Problem in Retriveing Data from Database for Authentecation

[Guest]

Hi EveryBody:

I made web site using asp.net 2.0 Vb.Net. The project depends on database in
the local machine. The web site has
• Create User Wizard and
• Login form
When the user is created the username and password saved in the database.
And the code is as follows:

Protected Sub CreateUserWizard1_CreatedUser(ByVal sender As Object, ByVal e
As System.EventArgs) Handles CreateUserWizard1.CreatedUser
Dim husam As String = CreateUserWizard1.UserName
Dim password As String = CreateUserWizard1.Password
Dim cmd As SqlCommand
Dim connectionString As String = "Integrated Security=SSPI;" +
"Initial Catalog=Husam;" + "Data Source=localhost;"
Dim connection As New SqlConnection(connectionString)
Dim sql As String
Try
connection.Open()
sql = "INSERT INTO husam_Tab(user_Name,user_Password)" +
"Values('" & husam & "','" & password & "')"
cmd = New SqlCommand(sql, connection)
cmd.ExecuteNonQuery()
connection.Close()
Catch ex As Exception
End Try
End Sub

But I face problem when I retrieve the username and password from the
database to perform the authentication in the login form. The login form
retrieves the data saved in the App_Data File in the solution not from the
database.

The code for retrieving data from database as follows:

Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As
System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate
Dim husam As String = Login1.UserName
Dim password As String = Login1.Password
Dim cmd As SqlCommand
Dim connectionString As String = "Integrated Security=SSPI;" +
"Initial Catalog=Husam;" + "Data Source=localhost;"
Dim connection As New SqlConnection(connectionString)
Dim sql As String
Dim rawan As New List(Of String)
Dim rawan1 As New List(Of String)
Try
connection.Open()
sql = "SELECT user_Name,user_Password FROM husam_Tab"
cmd = New SqlCommand(sql, connection)
cmd.ExecuteNonQuery()
Dim myReader As SqlDataReader = cmd.ExecuteReader()
While (myReader.Read())
rawan.Add(myReader.GetString(0))
rawan1.Add(myReader.GetString(1))
End While
myReader.Close()
connection.Close()
If rawan.Contains(husam) Then
If rawan1.Contains(password) Then
'Login1.DestinationPageUrl = ""
Else
Login1.FailureText = "Your password is not correct"
Login1.FailureAction = LoginFailureAction.Refresh
End If
Else
MsgBox("Your user name is not correct")
End If
Catch ex As Exception
End Try
End Sub

So any help or redirection to make the authentication from the database not
from the App_Data will be appreciated.

Regard’s

Husam

 

[Cowboy \(Gregory A. Beamer\)]

From your code, it appears you are using custom code with the ASP.NET bits.
If so, you should create a custom provider and use the model supplied for
you by Microsoft. Either that or you should create all of your own controls,
as a half-baked solution is often worse than a badly desinged solution.

The .NET bits will handle all insert, update, delete and even authentication
and do it through very simple code. If you are circumventing the way the
provider works (as you are), you are half building the solution, as you are
removing the best bits.

The custom provider model allows you to alter the schema, database type and
even the methodology (to an extent) without changing the way it works. THis
means you can show somebody the plethora of material on the web and they can
use your model. When you circumvent all of the methods, as you have done,
you are on your own.

To get to the database, you probably just have to change your connection
string in the web.config file. But, I would seriously consider creating a
custom provider so you do not have to circumvent methods.

NOTE: When you circumvent methods, you generally have to send a false back
out for the authenticated boolean value. If not, the provider will still do
a normal authenticate, as it assumes everything checks out for it to do its
job. Read the documentation on all of the methods you are circumventing,
otehrwise, all of your work might be for naught.