How to validate for existing account on login click

Question

I currently have a login form and clicking the login button invokes the following method:

protected void btnLogin_Click(object sender, EventArgs e)
    {
        AccountBLL accBLL = new AccountBLL();

        string username = tbUsername.Text;
        string password = accBLL.getAccount(username).Password;

        if (tbPassword.Text == password)
        {
            // Authenticate user
            string role = accBLL.getAccount(username).Role;

            // Create Form Authentication Ticket
            FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddMinutes(60), false, role);

            // Encrypt the ticket
            string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

            // Create cookie
            HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

            // Add cookie to outgoing cookie collection
            Response.Cookies.Add(authCookie);

            // Redirect to the URL
            if (role == "admin")
                Response.Redirect("AdminHome.aspx");
            else if (role == "user")
                Response.Redirect("UserHome.aspx");
            else
                lblMsg.Text = "Invalid login!";
        }
        else
        {
            lblMsg.Text = "Invalid password.";
        }

        //string accountID = (Session["AccountID"]).ToString();
    }

However, if the account doesn't exist/is not created yet I will get a null pointer error on string password = accBLL.getAccount(username).Password; because the username passed in to to the getAccount() method doesn't exist. So my question is, how should I edit the code to implement some sort of validation, should the event that the userid passed in to retrieve the password is non existent, an error message would be displayed to the user instead?

Answer 1

Well, you've said it yourself that the method getAccount returns null when the provided username does not exist. If I were you I would check if accBLL.getAccount(username) returns a null. If it does, I would not execute the rest of the code and instead display a label with a message to the user that the enterd username does not exist.

First check if the username exists, and if it does, then check if the password is correct.

I hope this helps.

Answer 2

Change these lines

 
 
 
 
  
  
  string password = accBLL.getAccount(username).Password; if (tbPassword.Text == password)
 
 
  

to this.

var account == accBLL.getAccount(username);
if (account != null && tbPassword.Text == account.Password)

Answer 3

in your GetAccount method compare for null like fill dt and compare dt

if (dt.rows.count==0)
{
return null;
}

this will return null value if account is not created yet. and then your login button click event will look like this.

 protected void btnLogin_Click(object sender, EventArgs e)
        {
            AccountBLL accBLL = new AccountBLL();

            string username = tbUsername.Text;
            string password = accBLL.getAccount(username).Password;
            if(password != null)
    {
            if (tbPassword.Text == password)
            {
                // Authenticate user
                string role = accBLL.getAccount(username).Role;

                // Create Form Authentication Ticket
              ..... your remaining code including else

    }
    else 
    {
    lblMsg.Text = "Account Doesnt Exist";
    }