Hi
I have borrowed your ASP.Net login page code and have tried to get it working. It all seems ok and I have made adjustments for my database and a asp:login control instead of textboxes.
Visual Studio 2005 doesn't like the line below, saying CommandBehavior has not been declared. I have tried removing the whole (..) bit so it just says myCmd.ExecuteReader which VS2005 accepts.
However when debugging the DBconnection function always seems to come back false, even if the username and password do exist in the database. I have tested my SQL in Access and it works.
Could someone explain what is happening with the objReader and what is wrong?
objReader = MyCmd.ExecuteReader(CommandBehavior.CloseConnection)
Protected Sub Login_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate
If Page.IsValid Then
Dim intMaxLoginAttempts = CInt(Session("Num_of_Tries"))
If DBConnection(Login1.UserName, Login1.Password) Then
Session("Logged_IN") = "Yes" ' ||||| Used to Validate on other pages in the application
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, False) ' ||||| default.aspx Page!
Else
' ||||| Credentials are Invalid
Login1.FailureText = "Invalid Login!"
' ||||| Increment the LoginCount (attempts)
Session("LoginCount") = CInt(Session("LoginCount")) + 1
' ||||| Determine the Number of Tries
If Session("LoginCount").Equals(intMaxLoginAttempts) Then
Response.Redirect("error.aspx")
End If
'If CInt(Session("Num_of_Tries")) > 2 Then ' ||||| If Exceeds then Deny!
' Response.Redirect("Denied.aspx")
'End If
End If
End If
End Sub
Function DBConnection(ByVal strUserName As String, ByVal strPassword As String) As Boolean
'<sumamry>
' ||||| Declare Required Variables
' ||||| Access appSettings of Web.Config for Connection String (Constant)
'</summary>
Dim MyConn As Data.OleDb.OleDbConnection = New Data.OleDb.OleDbConnection(System.Configuration.ConfigurationManager.AppSettings("strConn"))
'<sumamry>
' ||||| Create a OleDb Command Object
' ||||| Pass in Stored procedure
' ||||| Set CommandType to Stored Procedure
'</summary>
'original Dim MyCmd As New Data.OleDb.OleDbCommand(MyConn.Database.validateUser, MyConn)
Dim MyCmd As New Data.OleDb.OleDbCommand("validateUser", MyConn)
' MyCmd.CommandType = CommandType.StoredProcedure
' ||||| Create Parameter Objects for values passed in
' Dim objParam1, objParam2 As Data.OleDb.OleDbParameter
'<sumamry>
' ||||| Add the parameters to the parameters collection of the
' ||||| command object, and set their datatypes (OleDbType in this case)
'</summary>
MyCmd.Parameters.AddWithValue("@UserName", Login1.UserName)
MyCmd.Parameters.AddWithValue("@Password", Login1.Password)
' ||||| Try, catch block!
Try
' ||||| Check if Connection to DB is already open, if not, then open a connection
If MyConn.State = Data.ConnectionState.Closed Then
' ||||| DB not already Open...so open it
MyConn.Open()
End If
' ||||| Create OleDb Data Reader
Dim objReader As Data.OleDb.OleDbDataReader
objReader = MyCmd.ExecuteReader(CommandBehavior.CloseConnection)
' ||||| Close the Reader and the Connection Closes with it
While objReader.Read()
If CStr(objReader.GetValue(0)) <> "1" Then
Login1.FailureText = "Invalid Login!"
Else
objReader.Close() ' ||||| Close the Connections & Reader
Return True
End If
End While
Catch ex As Exception
Login1.FailureText = "Error Connecting to Database!"
End Try