#1
  1. No Profile Picture
    Contributing User
    ASP Discoverer (100 - 499 posts)

    Join Date
    Dec 2005
    Posts
    261
    Rep Power
    13

    Problem with Login form


    Hello

    In an ASP.NET (VB) Login.aspx form, isn't it necessary to have a SELECT FROM statement in order to validate that what the registered user has typed in in the username and password fields in an online login form is in the database?

    And isn't it necessary that there is an activation page (url) where the user is redirected to after his form field details (log-in credentials) have been verified by the server?

    I ask because my ASP.NET (Login.aspx form - linked to my 'new user form, Register.aspx) seems to be 'standing still and I wonder if it's because I do not have the above details in my code.

    My code is as follows and I do not get any errors and I have debugged it:

    Code:
    Partial Public Class Account_Login
        Inherits Page
        Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
            RegisterHyperLink.NavigateUrl = "Register"
            OpenAuthLogin.ReturnUrl = Request.QueryString("ReturnUrl")
            Dim returnUrl = HttpUtility.UrlEncode(Request.QueryString("ReturnUrl"))
            If Not [String].IsNullOrEmpty(returnUrl) Then
                RegisterHyperLink.NavigateUrl += "?ReturnUrl=" & returnUrl
            End If
        End Sub
    
    Protected Sub LogIn(sender As Object, e As EventArgs) Handles btnLogin.Click
    
        If IsValid Then             ' Validate the user password             
    
            Dim manager = New UserManager()
    
            Dim user As ApplicationUser = manager.Find(username.Text, password.Text)
    
            Try
    
                If user IsNot Nothing Then
    
                    IdentityHelper.SignIn(manager, user, RememberMe.Checked)
    
                    IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response)
    
                End If
    
            Catch ex As Exception
    
                    FailureText.Text = ex.Message 'Should show the actual error line from the stack trace.
    
                ErrorMessage.Visible = True
    
            End Try
    
        End If
    
    End Sub
    
    End Class
    Thank you for any suggestions.

    Steve
  2. #2
  3. No Profile Picture
    Contributing User
    ASP Discoverer (100 - 499 posts)

    Join Date
    Jul 2010
    Posts
    138
    Rep Power
    12
    The usermanager() handles all the login validation and select querys, i believe it's a security measure, so if you're hacked, you can't see what the table names/locations are for users. Also, i've replaced the following line

    IdentityHelper.RedirectToReturnUrl(Request.QuerySt ring("ReturnUrl"), Response)

    With

    Response.Redirect("/Pages/Member/MemberPortal.aspx") Replace the parenthesis information with whatever page directory you want to send a user to once logged in, and you should be set to go. I had issues with that IdentityHelper.Redirect when i changed the Login.aspx page myself.

    Also, what may be causing the hangup, is the usermanager/identityhelper can't find the database, perhaps this may be causing your problem too
    Last edited by Superdawg; October 17th, 2014 at 04:03 PM.
  4. #3
  5. No Profile Picture
    Contributing User
    ASP Discoverer (100 - 499 posts)

    Join Date
    Dec 2005
    Posts
    261
    Rep Power
    13
    Thanks for your reply.

    I have found some code which seems more relevant to what I was looking for and address the database issue that you mention:


    Code:
    Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs)
            AddHandler btnLogin.Click
            Dim connect = "Provider=Microsoft.Jet.OleDb.4.0; Data Source=|DataDirectory|students.mdb;"
    
            Dim query As String
            query = "Select Count(*) From university Where username = ? AND [password] = ?"
            Dim result As Integer = 0
            Using conn As New OleDbConnection(connect)
                Using cmd As New OleDbCommand(query, conn)
                    cmd.Parameters.AddWithValue("", username.Text)
                    cmd.Parameters.AddWithValue("", password.Text)
                    conn.Open()
                    Session("User") = username.Text
                    result = DirectCast(cmd.ExecuteScalar(), Integer)
                End Using
            End Using
            If result > 0 Then
                Response.Redirect("upload.asp")
            Else
                FailureText.Text = "Invalid credentials"
            End If
        End Sub
    End Class
    My only concern is that it doesn't use the usermanager that you mention and which 'handles all the login validation and select queries'.

    Actually, I get an error under the letter 'k' here:

    Code:
    AddHandler btnLogin.Click
    It says 'comma expected'. I have tried inserting one but no luck so far.

    Thanks again.
  6. #4
  7. Contributing User
    ASP Skiller (1500 - 1999 posts)

    Join Date
    Aug 2008
    Location
    USA
    Posts
    1,606
    Rep Power
    347
    could you paste the error message and line no , to find exact issue.
    Thanks
    if you found this post is useful click Give Rep button (bottom side on this reply ) and agree

    Jquery Shake Effect ,
    Andriod KitKat


    Thank You,
    KiranK
  8. #5
  9. No Profile Picture
    Contributing User
    ASP Discoverer (100 - 499 posts)

    Join Date
    Dec 2005
    Posts
    261
    Rep Power
    13
    Hello

    Thanks for your reply.

    This is my database-specific code in Login.aspx.vb:

    Code:
    Dim NewWindow As Object
    
        Protected Sub Page_Load(ByVal sender As Object, e As EventArgs) Handles Me.Load
    
            RegisterHyperLink.NavigateUrl = "Register"
            OpenAuthLogin.ReturnUrl = Request.QueryString("ReturnUrl")
    
            Dim returnUrl = HttpUtility.UrlEncode(Request.QueryString("ReturnUrl"))
    
            If Not [String].IsNullOrEmpty(returnUrl) Then
                RegisterHyperLink.NavigateUrl += "?ReturnUrl=" & returnUrl
    
            End If
    
            End Sub
    I am not sure what ReturnUrl actually refers to. When the user logs in, he should be taken to a page called upload.aspx

    Thank you again.

    Steve
  10. #6
  11. Contributing User
    ASP Skiller (1500 - 1999 posts)

    Join Date
    Aug 2008
    Location
    USA
    Posts
    1,606
    Rep Power
    347
    code looks good for me, did you get the chance to debug the application and put the break point in returnUrl value.

    also , could you please paste your user validate code ? may i know how do you validate user is valid or not and setting return url ?

    thanks
  12. #7
  13. No Profile Picture
    Contributing User
    ASP Discoverer (100 - 499 posts)

    Join Date
    Dec 2005
    Posts
    261
    Rep Power
    13
    Dim ReturnURL As String is all that intellisense shows me when I press on F9 on both of these lines:

    Code:
    OpenAuthLogin.ReturnUrl = Request.QueryString("ReturnUrl")
    
            Dim returnUrl = HttpUtility.UrlEncode(Request.QueryString("ReturnUrl"))
    I only check to see if the user exists if he loses his password. Should I be checking that he exists just while logging in?

    Thanks!
  14. #8
  15. Contributing User
    ASP Skiller (1500 - 1999 posts)

    Join Date
    Aug 2008
    Location
    USA
    Posts
    1,606
    Rep Power
    347
    Yes, this is basic authentication you have to validate that entered email id & password match in database
    if user is valid then you can redirect to home page of you website else you prompt error message as wrong credential.


    please refer this basic article on how to validate user credentials.
    Validating User Credentials Against the Membership User Store (C#) | The ASP.NET Site

    Comments on this post

    • jamespayne agrees
  16. #9
  17. No Profile Picture
    Contributing User
    ASP Discoverer (100 - 499 posts)

    Join Date
    Dec 2005
    Posts
    261
    Rep Power
    13
    Hello Mark

    Thanks for your post and link.

    I do have a kind of validation which is part and parcel of a salt/hash code.

    In my form (aspx) file, I have:

    Code:
    <asp:PlaceHolder runat="server" ID="ErrorMessage" Visible="false">
                            <p class="text-danger">
                                <asp:Literal runat="server" ID="FailureText" />
                            </p>
                        </asp:PlaceHolder>
    and in my aspx.vb file:

    Code:
     Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click
    
           Dim mySHA512 As SHA512 = SHA512Managed.Create()
    
            Dim connect = "Provider=Microsoft.Jet.OleDb.4.0; Data Source=|DataDirectory|students.mdb;"
            
            Dim query As String
            query = "Select Count(*) From university Where username = ? AND [password] = ?"
            
           Dim result As Integer = 0
            
          Using conn As New OleDbConnection(connect)
          Using cmd As New OleDbCommand(query, conn)
    
                   cmd.Parameters.AddWithValue("", username.Text)               
                   cmd.Parameters.AddWithValue("@password", HashPassword(password.Text, Nothing, New SHA512Managed))
    
                    conn.Open()
                    Session("User") = username.Text
                    result = DirectCast(cmd.ExecuteScalar(), Integer)
                End Using
            End Using
            If result > 0 Then
                Response.Redirect("upload.aspx")
            Else
                FailureText.Text = "Invalid credentials"
            End If
        End Sub
    Is that sufficient to validate the user's password?

    Thanks again for your patience.
  18. #10
  19. Contributing User
    ASP Skiller (1500 - 1999 posts)

    Join Date
    Aug 2008
    Location
    USA
    Posts
    1,606
    Rep Power
    347
    Yeah, this looks good for me.. except this line

    cmd.Parameters.AddWithValue("", username.Text) // try passing parameter for username as well just like password


    again there are many way to improve the coding , but at the beginning level this seems good. you may use Store procedure instead of inline query
    also put server side validation on special character before making call to query or SP. also add client side validation as well.

    hope this will help you

    Comments on this post

    • SteveHigh agrees
  20. #11
  21. No Profile Picture
    Contributing User
    ASP Discoverer (100 - 499 posts)

    Join Date
    Dec 2005
    Posts
    261
    Rep Power
    13
    I have changed it to this now:

    cmd.Parameters.AddWithValue("@username", username.Text)

    and it seems to be working, but you are right, I haven't got any client-side validation. I really need to add a couple of username.Text.Visible boxes for errors/to explain to the user what is happening.

    Thank you.
  22. #12
  23. Contributing User
    ASP Skiller (1500 - 1999 posts)

    Join Date
    Aug 2008
    Location
    USA
    Posts
    1,606
    Rep Power
    347
    Originally Posted by SteveHigh
    I have changed it to this now:

    cmd.Parameters.AddWithValue("@username", username.Text)

    and it seems to be working, but you are right, I haven't got any client-side validation. I really need to add a couple of username.Text.Visible boxes for errors/to explain to the user what is happening.

    Thank you.
    Yeah, Glad to help you .. Could you please add some reputation point while saying agree .. this will help me to build my profile.

    Comments on this post

    • SteveHigh agrees
    • jamespayne agrees : Hey Mark, thanks for answering the question.
  24. #13
  25. No Profile Picture
    Contributing User
    ASP Discoverer (100 - 499 posts)

    Join Date
    Dec 2005
    Posts
    261
    Rep Power
    13
    It says:

    You are limited to enter only reputation comments for
    this user until time period is over. 0

    I have pressed the 'Add to reputation' button.

    Thanks again.
  26. #14
  27. No Profile Picture
    Editor in Beef
    ASP Discoverer (100 - 499 posts)

    Join Date
    Sep 2008
    Location
    South Florida
    Posts
    114
    Rep Power
    20
    Hey Steve, I added some rep points on your behalf.
    Editor-in-Chief
    Dev Shed, LLC
  28. #15
  29. Contributing User
    ASP Skiller (1500 - 1999 posts)

    Join Date
    Aug 2008
    Location
    USA
    Posts
    1,606
    Rep Power
    347
    Thanks guys !!

Similar Threads

  1. Asp.net Form Authentication weird login problem in IE
    By bilal84 in forum .NET Development
    Replies: 0
    Last Post: September 18th, 2011, 10:21 PM
  2. Login Form template, reference Login Value
    By ryanlash in forum .NET Development
    Replies: 1
    Last Post: September 19th, 2007, 02:47 AM
  3. Login form problem
    By nikpony in forum ASP Development
    Replies: 5
    Last Post: September 6th, 2006, 04:03 AM
  4. login form
    By anasalama in forum .NET Development
    Replies: 1
    Last Post: April 26th, 2005, 05:20 PM
  5. Replies: 3
    Last Post: January 30th, 2002, 08:02 AM

IMN logo majestic logo threadwatch logo seochat tools logo