Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Apr 23, 2012 07:35 AM|LINK
I thought you said that this was a WPF application but you seem to be inheriting from System.Web.UI.Page, I'm confused. In btnLogin_Click you are setting DialogResult which looks like forms. Can you confirm if this is a WPF application, in which case the
definition of MainMenu looks very strange or is this a WebForms application in which case the use of DialogResult looks wrong.
Anyway, in MainMenu you create a new DatabaseInterface, can you show the definition of that class? What relationship does it have to DataAccess.Class1? You create a new DatabaseInterface and then immediately access the value of the AUTH property, this
means that AUTH will have whatever value is set in the parameterless constructor or false if no value is set.
On the login page you do set AUTH, assuming dac is of type DataAccess.Class1 - it would be good to see all the code so that we can see how things are declared, their scope and access level rather than having to guess all the time. If this is a web forms
application then you need to save your state somehow (ViewState, cookie, etc) so that it is available to the next postback. If it is a WPF application then you need to save the result of the login check in some global location so that it is available to the
In Class1.UserLogin you retrieve the userpassword column and give it an alias of 'auth'. The userpassword column seems to be some variety of varchar. A couple of lines later you convert 'auth' to a bool. If a user's password is not 'True', 'False' or
null this will throw an exception. Are you sure that this is the code?
If this is a web forms application then I suggest that you use the inbuilt authentication system rather than trying to create your own, one place to get started is
http://www.asp.net/web-forms/tutorials/tailspin-spyworks/tailspin-spyworks-part-6. Storing plaintext passwords in a database is one of the very worst things you can do. Also, you might want to research sql injection attacks, as you are vulnerable.
Did I mention that it is very hard to help if you a) don't know what type of application you are creating and b) if you won't show us the code you are actually using?