stackoom
  简体   繁体   中英

About Login page that I created using asp.net and C#

 原文  2015-11-22 21:49:49       c#/ asp.net/ authentication/ webforms/ ado.net

Question

I created a website for my class project but I have difficulty of creating login. I insert my data to the database using parameter. I'm doing it in c# and my database in sql server.

first I create login procedure: 

 ALTER PROC [dbo].[uselogin]
    @userNickName nvarchar(50),
    @userPassword nchar(10)
  As 
    SELECT [userId]
      ,[userFirstName]
      ,[userLastName]
      ,[userNickName]
      ,[userPassword]
      ,[userStreetAddress]
      ,[userEmail]
  FROM [dbo].[User_T]
  WHERE userNickName=@userNickName AND userPassword=@userPassword

Then in the login page I create login textbox and login button Like this: 

  <asp:Label ID="Label3" runat="server" Text="Username: "></asp:Label> <asp:TextBox ID="txtuserName" runat="server" CssClass="form-control "></asp:TextBox> <asp:Label ID="Label4" runat="server" Text="Password: "></asp:Label> <asp:TextBox ID="txtPassword" runat="server" CssClass="form-control "></asp:TextBox> <asp:Button ID="btnLogIn" runat="server" Text="Log In " onClick="button_login_Click" CssClass="btn btn-primary btn-block" />

Code behind the aspx page 

protected void button_login_Click(object sender, EventArgs e)
    {
        string userName = txtuserName.Text;
        string userPassoword = txtPassword.Text;

        User user = new User(userName, userPassoword);
        cc.userLogin(user);
    }

Here is my C# code and all the classes I used: 

Class User{
string name;
string userName;
string usePass;
.........
.....
public User(string un, string pass)
{
 this.UserNickName = un;
 this. UserPass = pass;
}
 // create getter and setter to each one. 
 public UserNickName
  {
     get{return userName; } 
     set{ userName = value;}
  }
 // the same for all my getter and setter.

} here is another class called handler 

public handler{ // has object from DBManager.cs
DBManager db; 
public void userLogin(User u){ db.userLogin(u);}}

My last class is DBmanager 

public DBManager{
 // constructor has the database connection and my login method
  public void userLogin(User user)
    {

        SqlCommand cmd = new SqlCommand("uselogin",_conn);
        cmd.CommandType = CommandType.StoredProcedure;
        SqlParameter p1 = new SqlParameter("userNickName",     user.UserNickName);
        SqlParameter p2 = new SqlParameter("userPassword", user.UserPassword);
        cmd.Parameters.Add(p1);
        cmd.Parameters.Add(p2);
        _conn.Open();
        SqlDataReader rd = cmd.ExecuteReader();
        if (rd.HasRows)
        {
            rd.Read();

            HttpContext.Current.Response.Redirect("PublishingAnEvent.aspx", true);
        }
        else
        {
          //  Label5.Text = "do it agin";
            HttpContext.Current.Response.Redirect("RegestrationPage.aspx", true);
        }

}

I hope you give me the answer I did a lot of reading but I could not find anything.... Thanks to all of you.

1 answers

solution1
 0  2015-11-23 01:55:40

Without doing your homework for you, I do have the following insights:

  1. You should always use the "owner" as part of the stored procedure's name
  2. You should always use using blocks on anything that implements IDisposable (see my example shown below). This helps dispose of them easily and properly.
  3. Instead of instantiating the connection in the constructor, I chose my pattern of using a method to do so. The method would instantiate and open the SqlConnection object, and it would handle all errors.
  4. I changed the parameter creation to use a simpler method.
  5. I took out the rd.Read() line because it did not seem to serve a purpose.

example: 

    public DBManager
    {
        public void userLogin(User user)
        {
            using (SqlConnection _conn = GetConnection())
            {
                using (SqlCommand cmd = new SqlCommand("dbo.uselogin",_conn))
                {
                   cmd.CommandType = CommandType.StoredProcedure;
                   cmd.Parameters.AddWithValue("@userNickName", user.UserNickName);
                   cmd.Parameters.AddWithValue("@userPassword", user.UserPassword);
                   using (SqlDataReader rd = cmd.ExecuteReader())
                   {
                       if (rd.HasRows)
                       {
                           HttpContext.Current.Response.Redirect("PublishingAnEvent.aspx", true);
                       }
                       else
                       {
                           //. Label5.Text = "do it again";
                           HttpContext.Current.Response.Redirect("RegistrationPage.aspx", true);
                       }
                   }
               }
            }
        }
    }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Login page in asp.net and sql server using c# asp.net login page inherit attribute c# Login page error in asp.net c# ASP.NET c# MD5 Password Login page Need Help in ASP.Net C# login page custom user login with ASP.NET using SQL and C# Using c#/ASP.NET to programmatically fake a login to a website authenticating login level using sessions in asp.net c# login with admin and user using asp.net c# How to secure user login in ASP.NET using C#?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM