Logins Made with ASP.NET | WebReference

Logins Made with ASP.NET

Logins Made with ASP.NET

Login forms can be seen just about everywhere on this vast Internet of ours, and they play a crucial role. The login form is the single most widely used method of identifying a user to retrieve specific data for them in dynamic applications. They are also one of the most common forms of application security. In a nutshell, a login works by taking data from a small form a user might fill out, then matching it with data inside a database. Then, if it matches, a small amount of data will be stored and carried from page to page with the basic information (such as who the user is and they are in fact logged in). The object of this article is to explore how a simple login system would be created using Asp.net with Vb.net.

Using Asp.net, variables can be moved from page to page in several different ways. Among the most common methods are query strings, cookies, hidden inputs, the view state (but this tends to flood your source code with “crud” if you choose to populate tables with data), and the Asp.net session state.

The Asp.net session is great for moving small amounts of data around your entire application for a certain length of time. However, it should be used with caution; if the session is storing vast amounts of data, it could put a considerable amount of stress on the server. The default length of a session is 20 minutes, though it can be tailored to fit your needs inside of the web.config or on the login page itself.

Now that we have the basic concept out of the way, let’s get down to business. A working sample of the code below can be found at: http://knights.europe.webmatrixhosting.net/sampleaps/login.aspx

Logins.mdb
The first thing you will need is an access database.



The image above shows how the table, members, is setup. There are two text fields named “name” and “password”. There is also an autonumber field, named “id”, set as the primary key.

Login.aspx

<%@ Page Language="VB" Debug="true" %>

The first thing to do is specify the page language, and to debug if you encounter errors. For security, it might be a good idea to change this attribute once you get the code up and running.

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OLEDB" %>

Next, we request system.data / system.data.oledb. This is done whenever you want to connect to an MS Access data base.

<script runat="server">
Sub SubmitBtn_Click(Sender As Object, E As EventArgs)

Here the script is to run at the server; then we have a sub set to run on submitbtn_click.

If txtmembername.text = "" and txtpassword.text ="" then
    lblname.visible = true  
    lblpass.visible = true  
  else if txtmembername.text = "" then  
    lblname.visible = true  
  else if txtpassword.text = "" then  
    lblpass.visible = true  
  else  

The if statements are used to make sure the user has values entered for both the name text box and the password text box before they click on the command button. This prevents an error. Here, the visible attribute is used so the error message won’t be in the markup unless they click the button without filling out the fields. This method is also used because the required field validater for asp.net will produce JavaScript without specifying a type attribute (thus the markup will no longer be clean).

  Dim DBConn as OleDbConnection  
Dim dtrResults as OleDBDataReader  
  Dim DSLogin as New DataSet  

We declare some of the variables we will be using.

DBConn = New OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;" _  
  & "DATA SOURCE=" _  
  & Server.MapPath("/logins.mdb;"))  

Here is the setup for our data base connection. You might need to change this path.

DBConn.Open()    
  Dim CmdStr As String  
  Dim DBSelect As New OleDbCommand    
CmdStr =("Select id from members Where name =” _    
& “@MemberName and password = @Password ")    
  DBSelect = new OleDbCommand(CmdStr, DBconn)    

Here, we open the data base connection. Then we fill a string with a select sql statement and declare a database command. Next, we set the database and select statement to the command.

DBSelect.Parameters.Add("@MemberName", OleDbType.VarChar, 255)
DBSelect.Parameters.Add("@Password", OleDbType.VarChar, 255)
DBSelect.Parameters("@MemberName").Value = txtMemberName.text
DBSelect.Parameters("@Password").Value = txtPassword.text
dtrResults = DBSelect.ExecuteReader()
if dtrResults.Read()

Now, we need to set some parameters for our command. From there, we match up our form fields with the fields being used for our database. Next, we run the select statement and if the data selected from the data base matches the fields that we set in the form, we can execute the following code:

session("memname") = txtmembername.text
session("memberID") = dtrResults("id")
Response.Redirect("/success.aspx")
 

Now, we need to set some session variables, “memname” and “memberid”, equal to the one entered in our form, and to the id we selected from the database for the matching name. After this, the user is sent on their way. If the user has entered a bad password, the following code will executed:

else        
  lblmessage.text = "Invalid user name or password"  

To let them know what they did wrong.

    end if    
  end if      
End Sub        
</script>        


Created: March 27, 2003
Revised: February 29, 2004

URL: http://webreference.com/programming/asp/quasi/1