How can I authentication a user login with username, password and usertype

Question

0.00/5 (No votes)

See more:

I have created a login interface for my project using window forms. It works correctly however I will like to add one more authentication parameter to it and I am facing some challenges. I have two types of users in the system [Incubator and Employee]. Both user types have different login forms but authentication is done on the same table. What differentiates the users is the userType field on the login table. I will like to also check before login is done if the user is using the right module or login form by adding the userType field to check if the logging-in user is an Incubator or an Employee. For example, if the current user is an employee but clicks on an Incubator login form and inputs his or her username and password, the system should not allow the login even though the username and password may be correct.

Below is my current code for the login
<pre lang="C#"><pre>
private void btu_Login_Click(object sender, EventArgs e)
        {
            var user1 = dbe.userAccounts.FirstOrDefault(a => a.username.Equals(txtUsername.Text));
            if (txtUsername.Text != string.Empty || txtPassword.Text != string.Empty)
            {
               
                if (user1 != null)
                {
                    if (user1.password.Equals(txtPassword.Text) || user1.Acct_Type.Equals(txtCheckIncu.Text))
                    {
                        LoggedIncubatorBankLogIn.Username = user1.username;
                        this.Hide();
                        IncubatorBank m1 = new IncubatorBank();
                        m1.ShowDialog();


                    }
                    else
                    {
                        MessageBox.Show("Invalid Password, OR wrong module used");
                    }
                }
                else
                {
                    MessageBox.Show("Username cannot be empty");
                }
            }
            else
            {
                MessageBox.Show("Username and Password cannot be empty");
            }
           
        }

Do not know what i am doing wrong here, kindly help me get this code to work

What I have tried:

I created a textbox with the correct acct_Type on the login form, made it blend with the background so it is not visible to the user, and I am comparing the user1.Acct_Type the string in the textbox.

if (user1.password.Equals(txtPassword.Text) || user1.Acct_Type.Equals(txtCheckIncu.Text))

yet when i log in with a user who's acct_type is not equal to the string in the textbox it still log me in

Posted 12-Jun-21 21:59pm

Member 14133069

Updated 12-Jun-21 22:35pm

Add a Solution

Comments

Richard MacCutchan 13-Jun-21 4:02am

The first thing you are doing wrong is storing passwords in clear text.

Member 14133069 13-Jun-21 4:10am

thanks for the observation @Richard, I will be glad if you could point me to a material that can help me not to store password in cleartext. For now, I simply want to make sure the user is using the right module. Kindly assist if you can

Richard MacCutchan 13-Jun-21 4:30am

See Secure Password Authentication Explained Simply[^]

Member 14133069 13-Jun-21 4:33am

Thanks..... How about the question on board

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard MacCutchan · Accepted Answer · 2021-06-12T22:35:00

C#

if (user1.password.Equals(txtPassword.Text) || user1.Acct_Type.Equals(txtCheckIncu.Text))
{
    LoggedIncubatorBankLogIn.Username = user1.username;
    this.Hide();
    IncubatorBank m1 = new IncubatorBank();
    m1.ShowDialog();
    
}

You allow the login if either the password is correct OR the Acct_Type is correct. You need to check that both are correct, and also use a securely hashed password:

C#

// first get the hash of the password
if (user1.password.Equals(HASHVALUE) && user1.Acct_Type.Equals(txtCheckIncu.Text))
{
    LoggedIncubatorBankLogIn.Username = user1.username;
    this.Hide();
    IncubatorBank m1 = new IncubatorBank();
    m1.ShowDialog();
    
}