Member Avatar for Paladine

This is sample code for a ASP.Net Login page (using Visual Basic.Net code behind) with OleDB connection to an Access Database using ADO.Net.

The datebase used is the Access Northwind Database. With the connection string being placed in the web.config file.

1. Web Config File code:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <!--	|||||	Application Settings	|||||	-->
  <appSettings>
	<add key="strConn" value="Provider = Microsoft.Jet.OLEDB.4.0;Data Source=C:\Inetpub\wwwroot\Northwind.mdb;User ID=Admin;Password=;" />
  </appSettings>
  <system.web>
....
...

Authentication will be conducted by "forms" authentication set in the web.config file:

....
....
<!--  AUTHENTICATION 
          This section sets the authentication policies of the application. Possible modes are "Windows", 
          "Forms", "Passport" and "None"

          "None" No authentication is performed. 
          "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to 
           its settings for the application. Anonymous access must be disabled in IIS. 
          "Forms" You provide a custom form (Web page) for users to enter their credentials, and then 
           you authenticate them in your application. A user credential token is stored in a cookie.
          "Passport" Authentication is performed via a centralized authentication service provided
           by Microsoft that offers a single logon and core profile services for member sites.
    -->
    <!--	|||||	MY Authentication Setup	|||||	-->
    <authentication mode="Forms"> 
		<forms name="NWLogin" loginUrl="Login.aspx" />
	</authentication>

    <!--  AUTHORIZATION

3. Login Page Creationg (HTML Side), with form validation controls, using a summary display for an controls not passing validation.:

<%@ Page Language="vb" AutoEventWireup="false" Codebehind="Login.aspx.vb" Inherits="NorthLogin.WebForm1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
	<head>
		<title>Northwind Database Login</title>
		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
		<meta content="Visual Basic .NET 7.1" name="CODE_LANGUAGE">
		<meta content="JavaScript" name="vs_defaultClientScript">
		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
	</head>
	<body>
		<!-- |||||	Login Form	||||| -->
		<form id="frmlogin" method="post" runat="server">
			<asp:label id="lblMessage" runat="server" width="288px" font-bold="True" font-italic="True"
				font-size="Medium" forecolor="#C00000"></asp:label>
			<table id="mainTable" style="POSITION: absolute; TOP: 30%">
				<tr>
					<td>
						<table cellspacing="15" id="loginTable" style="BORDER-RIGHT: #6699cc solid; BORDER-TOP: #6699cc solid; FONT-WEIGHT: bold; LEFT: 30%; BORDER-LEFT: #6699cc solid; BORDER-BOTTOM: #6699cc solid; FONT-FAMILY: Sans-Serif; BACKGROUND-COLOR: lightgrey">
							<tr>
								<td><b>Login: </b>
								</td>
								<td>
									<asp:textbox id="txtUserName" runat="server" width="160px"></asp:textbox>
									<asp:requiredfieldvalidator runat="server" id="rvUserValidator" controltovalidate="txtUserName" errormessage="You must supply a Username!"
										display="None" />
								</td>
							</tr>
							<tr>
								<td><b>Password: </b>
								</td>
								<td>
									<asp:textbox id="txtPassword" runat="server" textmode="Password" width="160px"></asp:textbox>
									<asp:requiredfieldvalidator runat="server" id="rvPasswordValidator" controltovalidate="txtPassword" errormessage="Empty Passwords not accepted"
										display="None" />
								</td>
							</tr>
							<tr>
								<td align="center" colspan="2"><asp:button id="cmdSubmit" text="Submit" runat="server" borderstyle="Solid"></asp:button></td>
							</tr>
						</table>
					</td>
				</tr>
				<tr>
					<td>
						<table id="messageDisplay">
							<tr>
								<td><asp:validationsummary runat="server" displaymode="BulletList" id="Validationsummary1" width="472px" />
								</td>
							</tr>
						</table>
					</td>
				</tr>
			</table>
		</form>
		<!--	|||||	End of Form	|||||	-->
	</body>
</html>

4. The Code behind (in visual basic.net)

a. Imports:

Imports System.Web.Security '   |||||   Required Class for Authentication
Imports System.Data '   |||||   DB Accessing Import
Imports System.Data.OleDb   '   ||||||  Access Database Required Import!
Imports System.Configuration    '   ||||||  Required for Web.Config appSettings |||||

'   |||||   Connection String - XML coded in Web.Config
'   |||||   Remember to set the Security Settings in Windows on the MDB file for IUSR

b. Add the code for the button click event (in this case cmdSubmit button):

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        '   |||||   Put user code to initialize the page here
    End Sub

    Private Sub cmdSubmit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdSubmit.Click
        If Page.IsValid Then
            '   |||||   Connect to Database for User Validation |||||
            If DBConnection(txtUserName.Text, txtPassword.Text) Then
                FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, False)  '   |||||   default.aspx Page!

            Else
                '   |||||   Credentials are Invalid
                lblMessage.Text = "Invalid Login!"
            End If
        End If
    End Sub

c. Write the code for the DBConnection Subroutine - Beginning with variable creation, and obtaining the connection string from web.config:

'   |||||   Declare Required Variables
        '   |||||   Access appSettings of Web.Config for Connection String (Constant)
        Dim LoginSQL As String
        Dim MyConn As OleDbConnection = New OleDbConnection(ConfigurationSettings.AppSettings("strConn"))

d. Withing DBConnection Subroutine :

'   |||||   Create a OleDb Command Object
'   |||||   Pass in the SQL String and Connection Object related to SQL String.
'   |||||   Passing in SQL string and Connection Obj to the OleDbCommand Constructor
'   |||||   Pass in Stored procedure
'   |||||   Set CommandType to Stored Procedure
Dim MyCmd As New OleDbCommand("sp_ValidateUser", MyConn)
MyCmd.CommandType = CommandType.StoredProcedure

'   |||||   Create Parameter Objects for values passed in
Dim objParam1, objParam2 As OleDbParameter

***Note*** The SQL Stored Procedure in Access is :

SELECT Count(*) as Num_of_Users FROM tblUsers WHERE u_Name = @UserName AND u_Password = @Password;

Continue in DBConnection Subroutine :

'   |||||   Add the parameters to the parameters collection of the
'   |||||   command object, and set their datatypes (OleDbType in this case)
objParam1 = MyCmd.Parameters.Add("@UserName", OleDbType.Char)
objParam2 = MyCmd.Parameters.Add("@Password", OleDbType.Char)
'   |||||   Set the direction of the parameters...input, output, etc
objParam1.Direction = ParameterDirection.Input
objParam2.Direction = ParameterDirection.Input
'   |||||   Set the value(s) of the parameters to the respective source controls
objParam1.Value = txtUserName.Text
objParam2.Value = txtPassword.Text

'   |||||   Try, catch block!
    Try
       '   |||||   Check if Connection to DB is already open, if not, then open    a      connection
        If MyConn.State = ConnectionState.Closed Then
        '   |||||   DB not already Open...so open it
            MyConn.Open()
        End If

        '   |||||   Create OleDb Data Reader
        Dim objReader As OleDbDataReader
        objReader = MyCmd.ExecuteReader(CommandBehavior.CloseConnection)
        '   |||||   Close the Reader and the Connection Closes with it

        While objReader.Read()
           If CStr(objReader.GetValue(0)) <> "1" Then
               lblMessage.Text = "Invalid Login!"
           Else
               objReader.Close()   '   |||||   Close the Connections & Reader
               Return True
           End If

        End While
   Catch ex As Exception
            lblMessage.Text = "Error Connecting to Database!"
   End Try


End Function

Voila, compile and run. Hopefully the comments in and outside of the code give you enough of an idea on how to customize this code for your needs.

Happy coding folks! :lol:

  • 26 Contributors
  • 77 Replies
  • 18K Views
  • 9 Years Discussion Span
  • Latest Post Latest Post by Anita_1
Member Avatar for Slade

Once again Paladine buddy, you've done a great job. Congrats man, good code.

Member Avatar for Paladine

Thanks Slade. I just hope someone can put the code to good use.

I plan to upgrade this code to a moderate level of knowledge, by creating a Login User Customizable control that can be dropped into any page where it is needed. But that won't be a few weeks at least.

Member Avatar for Tekmaven

Just a reminder to the new ASP.NET Programmers: your web.config file is case-sensitive, so be careful copying the text :).

Member Avatar for Paladine

A small addition to this code, which will allow the application to monitor the number of attempts at a login before granting or denying access.

a. Modify the Global.asax Session_Start method:

Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs)
        '<summary>
        '   |Fires when the session is started
        '   |Administrator will only be allowed a certain number of login attempts
        '</summary>
        Session("Num_of_Tries") = 3
        Session("LoginCount") = 0

        '   |Track whether they're logged in or not
        Session("Logged_IN") = "No"
End Sub

b. Add the code for the button click event (in this case cmdSubmit button): - Revised!

Private Sub cmdSubmit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdSubmit.Click
        If Page.IsValid Then    '   ||||| Meaning the Control Validation was successful!
            '   |||||   Connect to Database for User Validation |||||
            Dim intMaxLoginAttempts = CInt(Session("Num_of_Tries"))

            If DBConnection(txtUserName.Text.Trim(), txtPassword.Text.Trim()) Then
                Session("Logged_IN") = "Yes"    '   |||||   Use to Validate on other pages in the application
                FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, False)  '   |||||   default.aspx Page!
            Else
                '   |||||   Credentials are Invalid
                lblMessage.Text = "Invalid Login!"
                '   |||||   Increment the LoginCount (attempts)
                Session("LoginCount") = CInt(Session("LoginCount")) + 1
                '   |||||   Determine the Number of Tries
                If Session("LoginCount").Equals(intMaxLoginAttempts) Then
                    Response.Redirect("Denied.aspx")
                End If

            End If
        End If
End Sub

c. Validate login on other pages in the application - Add to Page_Load Event

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        '   <summary>
        '   |||||   Authenicate user for accces to pages within application
        '   |||||   Enusre the page can't be navigated to without
        '   |||||   user's being online and logged in.
        '   |||||   **Note: Logged_IN session object is created in Session_Start 
        '   |||||   of the Global.asax file **
        '   </summary>

        '   |Do not allow caching of page
        Response.Cache.SetCacheability(HttpCacheability.NoCache)
        If Session("Logged_IN").Equals("No") Then
            Response.Redirect("Login.aspx")
        End If

Happy coding :cool: !

Member Avatar for JasonRCS

I am new to stored procedures in Access, infact I have been told that it could not be done. I have tried to create a query in sql view and named it sp_Check User, but I get an error that my app can not access the table or querry.

How do I create a stored procedure in Access?

Thanks,

Member Avatar for Paladine

Hi JasonRCS, I think I can help. Whom ever told you that Stored Procedures can not be done in access was completely wrong...well ok, maybe just a little wrong. Granted they look nothing like those done on SQL server, but they do function the same way.

In the above exercise this is the stored "procedure" I used.

SELECT COUNT(*) AS Num_of_User
FROM tblUser
WHERE (((tblUser.U_Name)=[@UserName]) AND ((tblUser.U_Password)=[@Password]));

That is exactly how it appears in the SQL view in Access. See here is why the person who said it wasn't possible was partly right. :cool: As you don't really use the Create Procedure syntax as you would in SQL Server. But the principle is still the same.

Hope this helps.

Member Avatar for curiosity5

I'm a newbie. I have 8 years of access experience and had enough of it.
Can anyone put this code together in a folder in the correct files for me or at least tell me which codes go into which files? I just couldn't get it working.
Thanks in advance. :sad:

Member Avatar for curiosity5

I attached the two files.
I just renamed them to .txt for attachment.
I have login.aspx and web.config in a folder. It stopped at
Line 1: <%@ Page Language="vb" AutoEventWireup="false" Codebehind="Login.aspx.vb" Inherits="NorthLogin.WebForm1"%>

Please help!!

<%@ Page Language="vb" AutoEventWireup="false" Codebehind="Login.aspx.vb" Inherits="NorthLogin.WebForm1"%>
Imports System.Web.Security '   |||||   Required Class for Authentication
Imports System.Data '   |||||   DB Accessing Import
Imports System.Data.OleDb   '   ||||||  Access Database Required Import!
Imports System.Configuration    '   ||||||  Required for Web.Config appSettings |||||

'   |||||   Connection String - XML coded in Web.Config
'   |||||   Remember to set the Security Settings in Windows on the MDB file for IUSR
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        '   |||||   Put user code to initialize the page here
    End Sub

    Private Sub cmdSubmit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdSubmit.Click
        If Page.IsValid Then
            '   |||||   Connect to Database for User Validation |||||
            If DBConnection(txtUserName.Text, txtPassword.Text) Then
                FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, False)  '   |||||   default.aspx Page!

            Else
                '   |||||   Credentials are Invalid
                lblMessage.Text = "Invalid Login!"
            End If
        End If
    End Sub

function dbconnection()
 '   |||||   Declare Required Variables
        '   |||||   Access appSettings of Web.Config for Connection String (Constant)
        Dim LoginSQL As String
        Dim MyConn As OleDbConnection = New OleDbConnection(ConfigurationSettings.AppSettings("strConn"))

'   |||||   Create a OleDb Command Object
'   |||||   Pass in the SQL String and Connection Object related to SQL String.
'   |||||   Passing in SQL string and Connection Obj to the OleDbCommand Constructor

'   |||||   Pass in Stored procedure
'   |||||   Set CommandType to Stored Procedure
Dim MyCmd As New OleDbCommand("sp_ValidateUser", MyConn)
MyCmd.CommandType = CommandType.StoredProcedure

'   |||||   Create Parameter Objects for values passed in
Dim objParam1, objParam2 As OleDbParameter
'   |||||   Add the parameters to the parameters collection of the
'   |||||   command object, and set their datatypes (OleDbType in this case)
objParam1 = MyCmd.Parameters.Add("@UserName", OleDbType.Char)
objParam2 = MyCmd.Parameters.Add("@Password", OleDbType.Char)
'   |||||   Set the direction of the parameters...input, output, etc
objParam1.Direction = ParameterDirection.Input
objParam2.Direction = ParameterDirection.Input
'   |||||   Set the value(s) of the parameters to the respective source controls
objParam1.Value = txtUserName.Text
objParam2.Value = txtPassword.Text

'   |||||   Try, catch block!
    Try
       '   |||||   Check if Connection to DB is already open, if not, then open    a      connection
        If MyConn.State = ConnectionState.Closed Then
        '   |||||   DB not already Open...so open it
            MyConn.Open()
        End If

        '   |||||   Create OleDb Data Reader
        Dim objReader As OleDbDataReader
        objReader = MyCmd.ExecuteReader(CommandBehavior.CloseConnection)
        '   |||||   Close the Reader and the Connection Closes with it

        While objReader.Read()
           If CStr(objReader.GetValue(0)) <> "1" Then
               lblMessage.Text = "Invalid Login!"
           Else
               objReader.Close()   '   |||||   Close the Connections & Reader
               Return True
           End If

        End While
   Catch ex As Exception
            lblMessage.Text = "Error Connecting to Database!"
   End Try


End Function




<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">





<html>
	<head>
		<title>Northwind Database Login</title>
		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
		<meta content="Visual Basic .NET 7.1" name="CODE_LANGUAGE">
		<meta content="JavaScript" name="vs_defaultClientScript">
		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
	</head>
	<body>
		<!-- |||||	Login Form	||||| -->
		<form id="frmlogin" method="post" runat="server">
			<asp:label id="lblMessage" runat="server" width="288px" font-bold="True" font-italic="True"
				font-size="Medium" forecolor="#C00000"></asp:label>
			<table id="mainTable" style="POSITION: absolute; TOP: 30%">
				<tr>
					<td>
						<table cellspacing="15" id="loginTable" style="BORDER-RIGHT: #6699cc solid; BORDER-TOP: #6699cc solid; FONT-WEIGHT: bold; LEFT: 30%; BORDER-LEFT: #6699cc solid; BORDER-BOTTOM: #6699cc solid; FONT-FAMILY: Sans-Serif; BACKGROUND-COLOR: lightgrey">
							<tr>
								<td><b>Login: </b>
								</td>
								<td>
									<asp:textbox id="txtUserName" runat="server" width="160px"></asp:textbox>
									<asp:requiredfieldvalidator runat="server" id="rvUserValidator" controltovalidate="txtUserName" errormessage="You must supply a Username!"
										display="None" />
								</td>
							</tr>
							<tr>
								<td><b>Password: </b>
								</td>
								<td>
									<asp:textbox id="txtPassword" runat="server" textmode="Password" width="160px"></asp:textbox>
									<asp:requiredfieldvalidator runat="server" id="rvPasswordValidator" controltovalidate="txtPassword" errormessage="Empty Passwords not accepted"
										display="None" />
								</td>
							</tr>
							<tr>
								<td align="center" colspan="2"><asp:button id="cmdSubmit" text="Submit" runat="server" borderstyle="Solid"></asp:button></td>
							</tr>
						</table>
					</td>
				</tr>
				<tr>
					<td>
						<table id="messageDisplay">
							<tr>
								<td><asp:validationsummary runat="server" displaymode="BulletList" id="Validationsummary1" width="472px" />
								</td>
							</tr>
						</table>
					</td>
				</tr>
			</table>
		</form>
		<!--	|||||	End of Form	|||||	-->
	</body>
</html>
<?xml version="1.0" encoding="utf-8" ?>
<configuration>

  <!--	|||||	Application Settings	|||||	-->
  <appSettings>
	<add key="strConn" value="Provider = Microsoft.Jet.OLEDB.4.0;Data Source=c:\webdbpgm\classifed.mdb;User ID=Admin;Password=;" />
  </appSettings>
  
<system.web>
    <!--	|||||	MY Authentication Setup	|||||	-->
    <authentication mode="Forms"> 
		<forms name="NWLogin" loginUrl="Login.aspx" />
	</authentication>

   </system.web>
</configuration>
Member Avatar for curiosity5

oh wait, i know what i did wrong. Let me try this again.

Member Avatar for curiosity5

Ok i give up.
I'm using visual.net.
Please help!!

Member Avatar for Paladine

Ok, several people have replied to this (both here and on private messages) about having difficulty with this code. Remember this is only a guide!

But for the sake of simplicity, I will post the files associated with this snippet!

Login_HTML.aspx.txt (2.2 KB) - The Login.aspx Web Form HTML
Login_VBNET.aspx.vb.txt (6.0 KB) - The Login.aspx.vb Web Form Code behind (VB.Net)
Web.Config.txt (6.2 KB) - The Web.Config I used
Northwind.zip (409.6 KB) - Northwind Database with Login Table and Stored Procedure.

Hope this helps!

<%@ Page Language="vb" AutoEventWireup="false" Codebehind="Login.aspx.vb" Inherits="NorthLogin.WebForm1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
  <head>
		<title>Northwind Database Login</title>
		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
		<meta content="Visual Basic .NET 7.1" name="CODE_LANGUAGE">
		<meta content="JavaScript" name="vs_defaultClientScript">
		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
		<link rel="stylesheet" type="text/css" href="Styles.css" title="standard" >
  </head>
	<body>
		<!-- |||||	Login Form	||||| -->
		<form id="frmlogin" method="post" runat="server">			
			<table id="mainTable">
				<tr>
					<td>
						<table cellspacing="15" id="loginTable" class="loginbody" cellpadding="0" >
							<tr>
								<td><b>Login: </b>
								</td>
								<td>
									<asp:textbox id="txtUserName" runat="server" width="160px"></asp:textbox>
									<asp:requiredfieldvalidator runat="server" id="rvUserValidator" controltovalidate="txtUserName" errormessage="You must supply a Username!"
										display="None" />
								</td>
							</tr>
							<tr>
								<td><b>Password: </b>
								</td>
								<td>
									<asp:textbox id="txtPassword" runat="server" textmode="Password" width="160px"></asp:textbox>
									<asp:requiredfieldvalidator runat="server" id="rvPasswordValidator" controltovalidate="txtPassword" errormessage="Empty Passwords not accepted"
										display="None" />
								</td>
							</tr>
							<tr>
								<td align="center" colspan="2"><asp:button id="cmdSubmit" text="Submit" runat="server" borderstyle="Solid"></asp:button></td>
							</tr>
						</table>
					</td>
				</tr>
				<tr>
					<td>
						<table id="messageDisplay">
							<tr>
								<td><asp:validationsummary runat="server" displaymode="BulletList" id="Validationsummary1" width="472px" />
								</td>
							</tr>
						</table>
					</td>
				</tr>
			</table>
		</form>
<asp:label id="lblMessage" runat="server" width="288px" forecolor="#C00000" font-size="Medium" font-italic="True" font-bold="True"></asp:label>
		<!--	|||||	End of Form	|||||	-->
	</body>
</html>
Imports System.Web.Security '   |||||   Required Class for Authentication
Imports System.Data '   |||||   DB Accessing Import
Imports System.Data.OleDb   '   ||||||  Access Database Required Import!
Imports System.Configuration    '   ||||||  Required for Web.Config appSettings |||||


Public Class WebForm1
    Inherits System.Web.UI.Page
    '<summary>
    '   |||||   Connection String - XML coded in Web.Config
    '   |||||   Remember to set the Security Settings in Windows on the MDB file for IUSR
    '</summary>
#Region " Web Form Designer Generated Code "

    'This call is required by the Web Form Designer.
    <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()

    End Sub
    '   |||||   Names of Controls here must match the HTML Id Name for Code to work!
    Protected WithEvents txtUserName As System.Web.UI.WebControls.TextBox   '   |||||   Names 
    Protected WithEvents txtPassword As System.Web.UI.WebControls.TextBox   '   |||||   Names
    Protected WithEvents cmdSubmit As System.Web.UI.WebControls.Button      '   |||||   Names
    Protected WithEvents Validationsummary1 As System.Web.UI.WebControls.ValidationSummary
    Protected WithEvents rvUserValidator As System.Web.UI.WebControls.RequiredFieldValidator
    Protected WithEvents rvPasswordValidator As System.Web.UI.WebControls.RequiredFieldValidator
    Protected WithEvents lblMessage As System.Web.UI.WebControls.Label

    'NOTE: The following placeholder declaration is required by the Web Form Designer.
    'Do not delete or move it.
    Private designerPlaceholderDeclaration As System.Object

    Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
        'CODEGEN: This method call is required by the Web Form Designer
        'Do not modify it using the code editor.
        InitializeComponent()
    End Sub

#End Region

    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        '   |||||   Put user code to initialize the page here
    End Sub

    Private Sub cmdSubmit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdSubmit.Click
        If Page.IsValid Then    '   ||||| Meaning the Control Validation was successful!
            '   |||||   Connect to Database for User Validation |||||
            Dim intMaxLoginAttempts = CInt(Session("Num_of_Tries"))

            If DBConnection(txtUserName.Text.Trim(), txtPassword.Text.Trim()) Then
                Session("Logged_IN") = "Yes"    '   |||||   Use to Validate on other pages in the application
                FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, False)  '   |||||   default.aspx Page!
            Else
                '   |||||   Credentials are Invalid
                lblMessage.Text = "Invalid Login!"
                '   |||||   Increment the LoginCount (attempts)
                Session("LoginCount") = CInt(Session("LoginCount")) + 1
                '   |||||   Determine the Number of Tries
                If Session("LoginCount").Equals(intMaxLoginAttempts) Then
                    Response.Redirect("Denied.aspx")
                End If

                'If CInt(Session("Num_of_Tries")) > 2 Then   '   |||||   If Exceeds then Deny!
                '    Response.Redirect("Denied.aspx")
                'End If

            End If
        End If
    End Sub

    Function DBConnection(ByVal strUserName As String, ByVal strPassword As String) As Boolean
        '<sumamry>
        '   |||||   Declare Required Variables
        '   |||||   Access appSettings of Web.Config for Connection String (Constant)
        '</summary>
        Dim LoginSQL As String
        Dim MyConn As OleDbConnection = New OleDbConnection(ConfigurationSettings.AppSettings("strConn"))
        '<sumamry>
        '   |||||   Create a OleDb Command Object
        '   |||||   Pass in Stored procedure
        '   |||||   Set CommandType to Stored Procedure
        '</summary>
        Dim MyCmd As New OleDbCommand("sp_ValidateUser", MyConn)
        MyCmd.CommandType = CommandType.StoredProcedure
        '   |||||   Create Parameter Objects for values passed in
        Dim objParam1, objParam2 As OleDbParameter
        '<sumamry>
        '   |||||   Add the parameters to the parameters collection of the
        '   |||||   command object, and set their datatypes (OleDbType in this case)
        '</summary>
        objParam1 = MyCmd.Parameters.Add("@UserName", OleDbType.Char)
        objParam2 = MyCmd.Parameters.Add("@Password", OleDbType.Char)
        ''   |||||   Set the direction of the parameters...input, output, etc
        objParam1.Direction = ParameterDirection.Input
        objParam2.Direction = ParameterDirection.Input
        ''   |||||   Set the value(s) of the parameters to the respective source controls
        objParam1.Value = txtUserName.Text
        objParam2.Value = txtPassword.Text

        '   |||||   Try, catch block!
        Try
            '   |||||   Check if Connection to DB is already open, if not, then open a connection
            If MyConn.State = ConnectionState.Closed Then
                '   |||||   DB not already Open...so open it
                MyConn.Open()
            End If

            '   |||||   Create OleDb Data Reader
            Dim objReader As OleDbDataReader
            objReader = MyCmd.ExecuteReader(CommandBehavior.CloseConnection)
            '   |||||   Close the Reader and the Connection Closes with it

            While objReader.Read()
                If CStr(objReader.GetValue(0)) <> "1" Then
                    lblMessage.Text = "Invalid Login!"
                Else
                    objReader.Close()   '   |||||   Close the Connections & Reader
                    Return True
                End If
            End While
        Catch ex As Exception
            lblMessage.Text = "Error Connecting to Database!"
        End Try


    End Function
End Class
Northwind.zip (409.58 KB) 
<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <!--	|||||	Application Settings	|||||	-->
  <appSettings>
	<add key="strConn" value="Provider = Microsoft.Jet.OLEDB.4.0;Data Source=C:\Inetpub\wwwroot\Northwind.mdb;User ID=Admin;Password=;"/>
  </appSettings>
  <system.web>

    <!--  DYNAMIC DEBUG COMPILATION
          Set compilation debug="true" to insert debugging symbols (.pdb information)
          into the compiled page. Because this creates a larger file that executes
          more slowly, you should set this value to true only when debugging and to
          false at all other times. For more information, refer to the documentation about
          debugging ASP.NET files.
    -->
    <compilation defaultLanguage="vb" debug="true"><assemblies><add assembly="CrystalDecisions.CrystalReports.Engine, Version=9.1.5000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add assembly="CrystalDecisions.ReportSource, Version=9.1.5000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add assembly="CrystalDecisions.Shared, Version=9.1.5000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add assembly="CrystalDecisions.Web, Version=9.1.5000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/></assemblies></compilation>

    <!--  CUSTOM ERROR MESSAGES
          Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable. 
          Add <error> tags for each of the errors you want to handle.

          "On" Always display custom (friendly) messages.
          "Off" Always display detailed ASP.NET error information.
          "RemoteOnly" Display custom (friendly) messages only to users not running 
           on the local Web server. This setting is recommended for security purposes, so 
           that you do not display application detail information to remote clients.
    -->
    <customErrors mode="RemoteOnly"/>

    <!--  AUTHENTICATION 
          This section sets the authentication policies of the application. Possible modes are "Windows", 
          "Forms", "Passport" and "None"

          "None" No authentication is performed. 
          "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to 
           its settings for the application. Anonymous access must be disabled in IIS. 
          "Forms" You provide a custom form (Web page) for users to enter their credentials, and then 
           you authenticate them in your application. A user credential token is stored in a cookie.
          "Passport" Authentication is performed via a centralized authentication service provided
           by Microsoft that offers a single logon and core profile services for member sites.
    -->
    <!--	|||||	MY Authentication Setup	|||||	-->
    <authentication mode="Forms"> 
		<forms name="NWLogin" loginUrl="Login.aspx"/>
	</authentication>

    <!--  AUTHORIZATION 
          This section sets the authorization policies of the application. You can allow or deny access
          to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous 
          (unauthenticated) users.
    -->
    <authorization>
        <allow users="*"/> <!-- Allow all users -->

            <!--  <allow     users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
                  <deny      users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
            -->
    </authorization>

    <!--  APPLICATION-LEVEL TRACE LOGGING
          Application-level tracing enables trace log output for every page within an application. 
          Set trace enabled="true" to enable application trace logging.  If pageOutput="true", the
          trace information will be displayed at the bottom of each page.  Otherwise, you can view the 
          application trace log by browsing the "trace.axd" page from your web application
          root. 
    -->
    <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true"/>


    <!--  SESSION STATE SETTINGS
          By default ASP.NET uses cookies to identify which requests belong to a particular session. 
          If cookies are not available, a session can be tracked by adding a session identifier to the URL. 
          To disable cookies, set sessionState cookieless="true".
    -->
    <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20"/>

    <!--  GLOBALIZATION
          This section sets the globalization settings of the application. 
    -->
    <globalization requestEncoding="utf-8" responseEncoding="utf-8"/>
		<browserCaps>
			<!--NETSCAPE 6 and 7 //-->
			<case match="^Mozilla/5\.0 \([^)]*\) (Gecko/[-\d]+ )?Netscape[6|7]/(?'version'(?'major'\d+)(?'minor'\.\d+)(?'letters'\w*)).*">
				tagwriter=System.Web.UI.HtmlTextWriter
				browser=Netscape
				version=${version}
				majorversion=${major}
				minorversion=${minor}
				frames=true
				tables=true
				cookies=true
				javascript=true
				javaapplets=true
				ecmascriptversion=1.5
				w3cdomversion=1.0
				css1=true
				css2=true
				xml=true
			</case>
			<!-- MOZILLA //-->
			<case match="^Mozilla/(?'version'(?'major'\d+)(?'minor'\.\d+)(?'letters'\w*)).*">
				<case match="^[5-9]\." with="${version}">
					tagwriter=System.Web.UI.HtmlTextWriter
				</case>
			</case>
			<!--OPERA 5+//-->
			 <case match="Opera[ /](?'version'(?'major'\d+)(?'minor'\.\d+)(?'letters'\w*))">
				browser=Opera
				version=${version}
				majorversion=${major}
				minorversion=${minor}
				frames=true
				tables=true
				cookies=true
				javascript=true
				ecmascriptversion=1.1

		         <filter match="[4-9]" with="${major}">
					ecmascriptversion=1.3
					css1=true
					css2=true
					xml=true
				     <filter match="[5-9]" with="${major}">
			             tagwriter=System.Web.UI.HtmlTextWriter
			             w3cdomversion=1.0 
				     </filter>
	             </filter>
	             <filter match="^b" with="${letters}">
					beta=true
				</filter> 
             </case>
		</browserCaps>
  </system.web>

</configuration>
Member Avatar for woden

please help me, i have problems

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: File or assembly name CrystalDecisions.CrystalReports.Engine, or one of its dependencies, was not found.

Source Error:


Line 14: debugging ASP.NET files.
Line 15: -->
Line 16: <compilation defaultLanguage="vb" debug="true"><assemblies><add assembly="CrystalDecisions.CrystalReports.Engine, Version=9.1.5000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add assembly="CrystalDecisions.ReportSource, Version=9.1.5000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add assembly="CrystalDecisions.Shared, Version=9.1.5000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add assembly="CrystalDecisions.Web, Version=9.1.5000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/></assemblies></compilation>
Line 17:
Line 18: <!-- CUSTOM ERROR MESSAGES


what can i do?

commented: Not the appropriate place to post this message, and it is vague +0
Member Avatar for Paladine

please help me, i have problems

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: File or assembly name CrystalDecisions.CrystalReports.Engine, or one of its dependencies, was not found.

Source Error:


Line 14: debugging ASP.NET files.
Line 15: -->
Line 16: <compilation defaultLanguage="vb" debug="true"><assemblies><add assembly="CrystalDecisions.CrystalReports.Engine, Version=9.1.5000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add assembly="CrystalDecisions.ReportSource, Version=9.1.5000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add assembly="CrystalDecisions.Shared, Version=9.1.5000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/><add assembly="CrystalDecisions.Web, Version=9.1.5000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304"/></assemblies></compilation>
Line 17:
Line 18: <!-- CUSTOM ERROR MESSAGES


what can i do?

OK thanks for posting the error message, but that helps little when you are not providing a description of what you were doing or trying to do?

When do you get this error message? For this login? I don't think so, as Crystal Decisions is used for generating reports, not a login.

Please provide more details, files involved, and maybe then I can help.

Member Avatar for arsenal

Can i get a sample of login page using SQL Server 2000 but not Access????
because i do not know how to change the code by using SQL Server 2000

Hope can help me...

it's urgent

thanks a lot

Member Avatar for Paladine

Can i get a sample of login page using SQL Server 2000 but not Access????
because i do not know how to change the code by using SQL Server 2000

Hope can help me...

it's urgent

thanks a lot

OK, this shouldn't be too hard to piece together from the basic structure I have provided above. But since you are not the first person to ask me about this I feel I should provide some of the changes that need to be made to the code to use SQL Server.

Ok remember that you require the creation of a connection object inorder to access the SQL Database. The basics for the connection string (the means of creating this connection object) is;


Imports System.Data.SqlClient
...
Dim oSQLConn As SqlConnection = New SqlConnection()
oSQLConn.ConnectionString = "Data Source=(local);" & _
"Initial Catalog=myDatabaseName;" & _
"Integrated Security=SSPI"
oSQLConn.Open()

or if you are using a remote server this is the basic structure:

(via IP address):

oSQLConn.ConnectionString = "Network Library=DBMSSOCN;" & _
"Data Source=xxx.xxx.xxx.xxx,1433;" & _
"Initial Catalog=myDatabaseName;" & _
"User ID=myUsername;" & _
"Pas sword=myPassword"

But I will show below the changes you could do to the above code and still use the Web.Config file (much more secure).

New Web.Config (partial code only, not the whole file)

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <!--	|||||	Application Settings	|||||	-->
  <appSettings>
	<add key="strConn" value="Provider=SQLOLEDB;Data Source=(local);Initial Catalog=Northwind;Integrated Security=SSPI;"/>
  </appSettings>
  <system.web>

The updated heading to all ASP.Net Page Code Behinds (still using VB.Net):

Imports System.Web.Security '   |||||   Required Class for Authentication
Imports System.Data '   |||||   DB Accessing Import
'   || The following two IMPORTS are for Access DB & SQL Server DB Respectively
'   Imports System.Data.OleDb   '   ||||||  Access Database Required Import!
Imports System.Data.SqlClient
Imports System.Configuration    '   ||||||  Required for Web.Config appSettings |||||

Changes needed to create an SQL Connection Object:

'   |||||   First is the Connection Object for an Access DB
        'Dim MyConn As OleDbConnection = New OleDbConnection(ConfigurationSettings.AppSettings("strConn"))
        '   |||||   This is the Connections Object for an SQL DB
        Dim MyConn As SqlConnection = New SqlConnection(ConfigurationSettings.AppSettings("strConn"))

[/b]

Changes to the code for SQL Command Object creation:

'   |||||   To Access a Stored Procedure in Access - Requires a Command Object
        'Dim MyCmd As New OleDbCommand("sp_ValidateUser", MyConn)
        '   |||||   To Access a Stored Procedure in SQL Server - Requires a Command Object
        Dim MyCmd As New SqlCommand("sp_ValidateUser", MyConn)

Now there is other parts of the code you have to change, but from the few I have already done it should be fairly easy to know what other changes need to be made. Those could/would include but not limited to: OleDBParamater Object, OleDbType.Char (this would be SqlDbType.Char ? ), and the OleDbDataReader object to name a few!

Hope this helps, and happy coding!

:cool:

Member Avatar for urbanXroadsjr

Don't worry I'm in the same boat as you in using SQL Server, When I figure it out I'll let you know. I'm a novice to ASP.NET also.

Member Avatar for Sulley's Boo


ammm .. is this what i want? .. amm .. :-|

i am using MS Access as the backend for my website .. and VB .NET as the front end ..

do i have to type in alllllll that code for the login thing? ..

i mean only registered members can log in .. how can i do that? .. the registeration thingy is working .. :cool: ..

:( ..

Member Avatar for Javaknight

Now there is other parts of the code you have to change, but from the few I have already done it should be fairly easy to know what other changes need to be made. Those could/would include but not limited to: OleDBParamater Object, OleDbType.Char (this would be SqlDbType.Char ? ), and the OleDbDataReader object to name a few!

Experts,

This code has been a very good introduction for me to learn the .Net environment. :D I am currently porting/translating an application done in traditional ASP into .Net. However, I am experiencing difficulties using the login example here as a guide. While the page comes up with no errors and the validators work I am having trouble making the application send the user to a different page. (OK I am VERY new to programming in ASP.NET. :o ) I am trying to determine whether the problem is in my code or in the Stored Procedure that I created :?: ; Since the system is not giving me an error message, I am kind of in a quandary. :sad:

This is the code for my Stored Procedure (I have changed some of the elements in the example because of some of the application logic.):

CREATE PROCEDURE dbo.ws_ValidateUser
(@wisUser nVarChar(50),
@wisUserPass nVarChar(50))
AS
SELECT
Count(*) as Num_of_Users
FROM
Dbo.Users
WHERE loginName = @wisUser AND Password = @wisUserPass
GO

Does anyone know SQL Server well enough to tell me if there is a problem in this procedure :?: (I believe I have been consistent in my use of the variable and field names throughout the application, that are different from the original example by Paladine.) Do I need to provide some of the code as well :?:

Member Avatar for Paladine

Well the SQL looks sound to me. This line of code redirects the client on successful login:

FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, False) ' ||||| default.aspx Page!

and if not,

Response.Redirect("Denied.aspx")

Not sure if that helps. But SQL does not affect the Redirection unless you condition statement (which I am not sure what it looks like) bypasses this redirection.

Member Avatar for Javaknight

Well the SQL looks sound to me. This line of code redirects the client on successful login:

FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, False) ' ||||| default.aspx Page!

and if not,

Response.Redirect("Denied.aspx")

Not sure if that helps. But SQL does not affect the Redirection unless you condition statement (which I am not sure what it looks like) bypasses this redirection.

Thanks for answering Paladine!

Thats very helpful. (When one doesn't know whats wrong, one has a tendency to waste time with things that are really inconsequential.) The nature of this problem disturbs me because the application does not seem to be executing the conditional in the DBConnection function. If I leave one of the text boxes blank the validation works, however if I type in any user name and password, the page just seems to refresh. I should have mentioned that I have attempted to execute this code without using the codebehind method of programming. (I can never get it to work for me.)

I think that I will have to keep playing with it because I think that I have modified the example beyond the point where it can be recognizably assisted remotely. I will let you know what I come up with.

Member Avatar for Javaknight

I will let you know what I come up with.

Paladine,

I finally solved the problem. :cheesy: I was not getting a response from the page because my webform button was not set up correctly. :o

This is the code that I modified from the original:

<asp:button id="cmdSubmit" text="Submit" runat="server" borderstyle="Solid" [B]onclick="cmdSubmit_Click"[/B]>

I can only assume that I had to add this onclick element because I am not using the codebehind method of programing. I'll attempt to keep this in mind in the future.

Thanks for your help! :cool:

Member Avatar for SPYRO

Really good job!

Here is an idea for a little improvement in the Try block:
(Just to keep the coding happy ;) )


Try
If MyConn.State = ConnectionState.Closed Then
MyConn.Open()
End If

Return MyCmd.ExecuteScalar()

Catch ex As Exception
lblMessage.Text = "Error Connecting to Database!"
Finally
MyConn.Close()
End Try

Member Avatar for Dragtoth

Hi Paladine,

firstly thank you so much for the code coz it really helps me get started. After compiling and running the login.aspx and typed in the username - Admin / password - Admin (what is in the Northwind.mdb), it still prompt me invalid login. Why is this so?

And also, is there any way to encrypt or hide the password stored in Northwind.mdb? Because I see there's no security if anybody can just open and see the password right? Thanks in advance for the help. GREAT SITE!!

Member Avatar for Paladine

Thanks Dragtoth, glad it helps...well kind of anyway. :cool:

Ok, have you gone through the debugging and scene what value(s) are being passed to the DB? That would be my first step. Always confirm what is being sent to the DB, you may type it correctly in the login boxes but that does not mean it is being passsed correctly to the DB.

PM me if you have the answer or that still doesn't solve it.

As for Encryption, I haven't had a chance to sit down and write the code for that, but you could use SHA1 encryption (part of the .NET environment) and there are some things you can do to mask the password in Access (i.e. Input Mask in the table design view)

Hope this helps.

I will try to sit down soon and write an encryption version of this.

Member Avatar for doradylam

Thanks Dragtoth, glad it helps...well kind of anyway. :cool:

Ok, have you gone through the debugging and scene what value(s) are being passed to the DB? That would be my first step. Always confirm what is being sent to the DB, you may type it correctly in the login boxes but that does not mean it is being passsed correctly to the DB.

PM me if you have the answer or that still doesn't solve it.

As for Encryption, I haven't had a chance to sit down and write the code for that, but you could use SHA1 encryption (part of the .NET environment) and there are some things you can do to mask the password in Access (i.e. Input Mask in the table design view)

Hope this helps.

I will try to sit down soon and write an encryption version of this.

Hi Paladine

I am having the same trouble as the others... I have done everything as stated in the code, but still no matter what is typed in the username or password text boxes, the label states "Invalid Login" and I can't figure out why for the life of me!

Please help if you can!

Thanks in advance!

Member Avatar for doradylam

Also,

" Dim LoginSQL As String"

seems to have been declared for no further use or references throughout...

THanks

Member Avatar for MarkyMarc

Hi,

Maybe you can help me.

I have an existing web site done with ASP pages. Now we would like to add a login using the ASP.NET Forms method.

Is there a way to have the user redirected to the login when requesting an ASP page when he is not loged in? Maybe a cookie to check or something?

We tried to convert to ASP pages to ASPX pages but it would require redoing the web site almost entirelly and unfortunatelly this is not an option right now.

Thank you

Member Avatar for Kendel

Hi everyone,

Another .net newbie in the house. Could someone please put everything together for SQL DB? I am trying to follow the instruction on Access and then change some stuffs to SQL but it didn't work. I have no clue what I was doing wrong.

Thank you so much.

-kendel

Member Avatar for Paladine

Hi folks, sorry been really busy lately. Ok, I will redo the whole thing in Access, SQL and Oracle (just in case).

So bare with me till the weekend.

Later

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.