Login problem , shows error page

Question

1.00/5 (1 vote)

See more:

Login is my default start page in my project.after login only website visible,otherwise goes to error page.

in my question i have username password and isctive in my databse,but always error page only visible

What I have tried:

C#

<pre>using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;

public partial class Login : System.Web.UI.Page
{
    SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["constr"].ConnectionString);
    protected void Page_Load(object sender, EventArgs e)
    {
        try
        {
            if (!Page.IsPostBack)
            {
                if (Request.QueryString.Count > 0)
                {
                    string UserID = Request.QueryString["UserID"];
                    Session["UserID"] = UserID;
                    Response.Redirect("Default.aspx",false);
                }
            }
        }
        catch (Exception ex)
        {
            Session["Error"] = ex.ToString();
            Response.Redirect("Error.aspx");
        }
    }
    protected void btnLogin_Click(object sender, EventArgs e)
    {
        try
        {
            if (CheckUsername())
            {
                if (CheckPassword())
                {
                    RedirectPage();
                }
                else
                {
                    lblError.Text = "Your login attempt has failed. <BR>Please try again!";
                }
            }
            else
            {
                lblError.Text = "Your login attempt has failed. <BR>The username or password may be incorrect";
            }
        }
        catch (Exception ex)
        {
            Session["Error"] = ex.ToString();
            Response.Redirect("Error.aspx");
        }
    }
    public bool CheckUsername()
    {
        string Query = "select * from users where IsActive='True' and Email='" + txtUserName.Text + "'";
        DataTable dt = GetData(Query);
        if (dt.Rows.Count > 0)
            return true;
        else
            return false;
    }
    public bool CheckPassword()
    {
        string Query = "select * from users where IsActive='True' and Email='" + txtUserName.Text + "' and Password='"+txtPassword.Text+"'";
        DataTable dt = GetData(Query);
        if (dt.Rows.Count > 0)
            return true;
        else
            return false;
    }
    public DataTable GetData(string Query)
    {
        SqlCommand cmd = new SqlCommand(Query, con);
        SqlDataAdapter sda = new SqlDataAdapter(cmd);
        DataTable dt = new DataTable();
        sda.Fill(dt);
        return dt;
    }
    public void RedirectPage()
    {
        string Query = "select top(1) * from users where IsActive='True' and Email='" + txtUserName.Text + "' and Password='" + txtPassword.Text + "'";
        DataTable dt = GetData(Query);
        if (dt.Rows.Count == 1)
        {
            Session["UserID"] = dt.Rows[0]["UserID"].ToString();
            Response.Redirect("Home.aspx", false);
        }
        else
        {
            lblError.Text = "You don't have permission to view this Site!";
            Session["UserID"] = "";
        }
        /*if (dt.Rows.Count == 1)
        {
            if (Convert.ToBoolean(dt.Rows[0]["Products"]) == true && Convert.ToBoolean(dt.Rows[0]["Users"]) == true)
            {
                Session["UserID"] = dt.Rows[0]["UserID"].ToString();
                Response.Redirect("Default.aspx", false);
            }
            else if (Convert.ToBoolean(dt.Rows[0]["Products"]) == true && Convert.ToBoolean(dt.Rows[0]["Users"]) == false)
            {
                Session["UserID"] = dt.Rows[0]["UserID"].ToString();
                Response.Redirect("Default.aspx", false);
            }
            else if (Convert.ToBoolean(dt.Rows[0]["Products"]) == false && Convert.ToBoolean(dt.Rows[0]["Users"]) == true)
            {
                Session["UserID"] = dt.Rows[0]["UserID"].ToString();
                Response.Redirect("Users.aspx", false);
            }
            else
            {
                Session["UserID"] = "";
                Response.Redirect("Login.aspx", false);                
            }            
        }
        else
        {
            lblError.Text = "You don't have permission to view this Site!";
            Session["UserID"] = "";
        }*/
    }
}

Posted 28-Mar-17 23:18pm

GrpSMK

Updated 29-Mar-17 2:37am

Add a Solution

Comments

Bryian Tan 29-Mar-17 9:10am

What is the type of "IsActive" column? Bit? Varchar?

ZurdoDev 30-Mar-17 8:13am

This is very, very simple for you to fix. Just put a breakpoint and debug it and you'll see exactly what is happening.

Richard Deeming 30-Mar-17 14:24pm

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

Richard Deeming 30-Mar-17 14:25pm

You're also storing passwords in plain-text. That is an extremely bad idea. You should only ever store a salted hash of the user's password:

Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

Richard Deeming 30-Mar-17 14:26pm

And why are you re-inventing the wheel, when ASP.NET has several perfectly good authentication systems baked-in?

For example: ASP.NET Identity[^]

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

sachin.vishwa90 · Accepted Answer · 2017-03-28T23:54:00

Solution 1

Response.Redirect("Home.aspx", true);

try passing true as second parameter. this happens when you redirect to new page and exception occurs asking whether execution of current request should be stopped.

Posted 28-Mar-17 23:54pm

sachin.vishwa90

Comments

GrpSMK 29-Mar-17 6:26am

true means it goes to catch part,show the same errorpage