Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C# ASP.NET SQL-Server
Hello Code Project,
 
I have used 3-tier architecture in my application and I'm trying to do Login using stores procedure, Though I am entering data that is not in database, I could Login.. If I am not using 3 tier architecture, I am able to do what I want.
please help me to improve the following code,
 
//Data Logic
   static string ConStr = @"Data Source=ROHIT-PC\SQLEXPRESS;Initial Catalog=MPAdvisor;Integrated Security=True";
        SqlConnection con = new SqlConnection(ConStr);
 
        public void LogIn(string username, string password)
        {
            con.Open();
 
            SqlCommand cmd = new SqlCommand("LogInProcedure", con);
            cmd.CommandType = CommandType.StoredProcedure;
 
            cmd.Parameters.AddWithValue("@username", username);
            cmd.Parameters.AddWithValue("@password", password);
 
            SqlDataReader reader = cmd.ExecuteReader();
        }
 
//Business Logic
DataLogic.DataClass dc = new DataLogic.DataClass();
 
       string username, password;
 
       public string GetUserName
       {
           get
           {
               return username;
           }
           set
           {
               username = value;
           }
       }
 
       public string GetPassword
       {
           get
           {
               return password;
           }
           set
           {
               password = value;
           }
       }
 
       public void doLogIn()
       {
           dc.LogIn(username, password);
       }
 
// Presentation Logic
 BusinessLogic.BusinessClass bc = new BusinessLogic.BusinessClass();
 
            bc.GetUserName = usernametxt.Text;
            bc.GetPassword = passwordtxt.Text;
            bc.doLogIn();
 
            Session["uname"] = usernametxt.Text;
            Response.Redirect("Home.aspx");
 
// Stored Procedure
ALTER PROCEDURE dbo.LogInProcedure
    @username nvarchar (50),
    @password nvarchar (50)
AS
    SET NOCOUNT ON;
SELECT  * FROM users
WHERE   user_username=@username AND user_password=@password
Posted 17-Nov-12 18:52pm
Edited 18-Nov-12 0:30am
v2
Comments
Krunal R at 18-Nov-12 4:44am
   
Please answer it, I really need it...
Shanalal Kasim at 18-Nov-12 5:01am
   
This is logical mistake. You are not add login condition in "Presentation Logic", You are all wise redirecting to "Home.aspx"
Krunal R at 18-Nov-12 7:29am
   
okay, could you please modify the code ?
Krunal R at 18-Nov-12 6:15am
   
but my Login condition is in Stored Procedure, isn't it ?
aspnet_regiis -i at 18-Nov-12 6:56am
   
First understand the code before you try to use it.. Better way write your own instaed of copy pasting from somewhere
Krunal R at 18-Nov-12 7:28am
   
If you don't want to help it, then don't comment like this... And If I've copied it from somewhere then I should have solution as well okay.
aspnet_regiis -i at 18-Nov-12 14:14pm
   
Well .. The reason I am saying the code is copy pasted because it is not complete. Only a person who has not written this code will try to 'use' it. Otherwise it is a useless code.
 
The reasons I call it useless because::::
1. This method should return something. Most probably a 'bool' . But it returns 'void'. How are you going to verify the result if it does not return anything ????
public void LogIn(string username, string password)
 
2. This code should read a value from the reader. But your code ends after this line of code. Same mistake repeated.
SqlDataReader reader = cmd.ExecuteReader();
}
 
3. Also this method returns 'void' . Same mistake repeated
public void doLogIn()
 
4. Even if the user is able to login or not, the session is created for him and redirected to Home.aspx ,irrespective of the authentication result... Then why need the username/password itself ?
 
bc.doLogIn();

Session["uname"] = usernametxt.Text;
Response.Redirect("Home.aspx");
 
5. Passwords are not hashed. Even a student level project does not have plaintext passwords...
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

You need to correct these mistakes before you try to use this code
 

1. This method should return something. Most probably a 'bool' . But it returns 'void'. How are you going to verify the result if it does not return anything ????
public void LogIn(string username, string password)
2. This code should read a value from the reader. But your code ends after this line of code.
SqlDataReader reader = cmd.ExecuteReader();
        }
3. Also this method returns 'void' . Same mistake repeated
 public void doLogIn()
4. Even if the user is able to login or not, the session is created for him and redirected to Home.aspx ,irrespective of the authentication result... Then why need the username/password itself ?
 bc.doLogIn(); 
Session["uname"] = usernametxt.Text;
Response.Redirect("Home.aspx");
5. Passwords are not hashed. Even a student level project does not have plaintext passwords...
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Stop and think about what you're doing. What code here is supposed to stop a login ? If your old code works, it's because the Login method CHECKS if a user is logged in and returns a bool which means you can act on a failed login. This is useless, you call a method that returns nothing, how can you decide to log someone in or not ?
'
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 205
1 Sergey Alexandrovich Kryukov 160
2 jlopez788 109
3 Rob Philpott 100
4 Prakriti Goyal 97
0 OriginalGriff 6,837
1 Sergey Alexandrovich Kryukov 5,589
2 Maciej Los 3,479
3 Peter Leow 3,323
4 DamithSL 2,505


Advertise | Privacy | Mobile
Web02 | 2.8.140721.1 | Last Updated 18 Nov 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100