|
|
in my application, there are some pages that are secured & some are non secure. all the pages are displayed in an iframe. how can i apply form authentication for secured pages?
Thanks & Regards,
SAMir Nigam,
Software Engineer,
STPL, Lucknow, India.
|
|
|
|
|
I am building an ASP.Net C# Web project. in the HTML form of the .aspx file
I have
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
SqlConnection conn = new SqlConnection("Data Source=DATA-SERVER;Initial Catalog=Intech;Trusted_Connection=true");
SqlCommand cmd = conn.CreateCommand();
cmd.CommandText = "SELECT * FROM users WHERE username='"+Username.Value+"' AND password= '"+Password.Value+"'";
// Fill our parameters
cmd.Parameters.Add("@username", SqlDbType.NVarChar, 64).Value = Username.Value;
cmd.Parameters.Add("@password", SqlDbType.NVarChar, 128).Value = Password.Value; // Or "sha1"
// Execute the command
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
// Create a new ticket used for authentication
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
Username.Value, // Username associated with ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddMinutes(30), // Date/time to expire
true, // "true" for a persistent user cookie
reader.GetString(0), // User-data, in this case the roles
FormsAuthentication.FormsCookiePath);// Path cookie valid for
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie);
// Redirect to requested URL, or homepage if no previous page
// requested
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null) returnUrl = "/";
// Don't call FormsAuthentication.RedirectFromLoginPage since it
// could
// replace the authentication ticket (cookie) we just added
Response.Redirect(returnUrl);
}
I have the table as
CREATE TABLE users
(
username nvarchar(64) CONSTRAINT users_PK PRIMARY KEY,
password nvarchar(128),
roles nvarchar(64)
)
CREATE INDEX credentials ON users
(
username,
password
)
Now I am trying to access the table but at
SqlDataReader reader = cmd.ExecuteReader();
reader.Read();
I am not getting any result from reader.Read();
I need help.
|
|
|
|
|
netwizerd wrote: cmd.CommandText = "SELECT * FROM users WHERE username='"+Username.Value+"' AND password= '"+Password.Value+"'";
// Fill our parameters
cmd.Parameters.Add("@username", SqlDbType.NVarChar, 64).Value = Username.Value;
cmd.Parameters.Add("@password", SqlDbType.NVarChar, 128).Value = Password.Value; // Or "sha1"
Fill out what parameters? You aren't using any parameters in the SELECT statement.
To use the parameters you should write:
cmd.CommandText = "SELECT * FROM users WHERE username=@username AND password=@password";
netwizerd wrote: I am not getting any result from reader.Read();
Perhaps the data does not exist. Or...
netwizerd wrote: reader.GetString(0), // User-data, in this case the roles
The first column isn't the roles. You've used SELECT * so in fact you don't know which column will be the roles because the columns will be returned in what ever order SQL Server decides is most efficient. You must use SELECT roles to ensure that the roles column is the first one.
By the way - for security you should also consider using a salted hash for storing passwords.
Upcoming events:
* Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ...
"I wouldn't say boo to a goose. I'm not a coward, I just realise that it would be largely pointless."
Ready to Give up - Your help will be much appreciated.
My website
|
|
|
|
|
Thank you Colin but I used username=@username AND password=@password before but still my SQLDataReader was empty it was producing any result.
Yasin
|
|
|
|
|
I do recommend using the Parameter route. They help prevent SQL Injection Attacks.
Have you tried writing the same query and running directly on SQL Server? Do you get any results?
I'm actually thinking that since you are only ever getting one value back (the roles) that ExecuteScalar would be better for your requirements (unless you are planning to get more data from the reader in the future)
ExecuteScalar retrieves one value only, the fist column of the first row. It will manage the data reader for you, so you don't have to worry about it. All you need to do is call ExecuteScalar instead of ExecuteReader and if the value isn't null you have matched the login.
Upcoming events:
* Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ...
"I wouldn't say boo to a goose. I'm not a coward, I just realise that it would be largely pointless."
Ready to Give up - Your help will be much appreciated.
My website
|
|
|
|
|
Some people are just a bunch of ungrateful pricks! I did my best to answer the OP here by suggesting various things to look at for a problem that is not immediately apparent. But someone thought it was worthy of a 1-vote.
I think I'll concentrate on writing articles and organising events instead of trying to help out here.
Upcoming events:
* Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ...
"I wouldn't say boo to a goose. I'm not a coward, I just realise that it would be largely pointless."
Ready to Give up - Your help will be much appreciated.
