<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs"
Inherits="Default" %>
Please, log in
File: Default.aspx.cs
using System;
using System.Data;
using System.Configuration;
using System.Web.Security;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
public partial class Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
SetFocus("userName");
}
protected void LogonUser(object sender, EventArgs e)
{
string user = userName.Text;
string pswd = passWord.Text;
bool bAuthenticated = AuthenticateUser(user, pswd);
if (bAuthenticated)
FormsAuthentication.RedirectFromLoginPage(user, false);
else
errorMsg.Text = "Sorry, yours seems not to be a valid account.";
}
private bool AuthenticateUser(string username, string pswd)
{
string connString = ConfigurationManager.ConnectionStrings["NorthwindConnectionString"].ConnectionString;
string cmdText = "SELECT COUNT(*) FROM employees WHERE firstname=@user AND lastname=@pswd";
int found = 0;
using (SqlConnection conn = new SqlConnection(connString))
{
SqlCommand cmd = new SqlCommand(cmdText, conn);
cmd.Parameters.Add("@user", SqlDbType.NVarChar, 10).Value = username;
cmd.Parameters.Add("@pswd", SqlDbType.NVarChar, 20).Value = pswd;
conn.Open();
found = (int)cmd.ExecuteScalar();
conn.Close();
}
return (found > 0);
}
}