Home/ Questions/Q 8287521
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T12:04:24+00:00

I have login in my asp page req name/pass and button. I create the

  • 0

I have login in my asp page req name/pass and button.

I create the connecttion string to my database and SqlDataSource with the query well here in the SqlDataSource:

<asp:SqlDataSource ID="SqlDataSource1" runat="server" 
     ConnectionString="<%$ ConnectionStrings:CarRentalConnectionString %>" 
     SelectCommand="SELECT * FROM [Customers] WHERE (([UserName] = @UserName) AND ([PassWord] = @PassWord))">
     <SelectParameters>
        <asp:ControlParameter ControlID="uname" Name="UserName" PropertyName="Text" Type="String" />
        <asp:ControlParameter ControlID="pass" Name="PassWord" PropertyName="Text" Type="String" />
    </SelectParameters>
</asp:SqlDataSource>

My problem is I don’t know how to active/execute it and how do I get the data that is returned from the query?

I have a feeling am going at this the wrong way (hope am wrong)

Hope one of you can give me a tip or point me in the right direction 🙂

Thanks in advance

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Using SqlDataSource is inappropriate as you’re not simply retrieving data in a declaritive way. You’ll want to define user verification (not validation) logic procedurally.

    The usual approach follows. Note that you should hash your passwords rather than storing them in plaintext. Hash salting has been omited for brevity.

    public static Boolean Authenticate(String userName, String password) {

    using(SqlConnection c = new SqlConnection("myConnectionString")
    using(SqlCommand cmd = c.CreateCommand()) {
        c.Open();
        cmd.CommandText = "SELECT UserName, PasswordHash, OtherDataEtc FROM Users WHERE UserName = @userName";

        cmd.Parameters.Add("@userName", SqlDbType.Varchar, 50).Value = userEnteredUserName;

        using(SqlDataReader rdr = cmd.ExecuteReader()) {
            if( !rdr.Read() ) return false; // no matching user found

            Byte[] passwordHash = rdr.GetBytes( 1 );
            Byte[] hash = Hash( userEnteredPassword ); // Use at least SHA1
            return Array.Equals( passwordHash, hash );
        }
    }
}

// Usage in ASP.NET:

public override OnPageLoad(Object sender, EventArgs e) {
    if( IsPostBack ) {
        Validate();
        if( IsValid ) {
            Boolean auth = Authenticate( this.userName, this.password ); // member textbox controls
            if( auth ) {
                FormsAuthentication.SetAuthCookie( this.userName, true );
                FormsAuthentication.RedirectFromLoginPage("somewhere", true);
            } else {
                Response.Redirect("loginFailedPage");
            }
        }
    }
}
    • 0