I’m trying to setup code to check the username and password with values in the database and the user’s role as either (agent user, marketer, or admin) and load the Page\USMap.aspx page accordingly. The website performs a search for insurance plans based off state and zip. Admin users will have access to an admin page to create new users and allow users access to certain states for the search and that is it.
Problem: I need the code-behind for the login page. I want to clean up the code from the old site, take out any references to appBase, make the code work with the new site and old database, and take out references to creating any temp tables out but I’m not sure what all this mess of code does and I’m not too familiar with authentication. I believe the old site used IIS Active Directory Authentication? How do I Set that up for the new site. For the new site, I’m just working off a C# template for a web application. Is there anything better I should use? I don’t see where the code actually checks and vaildates the username and password in the database….
Additional info: Error Received: The type or namespace name ‘name’ does not exist in the namespace ‘namespace’ (are you missing an assembly reference?) for BaseLogin when I put AppBase.BaseLogin in the new project. What else do i need to add to make this work?
Here’s the code from the old site that needs to be cleaned up:
public partial class SignIn : System.Web.UI.UserControl
{
private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
string userName;
string passWord;
userName = Request.QueryString["u"];
passWord = Request.QueryString["p"];
if (userName!=null && passWord!=null)
{
Login(DecryString(userName.Trim()),DecryString(passWord.Trim()));
return;
}
string ls_redirectpage="";
int iCondition=0;
if (userName!=null)
{
iCondition = userName.LastIndexOf("\\");
userName = userName.Substring(iCondition+1,userName.Length-iCondition-1);
}
if (userName!="" && userName!=null)
{
//show check the database
AppBase.BaseLogin lg = new AppBase.BaseLogin();
if (lg.SignIn(userName,passWord))
{
lg = null;
ls_redirectpage = System.Configuration.ConfigurationManager.AppSettings.Get("RedirectPage");
if ((ls_redirectpage==null) || (ls_redirectpage==""))
{
msg.Text = "Please setup 'RedirectPage' in the web.config.";
}
else
{
System.Web.HttpContext.Current.Response.Redirect(ls_redirectpage);
}
}
lg = null;
}
}
private void Button1_Click(object sender, System.EventArgs e)
{
}
private void login()
{
bool lb_ok = false;
string ls_username,ls_password, ls_sql;
string ls_redirectpage="";
int li_rows=0;
ls_username = username.Text;
ls_password = password.Text;
ls_username = ls_username.Trim();
ls_password = ls_password.Trim();
ls_sql = "ssp_sign_in_web_common";
System.Data.DataTable dt ;
AppBase.BaseDbCommon dc = new AppBase.BaseDbCommon();
System.Collections.ArrayList ao_parm = new System.Collections.ArrayList (2);
ao_parm.Add (dc.MakeOleInParm("as_username",System.Data.SqlDbType.VarChar,ls_username));
ao_parm.Add (dc.MakeOleInParm("as_password",System.Data.SqlDbType.VarChar,ls_password));
dt = dc.GetOleDataTable(ls_sql,ao_parm,dc.GetOleConnection());
dc = null;
if (dt!=null)
{
li_rows = dt.Rows.Count;
if (li_rows !=1)
{
lb_ok = false;
goto condition;
}
if (dt.Rows[0].ItemArray.GetUpperBound(0)!=5)
lb_ok = false;
else
lb_ok = true;
}
else
lb_ok = false;
condition:
if (lb_ok)
{
if ((dt.Rows[0].ItemArray[5].ToString()=="1") || (dt.Rows[0].ItemArray[5].ToString()=="Y"))
{
Session["LogonId"] = ls_username;
Session["PassWord"] = ls_password;
Session["FirstName"] = dt.Rows[0].ItemArray[0].ToString();
Session["LastName"] = dt.Rows[0].ItemArray[1].ToString();
Session["Email"] = dt.Rows[0].ItemArray[2].ToString();
Session["AdminFlag"] = dt.Rows[0].ItemArray[3].ToString();
Session["LoginType"] = dt.Rows[0].ItemArray[4].ToString();
ls_redirectpage = System.Configuration.ConfigurationManager.AppSettings.Get("RedirectPage");
if ((ls_redirectpage==null) || (ls_redirectpage==""))
{
msg.Text = "Please setup 'RedirectPage' in the web.config.";
}
else
{
dc = null;
dt = null;
Response.Redirect(ls_redirectpage);
}
}
else
msg.Text = "You are not an active account now. please contact admin.";
}
else
{
msg.Text = "Please check your user ID and password.";
}
dc = null;
dt = null;
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.ImageButton1.Click += new System.Web.UI.ImageClickEventHandler(this.ImageButton1_Click);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
private void ImageButton1_Click(object sender, System.Web.UI.ImageClickEventArgs e)
{
//
string ls_username,ls_password;
ls_username = username.Text;
ls_password = password.Text;
ls_username = ls_username.Trim();
ls_password = ls_password.Trim();
Login(ls_username,ls_password);
}
private void Login(string user,string pass)
{
string ls_redirectpage;
bool lb_signin=false;
AppBase.BaseLogin lg = new AppBase.BaseLogin();
lb_signin = lg.SignIn(user,pass,msg,Session);
lg = null;
if (lb_signin)
{
ls_redirectpage = System.Configuration.ConfigurationManager.AppSettings.Get("RedirectPage");
string path = System.Configuration.ConfigurationManager.AppSettings.Get("VirtualDirectory");
if (path.EndsWith("/"))
{
if (ls_redirectpage.StartsWith("/"))
{
ls_redirectpage = ls_redirectpage.Substring(1);
}
}
else
{
if (!ls_redirectpage.StartsWith("/"))
{
ls_redirectpage = "/"+ls_redirectpage;
}
}
path = path + ls_redirectpage;
Response.Redirect(path);
;
}
}
private string DecryString(string as_source)
{
int li_len;
string temp,sTarget;
char b;
sTarget = "";
temp = "";
li_len = as_source.Length;
if (li_len < 1) return "";
for (int li_i=0;li_i<li_len;li_i++)
{
temp = as_source.Substring(li_i,1);
if ((int)temp.ToCharArray()[0]>96)
{
b = (char)(219 - (temp.ToCharArray())[0]);
sTarget = sTarget + b.ToString();
}
else if((int)temp.ToCharArray()[0]>64 && (int)temp.ToCharArray()[0]<91)
{
b = (char)(155 - (temp.ToCharArray())[0]);
sTarget = sTarget + b.ToString();
}
else if((int)temp.ToCharArray()[0]>47 && (int)temp.ToCharArray()[0]<58)
{
b = (char)(105 - (temp.ToCharArray())[0]);
sTarget = sTarget + b.ToString();
}
else
sTarget = sTarget+temp;
}
return sTarget;
}
}
}
Any suggestions would be much appreciated! If you need any other info, let me know.
Thanks!!!
The code above demonstrates a complete roll your own authentication scheme. The magic of the login is in your AppBase.BaseLogin class. That class would have to be responsible for checking the username & password, and persisting the log in status somehow (cookie, session, database..)
It’s impossible to say – looking at this code, why the project didn’t use forms authentication. The code may be quite old (ie. pre ASP.NET 2.0), before the provider framework was put into place. In which case, this may have been the only way to get the desired behavior. You should be able to replace everything done here with a mixture of forms authentication, and a custom membership provider. Again, it really is impossible to say without knowing a lot more about your project.