Share via

what is problem with this code for Login with role

khalid saeed 20 Reputation points
2023-05-16T16:23:18.6266667+00:00

this is the code what's wrong with it

        protected void btnLogin_Click(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["cn"].ConnectionString);
            con.Open();
            SqlCommand cmd = new SqlCommand("select * from Users where UserName =@username and Password=@password", con);
            SqlCommand cmd1= new SqlCommand("select RoleId from Users where UserName =@username and Password=@password", con);

            cmd.Parameters.AddWithValue("@username", txtUserName.Value);
            cmd.Parameters.AddWithValue("@password", txtPassword.Value);
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            da.Fill(dt);
            if (dt.Rows.Count > 0)
            {
                Session["User_Name"] = txtUserName.Value;
                Response.Redirect("~/Admin/Admin.aspx");
                Session.RemoveAll();
            }

            else 
            {
                ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Invalid Username and Password')</script>");
            }


        }
Developer technologies | ASP.NET Core | Other
0 comments

Answer accepted by question author

Lan Huang-MSFT 30,221 Reputation points Microsoft External Staff
2023-05-17T08:34:40.5833333+00:00

Hi @khalid saeed,

I tested your code and there is no problem, you check that your username and password are entered correctly.

 <input type="text" id="txtUserName" runat="server" />
            <input type="text" id="txtPassword" runat="server" />          
            <asp:Button ID="Button1" runat="server" Text="Button" OnClick="btnLogin_Click" />

protected void btnLogin_Click(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["cn"].ConnectionString);
            con.Open();
            SqlCommand cmd = new SqlCommand("select * from Users where UserName =@username and Password=@password", con);
            SqlCommand cmd1 = new SqlCommand("select RoleId from Users where UserName =@username and Password=@password", con);

            cmd.Parameters.AddWithValue("@username", txtUserName.Value);
            cmd.Parameters.AddWithValue("@password", txtPassword.Value);
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            da.Fill(dt);
            if (dt.Rows.Count > 0)
            {
                Session["User_Name"] = txtUserName.Value;
                Response.Redirect("~/Admin/Admin.aspx");
                Session.RemoveAll();
            }

            else
            {
                ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Invalid Username and Password')</script>");
            }


        }

9

Best regards,
Lan Huang

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Was this answer helpful?

1 person found this answer helpful.
0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bruce (SqlWork.com) 84,081 Reputation points
    2023-05-16T16:44:40.2433333+00:00

    what is the unexpected behavior? what is the design of the tables? does the password using hashing and a salt?

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.