tags:

views:

309

answers:

3
+1  Q: 

Need help in login redirect using asp.net

Hello all, I have problem with Login page.If i dont enter the Username or password it should say that"please enter a Username or password" instead its going to destination page i mean without entering anything in Login field if i hit submit button its going to welcome page actually which should not happen.

Here is my code please somebody tell me where is my mistake:

public class Login
{
  public string str = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString.ToString();
    public int GetLogin(string UserName, string Password)
    {
      SqlConnection con = new SqlConnection(str);
      SqlDataAdapter da = new SqlDataAdapter("select * from Login where UserName='"+UserName+"' and Password='"+Password+"'",con);
 DataSet ds = new DataSet();
        da.Fill(ds);
        if (ds.Tables[0].Rows.Count > 0)
        {
            if ((ds.Tables[0].Rows[0].ItemArray[0].ToString() == UserName) && (ds.Tables[0].Rows[0].ItemArray[1].ToString() == Password))
            {
                return 1;
            }
            else
            {
                return 0;
            }
        }

        else
        {
            return -1;
        }
    }
Login.aspx.cs:
protected void BtnLogin_Click(object sender, EventArgs e)
    {
        Session["UserName"] = TxtUserName.Text;      

        Login lg = new Login();    

        if ((lg.GetLogin(TxtUserName.Text, TxtPassword.Text) == 1))
        {
            Response.Redirect("c1.aspx");

        }

        else if((TxtUserName.Text=="")&&(TxtPassword.Text==""))
        {
            Lbl1.Text = "Please Enter the UserName and Password";
        }

        else
        {

            Lbl1.Text = "Sorry,Invalid UserName or Password";
        }             

    }
+5  A: 

All of this functionality is already built in to ASP.NET.

Check out RequiredFieldValidator to validate your fields, or use Login Controls to handle all the form functionality for you.

Check out FormsAuthentication and Membership for user authentication.

Daniel Schaffer  2009-01-30 16:21:58
+4  A: 

I don't really know what the problem is, because it looks like it should work, but you have a huge SQL injection issue. Test this out on a test database but enter this for your UserName.

' and 1 = 1; drop table Login; --

May I suggest you look up SqlParameter and do a search for "SqlParameter SQL Injection Attack"

Nick Berardi  2009-01-30 16:24:25
+1  A: 

1.- the user and pass empty validations are after the db call so if you have a blank user with a blank password the login will succedd

2.- you are creating the sql query this is open to sql injection, please use parametrized queries.

Oscar Cabrero  2009-01-30 16:27:07
Thanks Mr.Cabrero your No.1 suggestion is right and its working fine now......
 2009-01-30 16:35:18
Yet it's the No.2 that's the real problem. *frowns worriedly*
Iain M Norman  2009-01-30 16:56:27

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?