login code problem it check if statement but not going inside

Question

rinkul 0 Newbie Poster

16 Years Ago

using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using System.Data.SqlTypes;

public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }


    protected void Login1_Authenticate1(object sender, AuthenticateEventArgs e)
    {
        bool Authenticated = false;
        Authenticated = SiteLevelCustomAuthenticationMethod(Login1.UserName, Login1.Password);
        e.Authenticated = Authenticated;
        if (Authenticated == true)
        {
            Response.Redirect("website6/Home.aspx");
        }

    }
    private bool SiteLevelCustomAuthenticationMethod(string UserName, string Password)
    {
        bool boolReturnValue = false;
        // Insert code that implements a site-specific custom 
        // authentication method here.
        // This example implementation always returns false.
        string strConnection = "Server=.;Initial Catalog=Doctors;Integrated Security=True";
        SqlConnection Connection = new SqlConnection(strConnection);
        String strSQL = "Select username,password From users";
        SqlCommand command = new SqlCommand(strSQL, Connection);
        SqlDataReader Dr;
        Connection.Open();
        Dr = command.ExecuteReader();
        while (Dr.Read())
        {
            if ((UserName == Dr["username"].ToString()) & (Password == Dr["Password"].ToString()))
         [COLOR="red"]  [B]{
                boolReturnValue = true;
            }[/B][/COLOR]


        }
        Dr.Close();
        return boolReturnValue;

asp.net

Edited 11 Years Ago by mike_2000_17 because: Fixed formatting

2 Contributors
2 Replies
86 Views
18 Hours Discussion Span
Latest Post 16 Years Ago Latest Post by SheSaidImaPregy

SheSaidImaPregy 28 Veteran Poster

16 Years Ago

if ((UserName == Dr["username"].ToString()) & (Password == Dr["Password"].ToString()))

improper syntax. Needs two && signs; No capital P in your select statement.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

SheSaidImaPregy 28 Veteran Poster · Answer 1 · 2008-02-28T20:02:42+00:00

moreover, you should not grab every record in the users DB. Instead, grab the record that pertains to you:

SELECT password FROM Users WHERE username=@username

command.parameters.addwithvalue("@username, UserName)

DR = command.ExecuteReader()
...