stackoom
  简体   繁体   中英

How to make a simple login page?

 原文  2012-03-01 20:04:43       c#/ asp.net/ sql

Question

I want to make a simple login page, without register just a username and a password I used in the SQL database. this is what I wrote now for button1: 

string connection_string = "Path to database";
SqlConnection connect = new SqlConnection();
connect.ConnectionString = connection_string;
connect.Open();
string sql = "Select * FROM Register where username=@username and password=@password";
SqlCommand 1 = new SqlCommand("username",textbox1User.text);
SqlCommand 2 = new SqlCommand("password",textbox2pass.text);

That's what I have now. I need to do the rest of login page and if values are ok then I will be redirected on a page. but I also need to know how can I protect the page for not being allowed to access it by other users just by typing the url to file. So it should work only If I login.

2 answers

solution1
 6 ACCPTED  2012-03-01 20:18:31

First, I must congratulate you on wanting to use parameters for your SQL. A lot of beginners do not do this, leading to horrible SQL Injection attacks.

Second, you really should be hashing your passwords. Never ever store plain text passwords. Since how exactly to hash passwords is a matter of much debate and would complicate the code, I'll set this aside for now.

Now, moving on to the actual question. First, there's a few mistakes in the code. First is the parameters are being created wrong, what you have should be more along the lines of this: 

using(SqlConnection conn = new SqlConnection("connection string"))
{
    SqlCommand cmd = new SqlCommand("Select * FROM Register where username=@username and password=@password", conn);
    cmd.Parameters.AddWithValue("@username", textbox1User.Text);
    cmd.Parameters.AddWithValue("@password", textbox2User.Text);
}

(see http://msdn.microsoft.com/en-us/library/yh598w02.aspx for more about using. It's a good habit to get into)

With that done, to easily validate the login, you can do something like this for your SqlCommand: 

SELECT COUNT(*) FROM Register WHERE username=@username AND password=@password

And then add this to your code, after adding the parameters, but before the closing brace on the using : 

conn.Open();    
int result = Convert.ToInt32(cmd.ExecuteScalar());

result will be 0 if no user was found, or 1 if exactly one user was found (If you can have multiple users with the same user name, there are other issues outside of this scope).

Now, as for enforcing access control take a look at http://support.microsoft.com/kb/301240 The terms you are interested in for this is "Forms Authentication" and "web.config authorization". Please note that the code samples in the link provided are a bit outdated, but, in general, show how to accomplish what you are asking.

That should get you started down the right track.

solution2
 -1  2012-03-01 20:22:04

You can also use HTACCESS to control your contents and password protect it. That is the simplest way since you do not need to worry about SQL and storing passwords.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to stop the execution and make a redirect to the login page How to use session to make a login page How to make a simple login form using FormsAuthentication and MySQL? How to make the Identity Login Page the startup page in dotnetcore 2.1 How to make a login page with two Azure Active Directories in the back? how to make a secure login page with hash crypt ,compare? How to make Login page as a default route in ASP .NET Core 2.1? ASP.Net simple login page simple asp.net login page How to make these simple?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM