[Edit by="slmpa"][/Edit]
Hi is there any1 that has an example of a basic SQL auth script that takes the information
from the auth.aspx goes to the db find and match and then redirect to another page
I would prefer c# code please
Many Thanks

Hi,

Sorry fr disappointing u...

Am also looking for the same... ;-) if u got one pl. send me the same... i will also do the same...

Hope we get it at the earliest...

Cheers...
Laks

Laks try this

void Btn1_Click(Object Sender, EventArgs e)
{


SqlConnection conn = new SqlConnection("connection");
SqlDataAdapter cmd = bew SqlDataAdapter("SELECT * FROM table WHERE uid='" + Username.Text + "' and passwd='" + Passwd.Text + "'", conn);

DataSet ds = new DataSet();

cmd.Fill(ds, "Table");

dgrid1.DataSource = ds.Tables["table"].DefaultView;
dgrid1.DataBind();

if(dgrid1.Rows.Count == 0)
{
Response.Redirect("auth.aspx");
}
else
{
Response.Redirect("home.aspx");
}
}

This is one using formsauthentication:

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Sub Button_Click(ByVal s As Object, ByVal e As EventArgs)
If IsValid Then
If DBAuthenticate(txtUsername.Text, txtPassword.Text) > 0 Then
Web.Security.FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, False)
End If
End If
End Sub
Function DBAuthenticate(ByVal strUsername As String, ByVal strPassword As String) As Integer
Dim conMyData As SqlConnection
Dim cmdSelect As SqlCommand
Dim intResult As Integer
conMyData = New SqlConnection(Application.Item("conn"))
cmdSelect = New SqlCommand("SELECT id, email, firstname, lastname, username, password, type, active FROM user_contact WHERE username = '" & strUsername & "' AND password = '" & strPassword & "'", conMyData)
Dim dr As SqlDataReader
conMyData.Open()
Dim pwd As String
dr = cmdSelect.ExecuteReader
If dr.Read Then
intResult = 1
Dim active As Boolean
If Not dr.IsDBNull(7) Then
active = dr.GetBoolean(7)
End If
If Not dr.IsDBNull(5) Then
pwd = dr.GetString(5)
End If
'this is here to check for case in the passwords
If pwd <> strPassword Then
dr.Close()
conMyData.Close()
conMyData.Dispose()
cmdSelect.Dispose()
intResult = -1
lbl_messege.Text = "Passwords do not match."
Exit Function
End If
If Not active Then
dr.Close()
conMyData.Close()
conMyData.Dispose()
cmdSelect.Dispose()
intResult = -1
lbl_messege.Text = "You account has been disabled. Please see your site administrator."
Exit Function
Else
Dim holdthis As String
If Not dr.IsDBNull(0) Then
Session("UID") = dr.GetInt32(0)
End If
If Not dr.IsDBNull(1) Then
Session("email") = dr.GetString(1)
End If
If Not dr.IsDBNull(2) Then
If Not dr.IsDBNull(3) Then
Session("name") = dr.GetString(2) & " " & dr.GetString(3)
holdthis = Session("name")
End If
End If
If Not dr.IsDBNull(4) Then
Session("username") = dr.GetString(4)
holdthis = Session("username")
End If

If Not dr.IsDBNull(6) Then
'later on will show information based on their level
Session("level") = dr.GetInt32(6)
End If
Session("password") = pwd
'good for 60 minutes of inactivity
Session.Timeout = 60
Dim sql As String
conMyData.Close()
conMyData.Open()
'insert into a user_login table to track when users login and out based on a session id
Dim sesid As String = HttpContext.Current.Session.SessionID
sql = "INSERT INTO user_login (uid, llogin, sessionid) VALUES (" & Session("uid") & ", '" & Now() & "', '" & sesid & "')"
cmdSelect = New SqlCommand(sql, conMyData)
cmdSelect.ExecuteNonQuery()
conMyData.Close()
conMyData.Dispose()
cmdSelect.Dispose()
End If

Else
intResult = -1
lbl_messege.Text = "Username Not Recognized"
End If
dr.Close()
conMyData.Close()
conMyData.Dispose()
cmdSelect.Dispose()
Return intResult
End Function

Hey Brian do you got this in C# aswell?
Looks awesome. and nice features with the user_login table that tracks the user

cheers

Sorry, I am a VB only person :). I need to learn c# though, just don't have the time.

Hi Martin,

Cud u pl. send me the complete file, i have a problem adapting it... i know am asking u too much... but am sure u'll help me out...

Thanx & rgds,

Cheers...
Laks

hello, can you send it to me too.

thanks a lot

<%@ Page Language="vb" Debug="true" %>
<%@ import Namespace="System.Data" %>
<%@ import Namespace="System.Data.SQLClient" %>
<script runat="server">

sub MyQueryMethod(Sender As Object, E As EventArgs)
dim myconn as sqlconnection=new sqlconnection("server=localhost;uid=sa;pwd=123456;database=KM")
dim mycomm as sqlcommand=new sqlcommand("select * from users where username='" & textbox1.text & "' and password='" & textbox2.text & "' ", myconn)
dim dr as sqldatareader

myconn.open()
dr=mycomm.ExecuteReader()

if dr.Read()
session("logined")="true"
session("username")=textbox1.text
label1.text=session("logined")
'response.redirect("default.aspx")

else
label1.text="XX"
'response.redirect("login.aspx")
end if
myconn.close
End Sub

</script>
<html>
<head>
</head>
<body>
<form runat="server">
<!-- #Include virtual="head.inc" -->
<fieldset style="WIDTH: 290px; HEIGHT: 125px; BACKGROUND-COLOR: #e0e0e0">
<p>
</p>
<p align="center">
</p>
<legend>Login</legend>User:
<asp:TextBox id="TextBox1" runat="server"></asp:TextBox>
<br />
Pwd:
<asp:TextBox id="TextBox2" runat="server" TextMode="Password"></asp:TextBox>
<asp:Label id="Label1" runat="server"></asp:label>
<p align="center">
<asp:Button id="Button1" runat="server" Text="LOGIN" onclick="MyQueryMethod"></asp:Button>
&nbsp;
<asp:Button id="Button2" runat="server" Text="CANCEL"></asp:Button>
</p>
</fieldset>
</form>
</body>
</html>

------------------
it uses SQL server (2000)