Loading ...

Login Page in ASP.NET

blogs

Create Login Page in ASP.NET

(6)
(34517)
0
/5
Avg: 0/5: (0 votes)

posted 3/10/2009  by Vijendra Shakya

Here we discuss login in ASP.NET,this is specially help to that user’s which is new in ASP.NET.Login is the basic thing for any application. In login we use the ADO.NET Object such as SqlConnection,SqlCommend and SqlParameter.
Suppose we have a table User and user table contains the column UserId, UserName, Password. We create a page with name Login.aspx and we design your login page in following way:

<table>
 <tr>
   <td colspan="2">
     <asp:Label ID="lblMessage" runat="server"></asp:Label>
   </td>
 </tr>
 <tr>
   <td>
     User Name:
   </td>
   <td>
      <asp:TextBox ID="txtName" runat="server"></asp:TextBox>
   </td>
 </tr>
 <tr>
   <td>
      Password:
   </td>
   <td>
      <asp:TextBox ID="txtPwd" runat="server" TextMode="Passowrd">
      </asp:TextBox>
  </td>
 </tr>
 <tr>
   <td colspan="2">
<asp:Button ID="btnLogin" runat="server" Text="Login" OnClick="btnLogin_OnClick" />
   </td>
 </tr>
 </table>

Write the Following code on the login button click event on the .cs side as follows:

protected void btnLogin_OnClick(object sender, EventArgs e)
 {
 SqlConnection con = new SqlConnection("Your Connection String");
 string commandText = "Select count(*) from user where userName='" 
            + txtName.Text + "'and password ='" + txtPwd.Text + "'";
 SqlCommand com = new SqlCommand(commandText, con);
 com.CommandType = CommandType.Text;
 con.Open();
 //ExecuteScalar execute the query and returns the first column of the 
 //first row in the result set
 int cnt = (int)com.ExecuteScalar();
 if (cnt > 0)
 {
 Response.Redirect("default.aspx");
 }
 else
 {
 lblMessage.Text = "<b>Your UserName or Password is not correct</b>";
 }
con.Close();
 }

 

asp.net Authentication c# login sesurity
Vijendra Shakya likes this.
 

Comments (6)

Shaitender
Shaitender Singh said:
Nice post !!!!!
3/10/2009
 · 
Comment
 
by
vivek_iit
Vivek Thakur said:
string commandText = "Select count(*) from user where userName='"+txtName.Text+"'and password ='"+txtPwd The above lines can lead to SQL Injection attacks, how can you avoid them?
3/10/2009
 · 
Comment
 
by
Vijjendra
Vijendra Shakya said:
I totally agree with you. To avoid SQL Injection you can pass the column Name instead of pass the textbox name after that add parameter. like: string commandText = "Select count(*) from dyve_user where userName=@UserName and password =@Password"; com.Parameters.AddWithValue("@UserName", txtName.Text); com.Parameters.AddWithValue("@Password", txtPwd.Text);
3/10/2009
 · 
Comment
 
by
rizwan
Anonymous User said:
Thanks......... i have three types of users so what is the procedure to redirect them on 3 different pages
4/12/2009
 · 
Comment
 
by
nm
Anonymous User said:
I have only one user so I dont want to use a database so how can i write a login page just using the if statement? what will the code be
4/27/2009
 · 
Comment
 
by
Vinay
Anonymous User said:
gud buddy... Its very helpfull to all.
5/26/2009
 · 
Comment
 
by
Add a new comment

Top posts

    Vijendra Shakya's latest blog posts

    Quick Vote

    What kind of email newsletter would you prefer to receive from CodeAsp.Net?