views:

259

answers:

1

i did my coding in console and used a system.console. write line in almost every if/else statement so as to display an error message if wrong values are entered of to say if what goes wrong. how ever am trying to apply the same analogy in web forms such that should there be a user error while running the conditions, an error message may be displayed to the user on the screen.

How do i go about displaying the errors?i know of item validations but cant apply that using if and else. however if i use try catch, i dont know which code displays the error message to user. but i know for sure i cant use SC.writelines.

a sample of my code is below.please advice.. protected void Login1_Authenticate(object sender, AuthenticateEventArgs e) { string strConn; string userType;

        strConn = "Provider=MIcrosoft.Jet.OLEDB.4.0;data Source=" +
            Server.MapPath("App_Data/test.mdb");

        OleDbConnection mDB = new OleDbConnection(strConn);

        mDB.Open();

        userClass aUser = new userClass();

        if (aUser.verifyUser(mDB, Login1.UserName, Login1.Password))
        {
            userType = aUser.getUserDesc();

            if (userType.ToLower() == "customer")
            {
                Response.Redirect("StaffMenu.aspx");
            }
            else if (userType.ToLower() == "front desk")
            {
                Response.Redirect("StaffMenu.aspx");
            }
            else if (userType.ToLower() == "technician")
            {
                Response.Redirect("StaffMenu.aspx");
            }
            else if (userType.ToLower() == "admin")
            {
                Response.Redirect("StaffMenu.aspx");
            }
        }
        else
        {
            e.Authenticated = false;
        }
        mDB.Close();

when the program moves to the User class to run the verify method, it does so by running the following bock of code..

public bool verifyUser(OleDbConnection mDB, string userIDStr, string userPwrdStr) { string sqlQuery; OleDbCommand cmd; OleDbDataReader rdr;

        //SC.Write("\n*******User Login********\nEnter User ID:");

        //userIDStr = userIDInt.ToString();

        //SC.Write("\nEnter User Password:");            
        //userPwrdStr = userPwrdStr;

        sqlQuery = "SELECT UserID, UserPassword, UserDescription FROM UserTable WHERE UserID = " +
            toSql(userIDStr);
        cmd = new OleDbCommand(sqlQuery,mDB);

        //Boolean valid = false;
        //Boolean HasRows = false;
        try
        {
            rdr = cmd.ExecuteReader();

            if (rdr.HasRows)
            {
                while (rdr.Read())
                    if (userIDStr == (string)rdr["UserID"])
                    {

                        if (userPwrdStr == (string)rdr["UserPassword"])
                        {
                            userDescStr = (string)rdr["UserDescription"];
                            if (userDescStr.ToLower() == "admin")
                            {
                                //SC.WriteLine("Welcome to Admin Main Menu");
                                return true;
                            }
                            else if (userDescStr.ToLower() == "front desk")
                            {
                                //SC.WriteLine("Welcome to Front Desk Staff Main Menu");
                                return true;
                            }
                            else if (userDescStr.ToLower() == "technician")
                            {
                                //SC.WriteLine("Welcome to Technical Staff Main menu");
                                return true;
                            }
                            else if (userDescStr.ToLower() == "customer")
                            {
                                //SC.WriteLine("Sorry, Customers are not allowed access to the Administrative page");
                                return true;
                            }

                        }
                        else
                        {

                            //SC.WriteLine("\nInvalid User Password, Please try again");
                            //verifyUser(mDB);

                        }
                    }
                    else
                    {
                        //SC.WriteLine("Invalid User ID, Please try again");
                        //verifyUser(mDB);
                    }


                //HasRows = true;
            }
            rdr.Close();
        }
        catch (Exception ex)
        {
            SC.WriteLine(ex.Message);
        }

        return false;



   }//=================================end verify User()

how ever if the wrong username or password is entered, how can i display an error message to the user as to which of the controls is receiving the wrong value...

am hoping to use this code to replace my SC.writelines that displays messages to the user....

+1  A: 

You would probably build up a list of errors in a string and assign them to a label on the form, or potentially a ul tag.

I'd also recommend not differentiating whether or not a username or the password is invalid. If they don't manage to login, you should just display a 'Could not log in' message. If they get a correct username and an incorrect password, then using your method, I would know that I had guessed a correct username and could hammer away at passwords for that.


In addition, have you looked at the built in ASP.net login controls and the membership providers? They take care of a lot of this for you, or you can roll your own that integrates with the supplied controls.

Paddy
Thanks ...id take not of the advice
Selase