what is problem with this code for Login with role

khalid saeed 20 Reputation points
2023-05-16T16:23:18.6266667+00:00

this is the code what's wrong with it

        protected void btnLogin_Click(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["cn"].ConnectionString);
            con.Open();
            SqlCommand cmd = new SqlCommand("select * from Users where UserName =@username and Password=@password", con);
            SqlCommand cmd1= new SqlCommand("select RoleId from Users where UserName =@username and Password=@password", con);

            cmd.Parameters.AddWithValue("@username", txtUserName.Value);
            cmd.Parameters.AddWithValue("@password", txtPassword.Value);
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            da.Fill(dt);
            if (dt.Rows.Count > 0)
            {
                Session["User_Name"] = txtUserName.Value;
                Response.Redirect("~/Admin/Admin.aspx");
                Session.RemoveAll();
            }

            else 
            {
                ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Invalid Username and Password')</script>");
            }


        }
ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,235 questions
0 comments No comments
{count} votes

Accepted answer
  1. Lan Huang-MSFT 25,156 Reputation points Microsoft Vendor
    2023-05-17T08:34:40.5833333+00:00

    Hi @khalid saeed,

    I tested your code and there is no problem, you check that your username and password are entered correctly.

     <input type="text" id="txtUserName" runat="server" />
                <input type="text" id="txtPassword" runat="server" />          
                <asp:Button ID="Button1" runat="server" Text="Button" OnClick="btnLogin_Click" />
    
    protected void btnLogin_Click(object sender, EventArgs e)
            {
                SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["cn"].ConnectionString);
                con.Open();
                SqlCommand cmd = new SqlCommand("select * from Users where UserName =@username and Password=@password", con);
                SqlCommand cmd1 = new SqlCommand("select RoleId from Users where UserName =@username and Password=@password", con);
    
                cmd.Parameters.AddWithValue("@username", txtUserName.Value);
                cmd.Parameters.AddWithValue("@password", txtPassword.Value);
                SqlDataAdapter da = new SqlDataAdapter(cmd);
                DataTable dt = new DataTable();
                da.Fill(dt);
                if (dt.Rows.Count > 0)
                {
                    Session["User_Name"] = txtUserName.Value;
                    Response.Redirect("~/Admin/Admin.aspx");
                    Session.RemoveAll();
                }
    
                else
                {
                    ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Invalid Username and Password')</script>");
                }
    
    
            }
    

    9

    Best regards,
    Lan Huang


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 54,621 Reputation points
    2023-05-16T16:44:40.2433333+00:00

    what is the unexpected behavior? what is the design of the tables? does the password using hashing and a salt?