login code not working

Question

i have a login table which contains userid username password lastvisited and so on i wrote a code for login but its not working below is the code

and also the password is not visible in the database its encrypted

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.IO;
using System.Security.Cryptography;
namespace Vas
{
public partial class CostMonitoring : System.Web.UI.Page
{
public static string con_Vas = ConfigurationManager.ConnectionStrings["vas_con"].ConnectionString;
SqlConnection condiv = new SqlConnection(con_Vas);
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnLogin_Click(object sender, EventArgs e)
{
string strSelect = "SELECT COUNT(*) FROM VAS_Login WHERE UserID = @Username AND Password = @Password";
SqlConnection con = new SqlConnection(con_Vas);
SqlCommand cmd = new SqlCommand("Vas_adminvas_login", con);
cmd.CommandType = CommandType.StoredProcedure;
//SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandType = CommandType.Text;
cmd.CommandText = strSelect;
SqlParameter username = new SqlParameter("@Username", SqlDbType.NVarChar, 50);
username.Value = txtusername.Text.Trim().ToString();
cmd.Parameters.Add(username);
SqlParameter password = new SqlParameter("@Password", SqlDbType.NVarChar, 100);
password.Value =(txtpass.Text.Trim());
cmd.Parameters.Add(password);
// cmd.CommandTimeout = 1000;
con.Open();
int result = (Int32)cmd.ExecuteScalar();
con.Close();
if (result >= 1)
{
Response.Redirect("www.google.com");
}
else
{
Label1.Text = "incorrect password or username";
}
}
}
}

Sanwar Ranwa · Answer

string strSelect = "SELECT COUNT(*) FROM VAS_Login WHERE UserID = @Username AND Password = @Password" ; SqlConnection con = new SqlConnection(con_Vas); SqlCommand cmd = new SqlCommand(); cmd.Connection = con; cmd.CommandType = CommandType.Text; cmd.CommandText = strSelect; SqlParameter username = new SqlParameter( "@Username" , SqlDbType.NVarChar, 50); username.Value = txtusername.Text.Trim().ToString(); cmd.Parameters.Add(username); SqlParameter password = new SqlParameter( "@Password" , SqlDbType.NVarChar, 100); password.Value =(txtpass.Text.Trim()); cmd.Parameters.Add(password); // cmd.CommandTimeout = 1000; con.Open(); int result = (Int32)cmd.ExecuteScalar(); con.Close(); if (result >= 1) { Response.Redirect( "www.google.com" ); } else { Label1.Text = "incorrect password or username" ; } } } }

Salman Beg · Answer

Hi. You are using both stored procedure as well as inline query. Either use stored procedure or inline query. You can put breakpoint as well as try catch block to check for errors. Thanks.

Sanwar Ranwa · Answer

https://www.c-sharpcorner.com/blogs/how-to-encrypt-or-decrypt-password-using-asp-net-with-c-sharp1 https://www.aspsnippets.com/Articles/Encrypt-and-Decrypt-Username-or-Password-stored-in-database-in-ASPNet-using-C-and-VBNet.aspx

Subin Thomas · Answer

Sanwar Ranwa yes its working when i put dummy data without any encryption can you tell me how to apply encryption

Sanwar Ranwa · Answer

yes and you can also check by adding a demo password in your database table

Subin Thomas · Answer

Sanwar Ranwa thank you so much fo the code changes i executed it but still it is saying incorrect pasword the password is encrypted so we need to encrypt the password right ??

Subin Thomas · Answer

Salman Beg yea i just noticed

login code not working

Answers (7)