Let’s start simple by creating form controls:
<table>
<tr><td>Usernname</td><td><asp:TextBox ID=”user” runat=”server”></asp:TextBox></td></tr>
<tr><td>Password</td><td><asp:TextBox ID=”password” runat=”server” TextMode=”Password”></asp:TextBox></td></tr>
<tr><td></td><td><asp:Button ID=”Button1″ OnClick=”submit” Text=”Login” runat=”server” causesValidation=”true” /></td></tr>
</table>
Now add some form validation:
<table>
<tr><td>Usernname</td><td><asp:TextBox ID=”user” runat=”server”></asp:TextBox>
<asp:RequiredFieldValidator
ID=”RequiredFieldValidator1″
runat=”server”
ControlToValidate=”user”
ValidationGroup=”UserCheck”
ErrorMessage=” <font color=’red’> « Username is required!</font> “>
</asp:RequiredFieldValidator>
</td></tr>
<tr><td>Password</td><td><asp:TextBox ID=”password” runat=”server” TextMode=”Password”></asp:TextBox>
<asp:RequiredFieldValidator
ID=”RequiredFieldValidator2″
runat=”server”
ControlToValidate=”password”
ValidationGroup=”UserCheck”
ErrorMessage=” <font color=’red’> « Username is required!</font> “>
</asp:RequiredFieldValidator>
</td></tr>
<tr><td></td><td><asp:Button ID=”Button1″ OnClick=”submit” Text=”Login” runat=”server”
causesValidation=”true” ValidationGroup=”UserCheck” /></td></tr>
</table>
Here we add some encryption:
Dim sha1Obj As New System.Security.Cryptography.SHA1CryptoServiceProvider
Dim bytesToHash() As Byte = System.Text.Encoding.ASCII.GetBytes(pwd)
bytesToHash = sha1Obj.ComputeHash(bytesToHash)
And that should be it – one page login script with SQL backend:
Default.aspx
<%@ Page Title=”Home Page” Language=”vb” MasterPageFile=”~/Site960.Master” AutoEventWireup=”false” CodeBehind=”Default.aspx.vb” %>
<asp:Content ID=”HeaderContent” runat=”server” ContentPlaceHolderID=”HeadContent”>
<script runat=”server”>
Sub submit(sender As Object, e As EventArgs)Session(“user”) = user.Text()
Session(“password”) = password.Text()Dim sid As String
Dim pwd As Stringsid = user.Text.ToString()
pwd = password.Text.ToString()Dim sha1Obj As New System.Security.Cryptography.SHA1CryptoServiceProvider
Dim bytesToHash() As Byte = System.Text.Encoding.ASCII.GetBytes(pwd)
bytesToHash = sha1Obj.ComputeHash(bytesToHash)sid = Session(“user”)
If sid <> “” Then
Dim keyCode As String = “”
For Each b As Byte In bytesToHash
keyCode += b.ToString(“x2”)
NextDim ConnDB As New Data.OleDb.OleDbConnection(“Provider=SQLOLEDB;Data Source=MyServer;Initial Catalog=intranet;Persist Security Info=True;User ID=myUserID;Password=MyPwd;”) ‘/ create connection
Dim cmd As New Data.OleDb.OleDbCommand(“SELECT * FROM User_Tbl WHERE (username = ‘” & user.Text.ToString() & “‘) AND (password = ‘” & keyCode & “‘);”, ConnDB) ‘/ query recordset
Dim reader As Data.OleDb.OleDbDataReader ‘/ define readerTry
cmd.Connection.Open() ‘/ open connection
reader = cmd.ExecuteReader() ‘/ execute readerIf reader.Read() Then
Session(“Name”) = reader(1).ToString() ‘/ write user name session
Label1.Text = (“<img src=’images/checkMark.png’> <font color=’green’>Login successful ” & reader(1).ToString & “!</font><p><a href=’SecurePage.aspx?tsr=” & user.Text() & “&dt=” & DateTime.Now.ToShortDateString() & “‘>Continue »</a></p>”)
‘/ label1 – acknowledge user, username valid, access granted
Else
Label1.Text = (“<font color=’red’>Login failed!</font><br />Try again, if problem persists submit case to Help Desk!”)
‘/ label1 – unknown username, decline access
End Ifcmd.Connection.Close() ‘/ close connection
Catch ex As Exception ‘/ in case of exception
Label1.Text = “ERROR: ” & ex.Message.ToString() ‘/ get an error message, just in case
End TryEnd If
End Sub
</script>
</asp:Content>
<asp:Content ID=”BodyContent” runat=”server” ContentPlaceHolderID=”MainContent”>
<div>
<h1>Insurance Form Look up</h1>
<%
Dim job As String
job = Request.QueryString(“do”)If job = “” Then
%>
<p>In order to access your record(s) you must login. To login select login profile on the left side navigaiton menu.</p>
<%
End If
If job = “admlog” Then
%>
<p>
<table>
<tr><td>Usernname</td><td><asp:TextBox ID=”user” runat=”server”></asp:TextBox>
<asp:RequiredFieldValidator
ID=”RequiredFieldValidator1″
runat=”server”
ControlToValidate=”user”
ValidationGroup=”UserCheck”
ErrorMessage=” <font color=’red’> « Username is required!</font> “>
</asp:RequiredFieldValidator>
</td></tr>
<tr><td>Password</td><td><asp:TextBox ID=”password” runat=”server” TextMode=”Password”></asp:TextBox>
<asp:RequiredFieldValidator
ID=”RequiredFieldValidator2″
runat=”server”
ControlToValidate=”password”
ValidationGroup=”UserCheck”
ErrorMessage=” <font color=’red’> « Username is required!</font> “>
</asp:RequiredFieldValidator>
</td></tr>
<tr><td></td><td><asp:Button ID=”Button1″ OnClick=”submit” Text=”Login” runat=”server”
causesValidation=”true” ValidationGroup=”UserCheck” /></td></tr>
</table>
</p>
<%
End If
%>
<p>
<asp:Label id=”Label1″ runat=”server”></asp:Label>
</p><%
‘Dim job As String
job = Request.QueryString(“do”)
If job = “logout” ThenSession.Abandon()
Response.Write(“<img src=’images/checkMark.png’> » <font color=’green’>Sesion closed!</font>”)
End If%>
</div></asp:Content>