Lets explore a login system that uses data stored in a database table.
All we’re going to do is create a database with 1 table. In this table, we’re going to store user information that we’ll use for authentication. The only downside to this is that if anyone knows the URL to the protected page, they can easily browse to it and bypass the login protection. This is not an issue in a Windows Forms environment.
So, first thing’s first; lets create our database and populate it.
In Visual Studio, open the Server Explorer and select the “Connect to Database” button from the top row of buttons. Enter your SQL Server’s name and type Users as the database name. We’re going to use Windows Authentication.
Once the database has been created, add a table called Admins with the following columns:
Column Name – Data Type – Allow Nulls
AdminID – int – No
AdminName – varchar(10) – No
AdminPass – varchar(10) – No
Select the AdminID column and set it as “Identity Specification” on the bottom half of the screen. Save the table and close it. Right-click on the table in Server Explorer and select “Show Table Data”. Enter a username and password for yourself so you can test the login system.
On your site’s Default.aspx page, add 3 labels, 2 textboxes, and a button. Your code should look like this:
<asp:Label runat=”server” id=”lblName” text=”Username:”></asp:Label><br />
<asp:TextBox runat=”server” id=”txtName”></asp:TextBox><br />
<asp:Label runat=”server” id=”lblPass” text=”Password:”></asp:Label><br />
<asp:TextBox runat=”server” id=”txtPass” textmode=”password”></asp:TextBox><br />
<asp:Label runat=”server” id=”lblError” text=””></asp:Label>
<asp:Button runat=”server” id=”btnSignIn” text=”Sign In” />
Once you’ve done this, open the code file (Default.aspx.vb by default) and add the following code into the click event handler for btnSignIn:
Dim connection As New SqlConnection(“Data Source=.\SQLEXPRESS;” & _
“Initial Catalog=Users;” & _
Dim sql As String = “SELECT [AdminName], [AdminPass] FROM Admins “ + _
“WHERE [AdminName] = @AName AND [AdminPass] = @APass”
Dim command As New SqlCommand(sql, connection)
Dim reader As SqlClient.SqlDataReader
reader = command.ExecuteReader()
If reader.HasRows() Then
If reader.Item(“AdminName”).ToString.ToLower() = txtName.Text And reader.Item(“AdminPass”).ToString.ToLower() = txtPass.Text Then
lblError.Text = “Incorrect username and/or password.”
lblError.ForeColor = Drawing.Color.Red
txtName.Text = “”
txtPass.Text = “”
If Not reader Is Nothing Then reader.Close()
Now, what we have here is a DataReader that reads data in the table we specify in our SQL Command (as you can see by the command.ExecuteReader() statement) and we’re comparing what the DataReader reads to what the user has input. If the user’s input matches what’s in the database, we redirect to the protected page. If the user input doesn’t match, we’re setting the 3rd label’s text property to tell the user that they need to try to log in again.
One thing we’re also doing is making sure the user input is matched 100% (including case-sensitivity) with the data in the table.
So that’s it for this entry. I hope you enjoyed it and that it helped you.
If you happen to know how to include a way of stopping users browsing directly to the protected page (by means of a cookie or something), post a comment and let us all know.