if(txtPassword.Text != ""){
try {
sqlCon.Open ();
string strSql = ("select count (*) from login where
username = '"+ txtUsername.Text +"' and password = '" +
txtPassword.Text +"'") ;
SqlCommand command = new SqlCommand(strSql, sqlCon);
int count = (int) command.ExecuteScalar ();
if (count > 0) {
string strSqlGetRole = ("select role from login
where username = '"+ txtUsername.Text +"' and password = '" +
txtPassword.Text +"'");
SqlCommand commandGetRole = new
SqlCommand(strSqlGetRole, sqlCon);
string strRole = (string)
commandGetRole.ExecuteScalar();
FormsAuthentication.SetAuthCookie
(txtUsername.Text, true);
Response.Redirect("ProtectedPage.aspx");
}
else {
lblOutput.Text = "login failed!!";
}
}
catch (SqlException ex) {
Console.WriteLine("Error: {0}", ex.Errors[0].Message);
}
finally {
sqlCon.Close ();
}
}
else {
lblOutput.Text = "Enter Password";
}
}
else {
lblOutput.Text = "Enter Username";
}
}
}
The web.config file is like this:
<configuration>
<appSettings>
<add key="DBconString" value="server='(local)';
trusted_connection=true; database='ATD_db'"/>
</appSettings>
<system.web>
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="logincontrol.aspx"
protection="None" timeout="30" path="\"></forms>
</authentication>
<authorization>
<deny users="?"></deny>
</authorization>
</system.web>
</configuration>
Can anyone help me?
I'm working on a asp.net/C# project, but I haven't got a lot of
experience with programming with C# and the dotnet framework. I've
build a login screen at witch users can login. All goes fine until I
try to redirect the user to the protected pages. Can anyone help me?
The code is as followed:
using System;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Text;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Web.Security;
using Microsoft.ApplicationBlocks.Data;
public class login : System.Web.UI.UserControl {
public System.Web.UI.WebControls.TextBox txtUsername;
public System.Web.UI.WebControls.TextBox txtPassword;
public System.Web.UI.WebControls.Button btnLogin;
public System.Web.UI.WebControls.Label lblOutput;
#region Web Form Designer generated code
override protected void OnInit(EventArgs e) {
InitializeComponent();
base.OnInit(e);
}
private void InitializeComponent() {
this.btnLogin.Click += new
System.EventHandler(this.btnLogin_OnClick);
}
#endregion
public void btnLogin_OnClick(object sender, System.EventArgs e) {
lblOutput.Text = "";
SqlConnection sqlCon = new
SqlConnection(ConfigurationSettings.AppSettings.Get("DBconString"));
if(txtUsername.Text != ""){
if(txtPassword.Text != ""){
try {
sqlCon.Open ();
string strSql = ("select count (*) from login where
username = '"+ txtUsername.Text +"' and password = '" +
txtPassword.Text +"'") ;
SqlCommand command = new SqlCommand(strSql, sqlCon);
int count = (int) command.ExecuteScalar ();
if (count > 0) {
string strSqlGetRole = ("select role from login
where username = '"+ txtUsername.Text +"' and password = '" +
txtPassword.Text +"'");
SqlCommand commandGetRole = new
SqlCommand(strSqlGetRole, sqlCon);
string strRole = (string)
commandGetRole.ExecuteScalar();
FormsAuthentication.SetAuthCookie
(txtUsername.Text, true);
Response.Redirect("ProtectedPage.aspx");
}
else {
lblOutput.Text = "login failed!!";
}
}
catch (SqlException ex) {
Console.WriteLine("Error: {0}", ex.Errors[0].Message);
}
finally {
sqlCon.Close ();
}
}
else {
lblOutput.Text = "Enter Password";
}
}
else {
lblOutput.Text = "Enter Username";
}
}
}
The web.config file is like this:
<configuration>
<appSettings>
<add key="DBconString" value="server='(local)';
trusted_connection=true; database='ATD_db'"/>
</appSettings>
<system.web>
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="logincontrol.aspx"
protection="None" timeout="30" path="\"></forms>
</authentication>
<authorization>
<deny users="?"></deny>
</authorization>
</system.web>
</configuration>
Can anyone help me?