My website
|
|
|
|
|
Don't give up - I've 5 voted it to raise it up. I guess this was the same idiot who 1 voted an answer I gave earlier.
|
|
|
|
|
Pete O`Hanlon wrote: Don't give up
Thanks - I'll try not to give up completely but I've noticed that I'm responding less and less these days. I'm concentrating on presentations, articles and events more and more. That is much more rewarding.
Are you any good at presenting? Would you like to do a presentation in Glasgow sometime?
Upcoming events:
* Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ...
"I wouldn't say boo to a goose. I'm not a coward, I just realise that it would be largely pointless."
Ready to Give up - Your help will be much appreciated.
My website
|
|
|
|
|
It's been a while since I did any presentation type of work, apart from sales pitches. Now, if it's to come back up to Glasgow sometime, then I might just be persuaded.
|
|
|
|
|
I think I've figured it out - somebody's after your MVP status. You do seem to be the target of scattergun 1 voting.
|
|
|
|
|
Pete O`Hanlon wrote: I think I've figured it out - somebody's after your MVP status. You do seem to be the target of scattergun 1 voting.
Gosh! That's a bit sad isn't it.
Upcoming events:
* Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ...
"I wouldn't say boo to a goose. I'm not a coward, I just realise that it would be largely pointless."
Ready to Give up - Your help will be much appreciated.
My website
|
|
|
|
|
Yup. Mind you, there are people who'll create two accounts just to vote themselves up.
|
|
|
|
|
Hi.
You guys know the type of functionality in CP where if you search for things in articles you can specify if you want the search terms to be highlighted in the results, right?
Does anyone know of an article or source code that does something like that?
I need to get it working in my project.
Thanks alot!
M
|
|
|
|
|
One way to do this would be to have a javascript function which would read the page and wrap the relevant text in spans (set the style of the span to have a background colour).
|
|
|
|
|
|
Than you.
I was searching around on the web as well, but probably not as efficiently as you were...;)
|
|
|
|
|
I am using a Gridview and I added to it a checkbox field that is dynamically bound to a bolean value, the thing is that the checkboxes are always disabled and I can't change there status at all. Is there any help with this?
Mohamed El Gohary
|
|
|
|
|
I have to Bind RadioButton control with a field in database.
as in this field i have two values like completed and notcompleted.
i have show checked radiobutton when it is completed with every row.
can any one tell me how can i do it.
ajeet
|
|
|
|
|
Hi Friends!
I developed a website in asp.net using c#, I created a master page and using it in all other pages. I also have some javascript functions in content page but there is no AJAX control or any kind of control related to AJAX. But someimes, specially when I send user to 'Home' page from another page then I get this stupid javascript error 'Sys is undefined' but when I refresh the page then there is no error. If anyone of you knows about it please tell me how can I fix it?
Waiting for your reply,
Kind Regards,
Abubakar
|
|
|
|
|
Sys is defined in the Microsoft AJAX Library, therefore I assume that there has to be any kind of a AJAX control on your site or at least some JavaScript that references Sys.
I suggest that you take Firefox with the Web Developer Add-on and when you encounter the error then have a look a all JavaScript that is loaded for the page and look for the reference to Sys. Maybe this way you can find the reason.
-^-^-^-^-^-
no risk no funk
|
|
|
|
|
Ya Enzler, You are right, I just remember that as we are calling a webservice in javascript so we are using 'Sys' in a .js file. Here is the code which we are using for that;
PPMService.registerClass('PPMService',Sys.Net.WebServiceProxy);
Will u please tell me what should I do? I have noticed one thing more that if ur page remains untouch for some time then it also gives same error. Plz suggest a solution.
Regards,
Abubakar
|
|
|
|
|
A simple solution - but not necessarily the right one - is to add a ScriptManager (from ASP.NET AJAX) to the master page. Then the needed js files are registered on the client.
-^-^-^-^-^-
no risk no funk
|
|
|
|
|
The problem is I am relatively new here in asp.net 2.0 and I didn't develop project, I am just fixing bugs. I have found this in masterpage;
<asp:scriptmanager id="ScriptManager1" runat="server">
but I could not find definiation of 'ScriptManager1'. Will u please tell me how can I add a ScriptManager in masterpage?
|
|
|
|
|
Ask someone of your development team or look at http://ajax.asp.net.
Basically drag and drop the ScriptManager from the Toolbar onto the design view of the Master page.
-^-^-^-^-^-
no risk no funk
|
|
|
|