when user login if username is incorrect then it will show error if password is incorrect its shows error...in my code its is username or password is incorrect then it will show error.. i want for both condition.this all done by Entity Framework.
Usually you show a generic message so that a hacker doesn't know he found a vallid user name and can then focus on finding the password.
Also rather than rolling your own authentication I would suggest to use what ASP.NET offers out of the box (such as NOT string passwords in clear text).
protected void Button1_Click(object sender, EventArgs e)
{
using (var context = new WallpaperEntities4())
{
string UserName = Convert.ToString(Session["UserName"]);
User user = (from c in context.Users
where c.UserName == TxtUserName.Text
select c).FirstOrDefault();
WallpaperEntities4 db = new WallpaperEntities4();
string ID = Request.QueryString["Id"];
Session["UserName"] = UserName;
Response.Redirect("/Walpaper.aspx?username=" + UserName);
Member
1 Points
14 Posts
Check username and password is incorrect in asp.net
Jul 30, 2020 06:22 AM|guestadmin@nirvriti.com|LINK
when user login if username is incorrect then it will show error if password is incorrect its shows error...in my code its is username or password is incorrect then it will show error.. i want for both condition.this all done by Entity Framework.
protected void Button1_Click(object sender, EventArgs e)
{
string UserName = TxtUserName.Text;
WallpaperEntities4 db = new WallpaperEntities4();
string ID = Request.QueryString["Id"];
string query = (from c in db.Users
where c.UserName == TxtUserName.Text && c.Password == TxtPassword.Text
select c.UserName).FirstOrDefault();
if (query != null)
{
Session["UserName"] = UserName;
Response.Redirect("/Walpaper.aspx?username="+UserName);
}
else
LblMesge.Text = "Invalid User";
}
Member
680 Points
205 Posts
Re: Check username and password is incorrect in asp.net
Jul 30, 2020 07:53 AM|XuDong Peng|LINK
Hi guestadmin,
If you want to achieve such a function, you may need to modify the design of the data table, and the UserName as the query condition should be unique.
When confirming that the user exists, compare whether the password is the same as the data in the table, and then make a corresponding response.
Something like this:
protected void Button1_Click(object sender, EventArgs e) { string UserName = TxtUserName.Text; string Password = TxtPassword.Text; WallpaperEntities4 db = new WallpaperEntities4(); string ID = Request.QueryString["Id"]; User queryUser = (from c in db.Users where c.UserName == TxtUserName.Text select c.UserName).FirstOrDefault(); if (query != null) { if (queryUser.Password == Password) { Session["UserName"] = UserName; Response.Redirect("/Walpaper.aspx?username=" + UserName); } else { LblMesge.Text = "Password is incorrect"; } } else LblMesge.Text = "UserName is incorrect"; }Best regards,
Xudong Peng
All-Star
47410 Points
17539 Posts
Re: Check username and password is incorrect in asp.net
Jul 30, 2020 08:37 AM|PatriceSc|LINK
Hi
Usually you show a generic message so that a hacker doesn't know he found a vallid user name and can then focus on finding the password.
Also rather than rolling your own authentication I would suggest to use what ASP.NET offers out of the box (such as NOT string passwords in clear text).
Member
1 Points
14 Posts
Re: Check username and password is incorrect in asp.net
Jul 30, 2020 08:51 AM|guestadmin@nirvriti.com|LINK
this is working code...
protected void Button1_Click(object sender, EventArgs e)
{
using (var context = new WallpaperEntities4())
{
string UserName = Convert.ToString(Session["UserName"]);
User user = (from c in context.Users
where c.UserName == TxtUserName.Text
select c).FirstOrDefault();
if (user == null)
{
LblMesge.Text = "Invalid Username";
}
else if (!user.Password.Equals(TxtPassword.Text))
{
LblMesge.Text = "Invalid Password";
}
else
{
WallpaperEntities4 db = new WallpaperEntities4();
string ID = Request.QueryString["Id"];
Session["UserName"] = UserName;
Response.Redirect("/Walpaper.aspx?username=" + UserName);
}
}