ASP.NET Login in n-tier architecture
Question
I'm trying to implement login functionality in ASP.NET C# based on n-tier architecture.
Data access:
public int userlogin(string user, string passw)//checking the user name and password
{
SqlConnection con = new SqlConnection();
con.ConnectionString = GetConnectionString();
con.Open();
int id = 0;
string selectstr = "SELECT NurseName, password FROM Nurse2 WHERE NurseName = '" + user.Trim() + "' AND Password = '" + passw.Trim() + "'";
SqlCommand cmd = new SqlCommand();
cmd.CommandText = selectstr;
cmd.CommandType = System.Data.CommandType.Text;
cmd.Connection = con;
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
id++;
}
cmd = null;
reader.Close();
con.Close();
return id;
}
Presentation layer .cs file
protected void Button1_Click(object sender, EventArgs e)
{
string name = TextBox1.Text;
string password = TextBox2.Text;
int id = da.userlogin(name, password);
if (id > 0)
{
Session["userName"] = name;
Response.Redirect("SubscribePage.aspx");
}
else
{
Label1.Text = "invalid";
}
Now, my issue is when I press button the program simply goes to else clause, even though I enter correct data. What could be possibly not OK here as to me it all seems fine.
2 answers
solution1
0 2015-03-19 09:37:03
I don't think you need to do that nowadays. ASP.NET has built-in authentication. Just check this out https://msdn.microsoft.com/en-us/library/xdt4thhy(v=vs.140).aspx .
solution2
-1 2015-03-19 09:25:32
The N-Tier architecture helps separate your code, as it is your code is jumping a layer and does not fully utilizing the business logic layer. Here is a helpful image;
I would also add an additional class to store your users login details, I'm guessing you will have more information along with the nurse name to store - You can store the instance of this class in your session data and cast it out when needed;
public class User
{
public string Name { get; set; }
/* Some other attributes - not your password though! */
}
--
Presentation;
protected void Button1_Click(object sender, EventArgs e)
{
try
{
Session["User"] = BLL.userLogin(TextBox1.Text, TextBox2.Text);
Response.Redirect("SubscribePage.aspx"); /* If it reaches here, everything is okay */
}
catch (Exception ex)
{
Label1.Text = ex.Message;
}
}
Business Layer;
public static User userLogin(string username, string password)
{
User U = DAL.userLogin(username, password);
if (string.IsNullOrEmpty(U.Name))
throw new Exception("Incorrect login details");
return U;
}
Data Access Layer;
public static User userLogin(string username, string password)
{
using (SqlConnection con = new SqlConnection(GetConnectionString())
{
User U = new User();
SqlCommand cmd = new SqlCommand(@"SELECT NurseName, password
FROM Nurse2
WHERE NurseName = @user AND password = @pw", con);
cmd.Parameters.Add(new SqlParameter("@user", username));
cmd.Parameters.Add(new SqlParameter("@pw", password));
try
{
con.Open();
}
catch (Exception ex)
{
throw new Exception("connetion problem", ex);
}
try
{
using (SqlDataReader rdr = cmd.ExecuteReader())
{
while (rdr.Read())
{
U = rdr["NurseName"];
}
}
}
catch (Exception ex)
{
throw new Exception("problem with query", ex);
}
finally
{
con.Close(); /* Clean up regardless of the outcome */
con.Dispose();
}
return U;
}
}
Have a read up more into the N-Tier architecture, and try-catch statements. Hope it helps. I would also improve your naming conventions for your controls, to make life easier (ie Label1 -> lblError)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.