Hi,
See this sample code behind code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
public class User
{
public User()
{ }
public string UserId { get; set; }
public string UserName { get; set; }
public string PayorCode { get; set; }
public string Application { get; set; }
public string AccessLevel { get; set; }
public string ActivationDate { get; set; }
public string CreatedBy { get; set; }
public string Pwd { get; set; }
public string Status { get; set; }
}
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnLogin_Click(object sender, EventArgs e)
{
User user = new User();
user.UserId = this.txtUserId.Text;
user.CreatedBy = this.txtUserId.Text;
user.Pwd = this.txtPassword.Text;
user.UserName = "Algem";
user.PayorCode = "FWB";
user.Application = "XP";
user.AccessLevel = "admin";
user.Status = "Y";
var pwd = Encrypt(user.Pwd, 14);
user.Pwd = pwd;
var userCredential = GetUserCredential(user.UserId, user.Pwd);
if (userCredential.UserId == null)
{
lblValidation.Text = "Invalid UserID or Password";
}
else if (user.Status != "Y")
{
lblValidation.Text = "Account is not yet activated";
}
else
{
lblValidation.Text = "Authenticated user. Go to main menu...";
}
}
public bool InsertNewUser(User user)
{
SqlCommand cmd = new SqlCommand();
bool success = true;
string sql = string.Empty;
try
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["SQLConnection"].ToString());
conn.Open();
sql = "INSERT INTO users(UserId, UserName, Pwd, PayorCode, Application, AccessLevel,"
+ "Status,CreatedBy, ActivationDate) "
+ "VALUES("
+ "GetDate()) ";
using (cmd = new SqlCommand(sql, conn))
{
cmd.CommandType = CommandType.Text;
cmd.CommandText = sql;
cmd.ExecuteNonQuery();
}
}
catch (Exception)
{
throw;
}
finally
{
cmd.Parameters.Clear();
cmd.Dispose();
}
return success;
}
private User GetUserCredential(string userId, string pwd)
{
SqlCommand cmd = new SqlCommand();
SqlConnection conn = new SqlConnection();
string UserSqlConnection = ConfigurationManager.ConnectionStrings["SQLConnection"].ToString();
string qry = "SELECT * FROM [TestDB].[dbo].[users] where UserId = '" + userId + "' and Pwd = '" + pwd + "'";
User user = new User();
try
{
using (conn = new SqlConnection(UserSqlConnection))
{
conn.Open();
using (cmd = new SqlCommand(qry, conn))
{
cmd.CommandType = CommandType.Text;
using (SqlDataReader dr = cmd.ExecuteReader())
{
if (dr.Read())
{
user.UserId = dr["UserId"].ToString();
user.UserName = dr["UserName"].ToString();
user.PayorCode = dr["PayorCode"].ToString();
user.AccessLevel = dr["AccessLevel"].ToString();
user.Application = dr["Application"].ToString();
}
}
}
}
}
catch (Exception ex)
{
throw ex;
}
return user;
}
private static string Encrypt(string dat, int keyNumber)
{
System.Security.Cryptography.MD5CryptoServiceProvider md5 =
new System.Security.Cryptography.MD5CryptoServiceProvider();
byte[] bytes = System.Text.Encoding.ASCII.GetBytes(dat);
bytes = md5.ComputeHash(bytes);
string pwd = string.Empty;
var arry = bytes.ToList();
for (int i = 0; i < arry.Count; i++)
{
try
{
pwd += (arry[i] / keyNumber).ToString();
}
catch (Exception)
{
throw;
}
}
return pwd;
}
}