Credentials are checked against the firstname and lastname columns of the Northwind.Employees table : Introduction « Authentication Authorization « ASP.NET Tutorial






  1. ASP.NET Tutorial
  2. Authentication Authorization
  3. Introduction
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" 
    Inherits="Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Please, log in</title>
</head>

<body>
    <div id="pageContent">
      <form id="Form1" runat="server">
        <table>
        <tr>
          <td><b>User ID</b></td>
          <td><asp:textbox runat="server" text="" id="userName" /></td></tr>
        <tr>
          <td><b>Password</b></td>
          <td><asp:textbox runat="server" text="" id="passWord" textmode="password" /></td></tr>
        </table>
        <asp:button ID="Button1" runat="server" text="Log In..." onclick="LogonUser" />
        <br />
          <asp:label runat="server" id="errorMsg" Font-Names="Verdana" Font-Size="Small" Font-Bold="True" ForeColor="Red"/>
      </form>
    </div>
</body>
</html>

File: Default.aspx.cs

using System;
using System.Data;
using System.Configuration;
using System.Web.Security;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;



public partial class Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        SetFocus("userName");
    }

    protected void LogonUser(object sender, EventArgs e)
    {
        string user = userName.Text;
        string pswd = passWord.Text;

        bool bAuthenticated = AuthenticateUser(user, pswd);
        if (bAuthenticated)
            FormsAuthentication.RedirectFromLoginPage(user, false);
        else
            errorMsg.Text = "Sorry, yours seems not to be a valid account.";
    }

    private bool AuthenticateUser(string username, string pswd)
    {
        string connString = ConfigurationManager.ConnectionStrings["NorthwindConnectionString"].ConnectionString;
        string cmdText = "SELECT COUNT(*) FROM employees WHERE firstname=@user AND lastname=@pswd";

        int found = 0;
        using (SqlConnection conn = new SqlConnection(connString))
        {
            SqlCommand cmd = new SqlCommand(cmdText, conn);
            cmd.Parameters.Add("@user", SqlDbType.NVarChar, 10).Value = username;
            cmd.Parameters.Add("@pswd", SqlDbType.NVarChar, 20).Value = pswd;
            conn.Open();
            found = (int)cmd.ExecuteScalar();
            conn.Close();
        }
        return (found > 0);
    }

}








21.1.Introduction
21.1.1.Configuring Authentication: Windows Authentication, .NET Passport Authentication, Forms Authentication
21.1.2.Credentials are checked against the firstname and lastname columns of the Northwind.Employees table
21.1.3.Credentials are checked against the users registered in the aspnetDB.mdf file in App_Data