Click here to Skip to main content
15,867,453 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
i create a login form in Visual studio 2005. and in the sqlsrvr database i create a login_user table where is two columns user & password.

now i want to open my next form after validate user & password which is store in my database table.

so someone pls help me how to solve this problem
Posted
Comments
Mahmud Hasan 3-Mar-12 14:03pm    
Are you working in web project or desktop project. Please give more detail.
OriginalGriff 3-Mar-12 14:09pm    
Which bit is giving you problems?
Sergey Alexandrovich Kryukov 3-Mar-12 14:52pm    
Well, as you understand, even if it looks like no problems, "password which is stored in my database table" is already wrong. I explained it in my answer.
--SA
Sergey Alexandrovich Kryukov 3-Mar-12 14:50pm    
Yes, is it a Web form or System.Windows.Forms.Form?
--SA

First of all, the password is never stored anywhere. Don't you see that storing of the password is wrong and totally insecure?

You never need a password in its original form authentication. One of the usual and simple techniques is using a cryptographic hash function of a password. You store only a password hash in your database, calculate a password hash based on the user input each time the user tries to authenticate, and compared newly calculated hash value with the hash value stored in your database. A good hash function is practically infeasible to invert, so no one can calculate the original password even having the full access to the database.

Please see:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].

Don't use MD5 for any security: this algorithm is considered broken, please see:
http://en.wikipedia.org/wiki/MD5[^].

Instead, you can use one of the Secure Hash Algorithms (SHA):
http://en.wikipedia.org/wiki/SHA2[^].

The classes implementing those algorithm are available in .NET:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm.aspx[^].

If you want to perform calculation of the cryptographic hash function in .NET only, it means on server side only, it means that the original password should still be passed through the network, so a spy can pick it up. Therefore, save authentication should only use secure HTTPS protocol, not HTTP.

Please see:
http://en.wikipedia.org/wiki/HTTPS[^].

—SA
 
Share this answer
 
v2
Comments
ProEnggSoft 3-Mar-12 21:13pm    
Useful information. My 5.
Sergey Alexandrovich Kryukov 3-Mar-12 21:18pm    
Thank you.
--SA
First you should validate your entered username & password is not blank or null.Then the next task:

I think you have a common class for SQLConnection:
Such as ConnectionManager.cs or DBConnection.
If you have not create a class like this..

C#
public class DBConnection
{

  public static SqlConnection  GetConnection()
  {
   // retrive Connection string from Appconfig file
   return  SqlConnection conn = new sqlConnection(ConfigurationManager.ConnectionString["MyConn"].ConnectionString);

  }

 public static bool CheckLogin(string UserName,string UserPass)
 {
   string selectString =
"SELECT username, password " +
"FROM forum_members " +
"WHERE username = '" + UserName + "' AND password = '" + UserPass + "'";
var conn=GetConnection();
SqlCommand mySqlCommand = new MySqlCommand(selectString, conn);
conn.Open();
String strResult = String.Empty;
strResult = (String)SqlCommand.ExecuteScalar();
conn.Close();

if(strResult.Length == 0)
 return false;
else return  true
 }

}

You can get Connection without Appconfig
C#
 public static SqlConnection  GetConnection()
{
 //You can retrive Connection string from Appconfig file
 return  SqlConnection conn = new SqlConnection("Data Source=Servername;Initial         Catalog=Marketing;Integrated Security=SSPI");
}


In loginForm Use like this
C#
   private void loginbtn_Click(object sender, EventArgs e)
        {
         if(DBConnection.CheckLogin(txtUserName.Text.Trim(),txtUserPass.Text.Trim())
{
MessegeBox.Show("Login Successfully");
}
else{
 MesseBox.Show("User is not exist or wrong password");
txtUserName.Focus();
}
}



I think you have your answer.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900