An Approach To Better Registration And Login In ASP.NET

In this tutorial, we will see a better approach towards the registration and login process in an ASP.NET, using C#, where will see hash passwords and how we manage the password correctly in login form. Also, we will see how to authenticate the duplicate user during the registration process.

Prerequisites

  • Datatable having columns as username, password and an E-mail.
  • Store Procedure, where one for inserting and one for authentication.
  • 3 Web Forms – Register.aspx, login.aspx, home.aspx

Initial Chamber

Step 1

Open Your Visual Studio 2015 and create an empty Website. Give a suitable name [RegForm_demo].

Step 2

In Solution Explorer, you get your empty Website, followed by adding three Web Forms and SQL Server database.

For Web Form

RegForm_demo (Your Empty Website) -> Right click -> Add New Item -> Web Form. Name it as Register.aspx. Now, go to the same process, add other Web form and name it --> login.aspx and home.aspx.

For SQL Server database

RegForm_demo (Your Empty Website) -> Right click -> Add New Item -> SQL Server database. Add the database inside the App_Data_folder.

Database Chamber

Step 3

In Server Explorer, click on your database [Database.mdf] - -> Tables - -> Add New Table - -> Make the table, as shown below.

ASP.NET

Store Procedure

sp_insert 

  1. CREATE PROCEDURE [dbo].[sp_insert]  
  2. (  
  3.     -- Add the parameters for the stored procedure here  
  4.   
  5.       
  6.     @Username varchar(50),  
  7.     @Password varchar(50),  
  8.     @Email varchar(50)  
  9.   
  10. )  
  11. as  
  12. Begin  
  13.   
  14.     Declare @Count int  
  15.     Declare @codereturn int  
  16.       
  17.     Select @Count = COUNT(Username)  
  18.     from tbl_data where Username = @Username  
  19.     If @Count > 0  
  20.     Begin   
  21.       
  22.         Set @codereturn = -1  
  23.     End  
  24.     Else  
  25.     Begin  
  26.           
  27.         Set @codereturn  = 1  
  28.         Insert into tbl_data values(@Username,@Password,@Email)  
  29.       
  30.     End  
  31.     Select @codereturn as ReturnValue  
  32.       
  33. End   

sp_select 

  1. CREATE PROCEDURE sp_select  
  2.       
  3.     @Username varchar(50),  
  4.     @Password varchar(50)  
  5.       
  6. AS  
  7. BEGIN  
  8.     Declare @Count int  
  9.       
  10.     Select @Count = COUNT(Username)  
  11.     from tbl_data where [Username] =@Username and [Password] =@Password  
  12.       
  13.     If (@Count = 1)  
  14.     Begin   
  15.      Select 1 as codereturn  
  16.     End  
  17.     Else  
  18.     Begin  
  19.         Select -1 as codereturn  
  20.     End  
  21.       
  22.       
  23. END   

Design code

Step 4

Now, make some design for your Application by going to Register.aspx and design it, as shown below.

Register.aspx

ASP.NET

Login.aspx

ASP.NET

Code Chamber

Step 5

We will make some code in Register.aspx.cs page, so that our Register form works.

Register.aspx.cs 

  1. using System;  
  2. using System.Collections.Generic;  
  3. using System.Linq;  
  4. using System.Web;  
  5. using System.Web.UI;  
  6. using System.Web.UI.WebControls;  
  7. using System.Data.SqlClient;  
  8. using System.Data;  
  9. using System.Data.Sql;  
  10. using System.Web.Security;  
  11.   
  12. namespace WebApplication3  
  13. {  
  14.     public partial class Register : System.Web.UI.Page  
  15.     {  
  16.          
  17.         protected void Button1_Click(object sender, EventArgs e)  
  18.         {  
  19.             SqlConnection con = new SqlConnection(@"Data Source=Nilesh;Initial Catalog=test_db;Integrated Security=True");  
  20.             SqlCommand cmd = new SqlCommand("sp_insert", con);  
  21.             cmd.CommandType = CommandType.StoredProcedure;  
  22.   
  23.             string encryp = FormsAuthentication.HashPasswordForStoringInConfigFile(TextBox2.Text, "SHA1");  
  24.   
  25.             cmd.Parameters.AddWithValue("@Username", TextBox1.Text);  
  26.             cmd.Parameters.AddWithValue("@Password", encryp);  
  27.             cmd.Parameters.AddWithValue("@Email", TextBox4.Text);  
  28.   
  29.             con.Open();  
  30.             int codereturn = (int)cmd.ExecuteScalar();  
  31.             if (codereturn == -1)  
  32.             {  
  33.   
  34.                 lblmsg.Text = "Username already exist!";  
  35.                 lblmsg.ForeColor = System.Drawing.Color.Red;  
  36.             }  
  37.             else  
  38.             {  
  39.                 Response.Redirect("~/Login.aspx");  
  40.             }  
  41.         }  
  42.     }  
  43. }   

Login.aspx.cs

  1. using System;  
  2. using System.Collections.Generic;  
  3. using System.Linq;  
  4. using System.Web;  
  5. using System.Web.UI;  
  6. using System.Web.UI.WebControls;  
  7. using System.Data;  
  8. using System.Data.SqlClient;  
  9. using System.Web.Security;  
  10.   
  11.   
  12. namespace WebApplication3  
  13. {  
  14.     public partial class Login : System.Web.UI.Page  
  15.     {  
  16.          
  17.         protected void Button1_Click(object sender, EventArgs e)  
  18.         {  
  19.             if (authenticate(TextBox1.Text, TextBox2.Text))  
  20.             {  
  21.                 Response.Redirect("~/Home.aspx");  
  22.             }  
  23.             else  
  24.             {  
  25.                 Label1.Text = "Invalid Username and Password";  
  26.                 Label1.ForeColor = System.Drawing.Color.Red;  
  27.             }  
  28.         }  
  29.         private bool authenticate(string Username, string Passsword)  
  30.         {  
  31.   
  32.             SqlConnection con = new SqlConnection(@"Data Source=Nilesh;Initial Catalog=test_db;Integrated Security=True");  
  33.             SqlCommand cmd = new SqlCommand("sp_select", con);  
  34.             cmd.CommandType = CommandType.StoredProcedure;  
  35.   
  36.             string encryp = FormsAuthentication.HashPasswordForStoringInConfigFile(TextBox2.Text, "SHA1");  
  37.   
  38.             cmd.Parameters.AddWithValue("@Username", TextBox1.Text);  
  39.             cmd.Parameters.AddWithValue("@Password",encryp);  
  40.             con.Open();  
  41.             int codereturn = (int)cmd.ExecuteScalar();  
  42.             return codereturn == 1;  
  43.                   
  44.         }  
  45.   
  46.     }  
  47.   
  48. }  

Output

The user is registering with the username abc and password abc too,  and if successful, the login page will open, else the respective error message will be shown. Also, this data is saved in the database, as shown below. You can see the password is encrypted in hash format.
ASP.NET

ASP.NET

Let’s say, the user abc is registered and now another user comes. Register with the same username as abc and the authenticate procedure will call and an error will be shown, as given below.
ASP.NET

Login page output

After successful registration, the user abc can access his account, using login access.

ASP.NET

If login is successfuk, home page will be opened, else the respective error will be shown.

ASP.NET

Hope, you liked it. Have a good day and thank you for reading.