General information
Forum:
Microsoft SQL Server
sure can.
*************************************************************
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Security.Cryptography;
using System.Web.Security;
using System.Data.SqlClient;
namespace logonform
{
///
/// Summary description for WebForm1.
///
public class WebForm1 : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label lblUserName;
protected System.Web.UI.WebControls.Label lblPassword;
protected System.Web.UI.WebControls.TextBox txtUserName;
protected System.Web.UI.WebControls.TextBox txtPassword;
protected System.Web.UI.WebControls.Button btnRegister;
protected System.Web.UI.WebControls.Button btnLogon;
protected System.Web.UI.WebControls.Label lblMessage;
private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
///
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
///
private void InitializeComponent()
{
this.btnRegister.Click += new System.EventHandler(this.btnRegister_Click);
this.btnLogon.Click += new System.EventHandler(this.btnLogon_Click);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
private void btnRegister_Click(object sender, System.EventArgs e)
{
if(txtUserName.Text.Length==0)
{
lblMessage.Text="Please enter a user name";
return;
}
if(txtPassword.Text.Length==0)
{
lblMessage.Text="Please enter a password";
return;
}
try
{
StoreAccountDetails( txtUserName.Text, txtPassword.Text);
}
catch(Exception ex)
{
lblMessage.Text = ex.Message;
}
}
private void StoreAccountDetails( string userName,
string password)
{
// See "How To Use DPAPI (Machine Store) from ASP.NET" for information
// about securely storing connection strings.
SqlConnection conn = new SqlConnection( "Server=(local);" +"Integrated Security=SSPI;" +"database=UserAccounts");
SqlCommand cmd = new SqlCommand("RegisterUser", conn );
SqlParameter sqlParam = null;
sqlParam = cmd.Parameters.Add("@userName", SqlDbType.VarChar, 255);
sqlParam.Value = userName;
sqlParam = cmd.Parameters.Add("@password ", SqlDbType.VarChar, 40);
sqlParam.Value = password;
try
{
conn.Open();
cmd.ExecuteNonQuery();
}
catch( Exception ex )
{
// Code to check for primary key violation (duplicate account name)
// or other database errors omitted for clarity
throw new Exception("Exception adding account. " + ex.Message);
}
finally
{
conn.Close();
}
}
private bool VerifyPassword(string suppliedUserName,
string suppliedPassword )
{
bool passwordMatch = false;
// Get the salt and pwd from the database based on the user name.
// See "How To: Use DPAPI (Machine Store) from ASP.NET," "How To: Use DPAPI
// (User Store) from Enterprise Services," and "How To: Create a DPAPI
// Library" for more information about how to use DPAPI to securely store
// connection strings.
SqlConnection conn = new SqlConnection( "Server=(local);" + "Integrated Security=SSPI;" +"database=UserAccounts");
SqlParameter sqlParam = cmd.Parameters.Add("@userName",SqlDbType.VarChar, 255);
sqlParam.Value = suppliedUserName;
try
{
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
reader.Read(); // Advance to the one and only row
// Return output parameters from returned data stream
string dbPassword = reader.GetString(0);
reader.Close();
// Now take the salt and the password entered by the user
// and concatenate them together.
string password = String.Concat(suppliedPassword);
// Now hash them
// Now verify them.
passwordMatch = password.Equals(dbPassword);
}
catch (Exception ex)
{
throw new Exception("Execption verifying password. " + ex.Message);
}
finally
{
conn.Close();
}
return passwordMatch;
}
private void btnLogon_Click(object sender, System.EventArgs e)
{
bool passwordVerified = false;
if(txtUserName.Text.Length==0)
{
lblMessage.Text="Please enter a user name";
return;
}
if(txtPassword.Text.Length==0)
{
lblMessage.Text="Please enter a password";
return;
}
try
{
passwordVerified = VerifyPassword(txtUserName.Text,txtPassword.Text);
}
catch(Exception ex)
{
lblMessage.Text = ex.Message;
return;
}
if (passwordVerified == true )
{
// The user is authenticated
// At this point, an authentication ticket is normally created
// This can subsequently be used to generate a GenericPrincipal
// object for .NET authorization purposes
// For details, see "How To: Use Forms authentication with GenericPrincipal
// objects
lblMessage.Text = "Logon successful: User is authenticated";
}
else
{
lblMessage.Text = "Invalid username or password";
}
}
}
}
*************************************************************************
this is my coding.thanks to advice
Previous
Next
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only