not all code paths return a value.

If you were to throw return user; at the bottom of your function the error would go away. This is because if for some reason it did not go into your using statements it would never see a return statement.

If you were to throw return user; at the bottom of your function the error would go away.

Correct, but...

This is because if for some reason it did not go into your using statements it would never see a return statement.

No, the only thing that would skip code in the using block is throwing an exception, and that possibility doesn't provoke the "not all code paths return a value" compiler message.

This is the real problem:

while (reader.Read())
{
    return user;
}

It's possible that reader has no data, so reader.Read() might return false the first time you call it, and the return statement would never happen.

Once you've properly relocated the return statement, though, you'll notice that it always returns null--you're not doing anything with user. Just mentioning this in case you thought you were done :)

u've properly relocated the return statement, though, you'll notice that it always returns null--you're not doing anything with user. Just mentioning this in case yo

Thanks a lot guys for all your valuable suggestions. But, I tried almost all the things and its not working its still giving me the same error, I don't know why.

I downloaded the code from Click Here.

This is a great example of a single sign-on between three websites www.domain1.com, domain2.com and domain3.com
The author has hardcoded the credentials into the code.
Its in the file (www.sso.com > App_Code > UserManager.cs)

All i wanted to do was to hook it up to a database. So that if the user enters the username and password, the application checks from database and autheticates accordingly.

So, in place of the hardcoded credentials I tried the code (mentioned a couple of comments earlier) to connect it with database and fetch values from there.

I'll be really greatful if you guys can help!

I tried almost all the things and its not working its still giving me the same error, I don't know why.

Please show us what you tried here--that means code.

www.sso.com > App_Code > UserManager.cs)

I rewrote the method (AuthenticateUser). This is how I am trying to connect to database.

public static WebUser AuthenticateUser(string UserName, string Password)
    {
        WebUser user = null;

        using (SqlConnection cn = new SqlConnection("Data Source=.\\SQLEXPRESS; Initial Catalog=DB_Rental; Integrated Security=True;"))
        {
            cn.Open();
            using (SqlCommand cmd = new SqlCommand())
            {
                cmd.Connection = cn;
                cmd.CommandText = "select empID from TB_credentials WHERE @UserName = userNameTXT and @Password=passwordTXT";
                cmd.CommandType = CommandType.Text;
                cmd.Parameters.AddWithValue("@userNameTXT", user.UserName);
                cmd.Parameters.AddWithValue("@passwordTXT", user.Password);
                SqlDataReader reader;
                reader = cmd.ExecuteReader(CommandBehavior.CloseConnection);
                while (reader.Read())
                {
                    return user;
                }
                return user;

            }
        }
    }

How I am thouroughly confused about the user is being authenticated when user puts username and password in the textboxes of domain(1,2,3).com website.

I was just thinking how would I point to that textboxes (username and password) in this method to match the values to the database.

Its really confusing for me!

I cant figure out how the users are being authenticated. It would be great if you can also show me the path of authentication.

I cant figure out how the users are being authenticated

It's implicit in the SQL query. If the user name exists in the database and the password matches, then this code authenticates the user.

Did you get a chance to look at the code?? Click Here

its not a simple 'query the database' thing. I need to know how the calls are being made and how the values of username and passwords are travelling.

The authentication in the sample project is just a stub, but you knew that already because you're trying to replace it with a database lookup. And you knew where to find the authentication code, which suggests you figured out where the login information was going.

I'm not sure what you're asking for here, unless you just stumbled across the authentication code and are wondering how the login info gets there. If that's the case, then here's how I'd trace it:

1. Pick one of the Web site projects; for purposes of this discussion, I'm going to use www.domain1.com
2. Users log in at Login.aspx with the "Login" button
3. Button click handler is in Login.aspx.cs at btnLogin_Click
4. The handler calls Login, which is part of the base class PrivatePage, in the SSOLib project (PrivatePage.cs)
5. PrivatePage.Login calls Authenticate in AuthUtil (AuthUtil.cs)
6. AuthUtil.Authenticate makes a Web service call to AuthService.Authenticate, in the www.sso.com project (AuthService.asmx, ultimately App_Code/AuthService.cs)
7. AuthService.Authenticate calls UserManager.AuthenticateUser (App_Code/UserManager.cs)
8. UserManager.AuthenticateUser scans through a hard-coded list of three users to see if you entered one of them.

Thanks a lot Gusano, you really sliced it through the project. That gives me a good idea how are the credetials travelling.
For now, all the websites are using SSOLib.dll.. right?
So i need to add this dll on my real world websites as well in order to implement SSO

Is it possible not to add the .dll, but just to make website point at it, so that the .dll remains to my end (because we dont want to make the website come in the lime light, It should just point at that.).
I Hope I made myself clear. Plz ask for any confusions :)

• Check out the portable application to DBWaldin's new Guide to Software Deployment. And another good resource is http://www.itninja.com/research

David Malmborg
I work with Dell

(sorry for the delay; I've been out of town for a week)

For now, all the websites are using SSOLib.dll.. right?
So i need to add this dll on my real world websites as well in order to implement SSO

Right. The article you linked explains how to set it up under the heading "OK, how do I implement SSO for my sites?" (sadly, there is no anchor in the article for me to link to)

Is it possible not to add the .dll, but just to make website point at it, so that the .dll remains to my end (because we dont want to make the website come in the lime light, It should just point at that.).

As far as I know, no. ASP.NET needs to have the DLL available locally as part of the Web site because it will execute on each page request.

This library is just there to handle connecting to the behind-the-scenes "www.sso.com" Web site. All of the actual SSO work is done by that site, so it shouldn't be a big deal to reference SSOLib.dll in each client Web site project--that is how this particular implementation is intended to be used.