NEWBIE ? about Form Authenticity

Discussion in 'ASP .Net Security' started by Rudy, Jan 9, 2005.

  1. Rudy

    Rudy Guest

    Hello all!

    I have a simple login page, but I get a "Object reference not set to an
    instance of an object" error. But I only get the error when I put in a user
    and a password from the user databse in SQL. When I put in a non-user name,
    my little error message comes up like it should, and it wors fine. Here is
    my code:

    Function ValidateUser(ByVal uid As String, ByVal passwd As String) As
    Boolean
    Dim cnn As SqlConnection
    Dim cmd As SqlCommand
    Dim dr As SqlDataReader
    Dim retVal As Boolean = False
    cnn = New SqlConnection("Server=localhost;" & _
    "DataBase=IMS;" & "Integrated Security=SSPI")
    cmd = New SqlCommand("Select * from users where uname = '" & uid &
    "'", cnn)
    cnn.Open()
    dr = cmd.ExecuteReader
    While (dr.Read())
    If StrComp(dr.Item("Pwd"), passwd, 1) = 0 Then
    retVal = True
    End If
    End While
    cnn.Close()
    ValidateUser = retVal

    End Function
    Private Sub btnSubmit_Click(ByVal sender As System.Object, ByVal e As
    System.EventArgs) Handles btnSubmit.Click
    Session("LogonID") = txtUser.Text
    Session("Password") = txtPswd.Text

    Dim strID As String
    Dim strPwd As String

    strID = txtUser.Text
    strPwd = txtPswd.Text

    If ValidateUser(strID, strPwd) Then
    """" If Session("LoginID").ToString = String.Empty Then""""
    Session("LoginID") = strID
    Session("Password") = strPwd

    FormsAuthentication.RedirectFromLoginPage(strID, False)

    End If
    Else
    lblError.Text = "Invalid Login User/Password."

    End If


    End Sub

    Private Sub Submit1_ServerClick(ByVal sender As System.Object, ByVal e
    As System.EventArgs) Handles Submit1.ServerClick
    Session("LogonID") = txtUser.Text
    Session("Password") = txtPswd.Text

    FormsAuthentication.RedirectFromLoginPage(txtUser.Text, False)

    End Sub
    End Class
    The error I'm getting is getting tagged at this line "If
    Session("LoginID").ToString = String.Empty Then" I put a few quoted around
    it in the code so it's easy to see.
    I know I'm doing something wrong, not sure what.

    Thanks for the help!!!

    Rudy
     
    Rudy, Jan 9, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Li Zhang
    Replies:
    4
    Views:
    6,086
    softip
    Feb 27, 2009
  2. Id0x
    Replies:
    4
    Views:
    1,198
    Erik Max Francis
    Jul 21, 2003
  3. JohnE

    newbie with newbie questions

    JohnE, Aug 17, 2009, in forum: ASP .Net
    Replies:
    3
    Views:
    510
    Gregory A. Beamer
    Aug 17, 2009
  4. Jerry C.
    Replies:
    8
    Views:
    247
    Uri Guttman
    Nov 23, 2003
  5. rob c
    Replies:
    4
    Views:
    335
    McKirahan
    Dec 30, 2005
Loading...

Share This Page