Information générale
Forum:
Microsoft SQL Server
sure can.
*************************************************************
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Security.Cryptography;
using System.Web.Security;
using System.Data.SqlClient;
namespace logonform
{
///
/// Summary description for WebForm1.
///
public class WebForm1 : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label lblUserName;
protected System.Web.UI.WebControls.Label lblPassword;
protected System.Web.UI.WebControls.TextBox txtUserName;
protected System.Web.UI.WebControls.TextBox txtPassword;
protected System.Web.UI.WebControls.Button btnRegister;
protected System.Web.UI.WebControls.Button btnLogon;
protected System.Web.UI.WebControls.Label lblMessage;
private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
///
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
///
private void InitializeComponent()
{
this.btnRegister.Click += new System.EventHandler(this.btnRegister_Click);
this.btnLogon.Click += new System.EventHandler(this.btnLogon_Click);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
private void btnRegister_Click(object sender, System.EventArgs e)
{
if(txtUserName.Text.Length==0)
{
lblMessage.Text="Please enter a user name";
return;
}
if(txtPassword.Text.Length==0)
{
lblMessage.Text="Please enter a password";
return;
}
try
{
StoreAccountDetails( txtUserName.Text, txtPassword.Text);
}
catch(Exception ex)
{
lblMessage.Text = ex.Message;
}
}
private void StoreAccountDetails( string userName,
string password)
{
// See "How To Use DPAPI (Machine Store) from ASP.NET" for information
// about securely storing connection strings.
SqlConnection conn = new SqlConnection( "Server=(local);" +"Integrated Security=SSPI;" +"database=UserAccounts");
SqlCommand cmd = new SqlCommand("RegisterUser", conn );
SqlParameter sqlParam = null;
sqlParam = cmd.Parameters.Add("@userName", SqlDbType.VarChar, 255);
sqlParam.Value = userName;
sqlParam = cmd.Parameters.Add("@password ", SqlDbType.VarChar, 40);
sqlParam.Value = password;
try
{
conn.Open();
cmd.ExecuteNonQuery();
}
catch( Exception ex )
{
// Code to check for primary key violation (duplicate account name)
// or other database errors omitted for clarity
throw new Exception("Exception adding account. " + ex.Message);
}
finally
{
conn.Close();
}
}
private bool VerifyPassword(string suppliedUserName,
string suppliedPassword )
{
bool passwordMatch = false;
// Get the salt and pwd from the database based on the user name.
// See "How To: Use DPAPI (Machine Store) from ASP.NET," "How To: Use DPAPI
// (User Store) from Enterprise Services," and "How To: Create a DPAPI
// Library" for more information about how to use DPAPI to securely store
// connection strings.
SqlConnection conn = new SqlConnection( "Server=(local);" + "Integrated Security=SSPI;" +"database=UserAccounts");
SqlParameter sqlParam = cmd.Parameters.Add("@userName",SqlDbType.VarChar, 255);
sqlParam.Value = suppliedUserName;
try
{
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
reader.Read(); // Advance to the one and only row
// Return output parameters from returned data stream
string dbPassword = reader.GetString(0);
reader.Close();
// Now take the salt and the password entered by the user
// and concatenate them together.
string password = String.Concat(suppliedPassword);
// Now hash them
// Now verify them.
passwordMatch = password.Equals(dbPassword);
}
catch (Exception ex)
{
throw new Exception("Execption verifying password. " + ex.Message);
}
finally
{
conn.Close();
}
return passwordMatch;
}
private void btnLogon_Click(object sender, System.EventArgs e)
{
bool passwordVerified = false;
if(txtUserName.Text.Length==0)
{
lblMessage.Text="Please enter a user name";
return;
}
if(txtPassword.Text.Length==0)
{
lblMessage.Text="Please enter a password";
return;
}
try
{
passwordVerified = VerifyPassword(txtUserName.Text,txtPassword.Text);
}
catch(Exception ex)
{
lblMessage.Text = ex.Message;
return;
}
if (passwordVerified == true )
{
// The user is authenticated
// At this point, an authentication ticket is normally created
// This can subsequently be used to generate a GenericPrincipal
// object for .NET authorization purposes
// For details, see "How To: Use Forms authentication with GenericPrincipal
// objects
lblMessage.Text = "Logon successful: User is authenticated";
}
else
{
lblMessage.Text = "Invalid username or password";
}
}
}
}
*************************************************************************
this is my coding.thanks to advice
Précédent
Suivant
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement