Simple Login Page in asp.net using stored procedures

Question

2.57/5 (3 votes)

See more:

, +

I am developing a login page in asp.net.IF the username and password matches i want to redirect to another aspx page.This is my stored procedure and my c# code.My problem is even if the username and password are given wrongly it is moving to that aspx page.Please help me with the correct code

C#

protected void btnLogin_Click(object sender, EventArgs e)
   {
       try
       {
           SqlCommand cmd = new SqlCommand("sp_ValidateUser", SqlConObject);
           cmd.CommandType = CommandType.StoredProcedure;
           SqlParameter param1 = new SqlParameter("@User_name", txtUsename.Text);
           SqlParameter param2 = new SqlParameter("@User_password", txtPassword.Text);
           cmd.Parameters.Add(param1);
           cmd.Parameters.Add(param2);
           SqlConObject.Open();
           cmd.ExecuteNonQuery();
           Response.Redirect("ISSRegisterUsingSP.aspx");
       }
       catch (Exception e7)
       {
           lblErrorMessage.Text = e7.Message;
       }
       finally
       {
           SqlConObject.Close();
       }

   }

SQL

 IF EXISTS
(SELECT * FROM INFORMATION_SCHEMA.ROUTINES WHERE SPECIFIC_SCHEMA=N''
AND SPECIFIC_NAME=N'')

DROP PROCEDURE sp_ValidateUser
GO
CREATE PROCEDURE sp_ValidateUser
(
@User_name VARCHAR(50)
,@User_password VARCHAR(50)
)
AS
BEGIN
SELECT UserName
		,UserPassword
FROM ISSLogin_Details
WHERE UserName=@User_name AND UserPassword=@User_password
END
GO

Posted 31-Jul-12 21:16pm

ajithk444

Updated 31-Jul-12 21:27pm

v2

Add a Solution

Comments

Zoltán Zörgő 1-Aug-12 3:20am

How do you retrieve the result of your stored procedure? ExecuteNonQuery is for DML in the first place. You need to read the result and redirect based on the result.

ajithk444 1-Aug-12 3:26am

Hi I am new to asp.
If it is not ExecuteReader() what should i use.Can u get me the correct code for this.

ajithk444 1-Aug-12 3:29am

i jus need a stored procedure to validate the username and password and redirect to a new page.what changes should i need to do in this code..pls help me

4 solutions

Solution 3

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Web.Security;
public partial class Hello : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}
protected void Button1_Click(object sender, EventArgs e)
{

SqlConnection con = new SqlConnection("Data Source=DEEPSINGH-C\\SQLEXPRESS;Initial Catalog=Test;Integrated Security=True");
SqlCommand cmd = new SqlCommand("loginreg",con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@name", TextBox1.Text);
cmd.Parameters.AddWithValue("@password", TextBox2.Text);
con.Open();
cmd.ExecuteNonQuery();
SqlDataReader dr = cmd.ExecuteReader();
if (dr.HasRows)
{
dr.Read();
FormsAuthentication.RedirectFromLoginPage(TextBox1.Text, true);
Response.Redirect("Default2.aspx");
con.Close();
}
}

}

Posted 26-Jul-13 0:07am

gajendra225

Comments

CHill60 27-Jul-13 11:32am

You do realise this question is a year old and there is little difference between if(dt.Rows.Count>0) from Solution 1 to your if (dr.HasRows)

Solution 4

just set integer number like this due to it return the number of row

C#

int row_return = cmd.ExecuteNonQuery();
             if(row_return>0)
            Response.Redirect("ISSRegisterUsingSP.aspx");

Posted 15-Apr-14 2:27am

Mahmoud_Gamal

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

sauravbanthia · Accepted Answer · 2012-07-31T22:23:00

If you want to check through a stored procedure that whether the username and password used in the login process is correct or not, then you may use an output parameter in the stored procedure.

Declare an output parameter as follows:

Declare @result as int out

Suppose table name is tblInfo

select @result = count(*) from tblInfo where username=@username and password=@password

If this output parameter return a value greater than 0, which may be checked din the front end, then the login credentials are correct, otherwise its false.

For further details you may visit us @ http://www.industrialtrainingkolkata.com/?cat=12

Besides, you may also join our 100% Job Oriented Practical training on ASP.NET with C# and SQL Server. You may call us @ 9830386818/09831709190.

Himanshu Yadav · Accepted Answer · 2012-07-31T21:37:00

Hi,
Every thing is fine but instead of using ExecuteNonQuery you use SqlDataAdapter like as follows..

protected void btnLogin_Click(object sender, EventArgs e)
      {
          try
          {
              SqlCommand cmd = new SqlCommand("sp_ValidateUser", SqlConObject);
              cmd.CommandType = CommandType.StoredProcedure;
              SqlParameter param1 = new SqlParameter("@User_name", txtUsename.Text);
              SqlParameter param2 = new SqlParameter("@User_password", txtPassword.Text);
              cmd.Parameters.Add(param1);
              cmd.Parameters.Add(param2);
              SqlConObject.Open();
              //cmd.ExecuteNonQuery();
              SqlDataAdapter da = new SqlDataAdapter(cmd);
              DataTable dt=new DataTable ();
              da.Fill(dt);
              if(dt.Rows.Count>0)
              {
               Response.Redirect("ISSRegisterUsingSP.aspx");
              }
          }
          catch (Exception e7)
          {
              lblErrorMessage.Text = e7.Message;
          }
          finally
          {
              SqlConObject.Close();
          }

      }