Login Control Using C# and Microsoft Access [ASP.NET]

[woolm]

Hi all

I'm having trouble with some of the login controls for my website. I've successfully set it up so when a user registers it enters the details into an Access database.

I'm now trying to get the login to work but can't see how to implement this.

I've had a go at some code but I'm not sure what I need to add to it to get it working

Here's My code

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.OleDb;

public partial class Home : System.Web.UI.Page
{
	protected void Page_Load(object sender, EventArgs e)
	{

	}
	protected void Button1_Click(object sender, EventArgs e)
	{

		OleDbConnection a = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=I:/skylimos/App_Data/limohire.mdb");
		string dbcommand = "SELECT * FROM customer_TBL WHERE [email] = '" + TextBox1.Text + "' AND [password] = '" + TextBox2.Text + "'";
		OleDbDataAdapter b = new OleDbDataAdapter(dbcommand, a); DataSet dset = new DataSet();
		b.Fill(dset);

		Response.Redirect("Register.aspx");

	}
}

[BGM]

there are built in controls for managing log ins / sessions in asp.net, it looks like you are not using them, is there a reason for this?

in most cases, this built in functionality will likely be sufficient..

let me know! :)

[Antaris Veteran]

  woolm said:

protected void Button1_Click(object sender, EventArgs e)
	{

		OleDbConnection a = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=I:/skylimos/App_Data/limohire.mdb");
		string dbcommand = "SELECT * FROM customer_TBL WHERE [email] = '" + TextBox1.Text + "' AND [password] = '" + TextBox2.Text + "'";
		OleDbDataAdapter b = new OleDbDataAdapter(dbcommand, a); DataSet dset = new DataSet();
		b.Fill(dset);

		Response.Redirect("Register.aspx");

	}
}

Hi,

You don't appear to be doing anything with the dataset once you've filled it. In fact, you may not need to fill it at all:

private string connectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=I:/skylimos/App_Data/limohire.mdb";

protected void Button1_Click(object sender, EventArgs e) {
  using (OleDbConnection connection = new OleDbConnection(connectionString)) {
	using (OleDbCommand command = new OleDbCommand("SELECT * FROM customer_TBL WHERE [email] = @email AND [password] = @password", connection)) {
	  connection.Open();

	  command.Parameters.AddWithValue("@email", TextBox1.Text);
	  command.Parameters.AddWithValue("@password", TextBox2.Text);

	  using (OleDbDataReader reader = command.ExecuteReader()) {
		if (reader.Read()) {
		  // User and password was correct.  Do stuff here.
		} else {
		  Response.Redirect("Register.aspx");
		}
	  }
	}
  }
}

As BGM has suggested, it might be better to use an the existing Users and Roles mechanism of ASP.NET to handle this. I guess you are starting out, so there are a few tips we can give you, based on the code you have given above:

1. Don't hardcode your connection strings in your application, you may never know when you may need to move and reconfigure the application. The best way to do it, is move the connection out to the configuration system:

Your web.config file:

<connectionStrings>
  <add name="LimoHireDb" connectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|limohire.mdb" />
</connectionStrings>

You can then grab the appropriate connection string using the WebConfigurationManager:

public string GetConnectionString() {
  if (WebConfigurationManager.ConnectionStrings["LimoHireDb"] != null) {
	return WebConfigurationManager.ConnectionStrings["LimoHireDb"].ConnectionString;
  }

  throw new ConfigurationErrorsException("Missing connection string for key 'LimoHireDb'");
}

2. Don't put absolute URIs in for paths (e.g. I:\skylimos\App_Data\limohire.mdb). This may change in future, if the data is rooted in the App_Data folder, you can use the shorthand |DataDirectory| in the path.

3. Use parameters where possible, this helps protect your site and data from Sql Injection attacks:

"SELECT * FROM customer_TBL WHERE [email] = @email AND [password] = @password"

	  command.Parameters.AddWithValue("@email", TextBox1.Text);
	  command.Parameters.AddWithValue("@password", TextBox2.Text);

4. Make sure you dispose of managed resources where possible, this helps free up memory and will improve application performance. If possibe, try wrapping disposable objects (such as OleDbConnection, OleDbCommand, etc.) in using blocks, as this will automatically dispose of the object:

	  using (OleDbDataReader reader = command.ExecuteReader()) {

	  }

5. Try and use DataReaders instead of DataSets where you can. DataSets pull all the data into memory, whereas it is quicker and better to use a DataReader (which is a fast forward-only reader):

	  using (OleDbDataReader reader = command.ExecuteReader()) {
		if (reader.Read()) {
		  // User and password was correct.  Do stuff here.
		} else {
		  Response.Redirect("Register.aspx");
		}

Hope these quick start tips help you on the way to better development, good luck :)