Hello, I have this application that would let a user register (I used an ASP.NET control for that one), and then log in (I do not use ASP.NET control for the login, I am making it myself). When an user register, I am sending their data to an Oracle database, so now when someone tries to log in, I want to be able to check whether they are registered or not, i.e. whether the database contains that particular username and password or not. But I do not want to have the data in the database shown in any control, so I have no idea how would I check that. If I'm using a Listbox e.g., I would retrieve the data into the listbox, and then check whether the entered text in the UsernameTextbox is equal to some data in the listbox or not. Without that kind of controls, I do not know how to check for the entered data into the database. Is there any way of checking via the SqlDataSource or something ? Thank you, greetings.

What is the reasoning behind not using the built-in ASP.net login control since you are already using their register wizard control. That is one of the benefits of .Net 2.0 and beyond are the built-in membership management controls.

The reasoning is that by not using the built-in controls you learn more on how to code them on your own. However, even if I were using the built-in control, I guess I would have this problem again. I cannot resolve it.

I hate those built in controls too. First you will need to get the back. Change SqlDataReader to OracleDataReader, etc. Swap out Sql* with Oracle*

private static DataTable LookupUser(string Username)
    {
      /*
       * The reason I return a datatable here is so you can also bring back the user's full
       * name, email address, security rights in the application, etc. I have a "User" class
       * where I defined meta information for users.
       */ 
      const string connStr = "Data Source=apex2006sql;Initial Catalog=Leather;Integrated Security=True;";
      const string query = "Select Password From UserTable (NOLOCK) Where UserName = @UserName";
      DataTable result = new DataTable();
      using (SqlConnection conn = new SqlConnection(connStr))
      {
        conn.Open();
        using (SqlCommand cmd = new SqlCommand(query, conn))
        {
          cmd.Parameters.Add("@UserName", SqlDbType.VarChar).Value = Username;
          using (SqlDataReader dr = cmd.ExecuteReader())
          {
            result.Load(dr);
          }
        }
      }
      return result;
    }

Now that we have a mechanism to look up users we need to call it:

private void buttonLogin_Click(object sender, EventArgs e)
    {
      if (string.IsNullOrEmpty(textBoxUsername.Text))
      {
        //Set an error message they need to enter a username
        return;
      }
      else if (string.IsNullOrEmpty(textBoxPassword.Text))
      {
        //Set an error message they need to enter a password unless you allow empty passwords
        return;
      }

      //OK they enter a user and pass, lets see if they can authenticate
      using (DataTable dt = LookupUser(textBoxUsername.Text))
      {
        if (dt.Rows.Count == 0)
        {
          //Invalid username thus rows.count = 0. Set error message
          return;
        }
        else
        {
          //Always compare the resulting crypto string or hash value, never the decrypted value
          //By doing that you never make a call to Decrypt() and the application is harder to
          //reverse engineer. I included the Decrypt() method here for informational purposes
          //only. I do not recommend shipping an assembly with Decrypt() methods.

          string dbPassword = Convert.ToString(dt.Rows[0]["Password"]);
          string appPassword = Encrypt(textBoxPassword.Text); //we store the password as encrypted in the DB
          if (string.Compare(dbPassword, appPassword) == 0)
          {
            //Logged in
          }
          else
          {
            //You may want to use the same error message so they can't tell which field they got wrong
            return; 
          }
        }
      }
    }

Try using a hidden field.

use data set, make a store procedure and drag into the data set .The procedure take the all user date end results put into the datatable.Next, compare all the results whit what user insert.

Thanks to all of you, this thread has been solved. Greetings.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.