Log In web Application using Asp.net,C#,MSSQL Server

- 09:35 - , , , ,
Bangalore: In web application development you have to provide a log in form,It will allow only authorized users to log in into your application,normally Asp.net provide Windows Authentication using (AD). But in application development we wont use this we will use form based authentication. using SQL server.
People familiar with programming they know how an authentication works,for those who are new let me tell it.It will verify in  database whether the username and password you are passing from the web page is correct or not. how it will work that we will explain in our code.
So what all the things we need to create this application Visual Studio 2010,MS Sql Server.
So first create an empty web application using your visual Studio, design a Log In page.provide fields to enter username and password and a submit button also.
Your log In page look like this, below I have provided the code for creating the above page.

Login.aspx page code.

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="login.aspx.cs" Inherits="login.login" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Login</title>
</head>
<body style="background-color:Gray">
    <form id="form1" runat="server" style="padding:150px 300px 100px 400px; ">
     <asp:ValidationSummary ID="validation" runat="server" HeaderText="" ShowMessageBox="true"
        ShowSummary="false" DisplayMode="BulletList" EnableClientScript="true"/>

     <fieldset  style="width:400px; height:200px; background-color:Lime; " >
        <legend style="background-color:Yellow;">Login</legend>
        <table align="center" style="padding:20px 0px 10px 0px; " >
            <tr>
                <td>UserName</td>
                <td><asp:TextBox ID="txtLogin" runat="server"></asp:TextBox>
                </td>
                <asp:RequiredFieldValidator ID="uname" runat="server" ControlToValidate="txtLogin" ErrorMessage="Please Fill Username" Display="None"></asp:RequiredFieldValidator>
                </tr>
            <tr>
                <td>Password</td>
                <td><asp:TextBox ID="txtPassword" runat="server" TextMode="Password"></asp:TextBox></td>
                <asp:RequiredFieldValidator ID="pwd" runat="server" ControlToValidate="txtPassword" ErrorMessage="Please Fill Password"  Display="None"></asp:RequiredFieldValidator>
            </tr>
            <tr>
            <td colspan=2 align="center" style="padding:0px 23px 0px 0px;">
                <asp:Button runat="server" ID="btnlogin" Text="Login" 
                    onclick="btnlogin_Click" /></td>
            </tr>
        </table>
    </fieldset>
    </form>
</body>
</html>

Now we need to write the action on button click.
In your code behind page you can see a button click event [if its no there double click on the button in your form]

On Button click we are calling a method named checklogin
 protected void btnlogin_Click(object sender, EventArgs e)
        {
            checklogin();
        }

In checklogin method First it assigning username and password into two variables. and calling getconnectionstring function it will return the connection string. Then it will check the state of connection and change it into open state. Then calling the Stored procedure from SQL db and passing username and password to db. Using Sql ExecuteReader it will return its results already declared SqlDataReader  variable.
If its true means its authorized user and if its false he is not authenticated user.

        public void checklogin()
        {
            string uname=txtLogin.Text;
            string password=txtPassword.Text;
            SqlDataReader dr;

            string constr = getconnectionstring();
            SqlConnection con = new SqlConnection(constr);

            if (con.State != ConnectionState.Open)
                con.Open();

            SqlCommand cmd=new SqlCommand("LoginCheck",con);
            cmd.CommandType=CommandType.StoredProcedure;

            cmd.Parameters.AddWithValue("@username", uname);
            cmd.Parameters["@username"].Direction = ParameterDirection.Input;

            cmd.Parameters.AddWithValue("@password", password);
            cmd.Parameters["@password"].Direction = ParameterDirection.Input;

            dr = cmd.ExecuteReader();
            if (dr.Read())
            {
                Response.Redirect("Home.aspx");
            }
            else
            {
                ScriptManager.RegisterStartupScript(this, GetType(), "showalert", "alert('Wrong Credentials');", true);
            }
       con.Close();

        }

        public string getconnectionstring()
        {
            string strg = ConfigurationManager.ConnectionStrings["constr"].ConnectionString;
            return strg;
        }
don't forget to declare your connection string in web.config file inside <configuration> tag after <system.web></system.web>

 <connectionStrings>
    <add name="constr" connectionString="Data Source=tonz-pc; Initial Catalog=search; Integrated Security=true;" providerName="System.Data.SqlClient"/>
  </connectionStrings>

0 comments:

Subscribe to: Post Comments (Atom)