How can I get user ID and pass as QueryString after User Login

Donald Symmons 2,856 Reputation points
2022-11-22T13:05:54.037+00:00

I have been able to create new user ID as auto-generated numbers and save in database table.
How can I pass the user ID from database as QueryString when user logs in?
I know to pass quesrystring is: 

object ClientID = cmd.ExecuteScalar();  
con.Close();  
Session["user"] = ClientID;  
Response.Redirect("Page2.aspx?Id=" + ClientID);

But I don’t know how to pass it when user logs in. I want it that after successful login the user ID will be shown as QueryString on the address tab
Here is my Login code 

protected void Button1_Click(object sender, EventArgs e)  
    {  
        if (!string.IsNullOrEmpty(txtUsername.Text) & !string.IsNullOrEmpty(txtPassword.Text))  
        {  
            SqlConnection con = new SqlConnection("Data Source=(LocalDB)\\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\\Dataregister.mdf;Integrated Security = True");  
            string check = "SELECT Uid FROM Users WHERE pass = @pass COLLATE SQL_Latin1_General_CP1_CS_AS AND email = @email AND pass = @pass";  
            SqlCommand com = new SqlCommand(check, con);  
            con.Open();  
            com.Parameters.AddWithValue("@email", txtUsername.Text.Trim());  
            com.Parameters.AddWithValue("@pass",  txtPassword.Text.Trim());  
            string Uid = Convert.ToString(com.ExecuteScalar());  
            con.Close();  
  
            if (!string.IsNullOrEmpty(Uid))  
            {  
                string users = "";  
                using (SqlCommand cmd = new SqlCommand("SELECT Uid FROM UserActivation WHERE Uid = @Uid"))  
                {  
                    cmd.CommandType = CommandType.Text;  
                    cmd.Parameters.AddWithValue("@Uid", Uid);  
                    cmd.Connection = con;  
                    con.Open();  
                    users = Convert.ToString(cmd.ExecuteScalar());  
                    con.Close();  
                }  
                if (string.IsNullOrEmpty(users))  
                {  
                    int user = 0;  
                    using (SqlCommand cmd = new SqlCommand("SELECT Uid FROM Users WHERE pass = @pass COLLATE SQL_Latin1_General_CP1_CS_AS AND email = @email AND pass = @pass"))  
                    {  
                        cmd.CommandType = CommandType.Text;  
                        cmd.Parameters.AddWithValue("@email", txtUsername.Text.Trim());  
                        cmd.Parameters.AddWithValue("@pass", txtPassword.Text.Trim());  
                        cmd.Connection = con;  
                        con.Open();  
                        user = Convert.ToInt32(cmd.ExecuteScalar());  
                        con.Close();  
                    }  
                    if (user > 0)  
                    {  
                        Session["user"] = user;  
                        con.Open();  
                        string query = "SELECT LastLogin, IsActive from Users WHERE Uid = @Uid";  
                        using (SqlCommand cmd = new SqlCommand(query, con))  
                        {  
                            cmd.Parameters.AddWithValue("@Uid", Session["user"]);  
                            Session["LastLogin"] = Convert.ToDateTime(cmd.ExecuteScalar());  
                        }  
                        string UpdateLog = @"UPDATE Users SET LastLogin=@dateandtime, IsActive=@IsActive WHERE Uid = @Uid";  
                        using (SqlCommand cmd = new SqlCommand(UpdateLog, con))  
                        {  
                            cmd.Parameters.AddWithValue("@dateandtime", DateTime.Now);  
                            cmd.Parameters.AddWithValue("@IsActive", "1");  
                            cmd.Parameters.AddWithValue("@Uid", Session["user"]);  
                            cmd.ExecuteNonQuery();  
                        }  
                        con.Close();  
                    }  
                    Response.Redirect("Page2.aspx");  
                }  
                else  
                {  
                    dvMessage.Visible = true;  
                    lblMessage.Visible = true;  
                    lblMessage.ForeColor = System.Drawing.Color.Red;  
                    lblMessage.Text = "Account has not been activated";  
                    txtPassword.Text = "";  
                    txtPassword.Focus();  
                }  
            }  
            else  
            {  
                dvMessage.Visible = true;  
                lblMessage.Visible = true;  
                lblMessage.ForeColor = System.Drawing.Color.Red;  
                lblMessage.Text = "Invalid Login Details";  
                txtPassword.Text = "";  
                txtPassword.Focus();  
            }  
        }  
        else  
        {  
            dvMessage.Visible = true;  
            lblMessage.Visible = true;  
            lblMessage.ForeColor = System.Drawing.Color.Red;  
            lblMessage.Text = "All Fields are Required";  
        }  
    }
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,277 questions
Accepted answer
  1. AgaveJoe 26,136 Reputation points
    2022-11-22T15:26:18.877+00:00

    A userId should never exist in a querystring! Doing so is a huge security vulnerability.

    Use Forms Authentication in Web Forms rather than writing your own. The Forms Authentication library caches the user's identity in an encrypted ticket within an HTTP cookie.

    FormsAuthentication Class
    An Overview of Forms Authentication (C#)

    Also, all the standard Web Forms authorization features work with the Forms Authentication library.

    Implement forms-based authentication in an ASP.NET application by using C#.NET

    Writing a custom authorization solution is a lot of work all the while reinventing the wheel.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest