0

I have created a web method for my website. I want to be able to display the following information below when they have successfully logged in. How do i achieve this? 

[WebMethod]
        public Student Login(string Username, string Password)
        {
            cn.Open();
            SqlCommand com = new SqlCommand("SELECT * FROM tblStudent WHERE Username = '" + Username + "' and Password = '" + Password + "'", cn);
            SqlDataReader sr = com.ExecuteReader();
            while (sr.Read())
            {
                Student student = new Student()
                {
                    StudentID = sr.GetInt32(0),
                    StudentNumber = sr.GetString(1),
                    Name = sr.GetString(2),
                    Surname = sr.GetString(3),
                    DOB = sr.GetDateTime(4),
                    Gender = sr.GetString(5),
                    EmailAddress = sr.GetString(6),
                    Address1 = sr.GetString(7),
                    Address2 = sr.GetString(8),
                    City = sr.GetString(9),
                    Postcode = sr.GetString(10),
                    Username = sr.GetString(11),
                    Password = sr.GetString(12),
                    Course = sr.GetString(13)
                };
                cn.Close();
                return student;
            }

            cn.Close();
            return new Student();
        }

 protected void Button1_Click(object sender, EventArgs e)
        {
            ServiceReference1.Service1SoapClient Log = new ServiceReference1.Service1SoapClient();

            Student s = Log.Login(txtUsername.Text, txtPassword.Text);

            if (s.StudentID > 0)

            {
                Session.Add("UserAuthentication", s);
                //Session["Authenticated"] = true;
                //Session.Timeout = 1;
                Response.Redirect("Profile.aspx");

            }
            else
            {
                Response.Write("<script type=\"text/javascript\">alert('Username or Password is Incorrect. Please Try Again!');</script>");
            }        
        }

I have the following code to display the information on the Profile page but it doesn't seem to work. 

protected void Page_Load(object sender, EventArgs e)

        {
            //string DOB;
            if (Session["UserAuthentication"] != null)
            {
                Student student = new Student();
                student.StudentNumber = lbStudentNum.Text;
                student.Name = lbName.Text;
                student.Surname = lbSurname.Text;
               // student.DOB = lbDOB.
               // student.Gender = lbGender.Text;
                student.EmailAddress = lbEmailaddress.Text;
                student.Address1 = lbAddress1.Text;
                student.Address2 = lbAddress2.Text;
                student.City = City.Text;
                student.Postcode = Postcode.Text;

            }

            else
            {
                Response.Redirect("Index.aspx");
            }
user3284789
  • 33
  • 7
  • 1
    Please parameterise your query to avoid SQL injection attacks, second hash your password. I hate to say it but this currently reads like an example of classic bad security practices – Liath Feb 10 '14 at 13:54
  • How do I go about doing this? I've only just started using ASP.NET so I don't really have that much knowledge of it. THanks – user3284789 Feb 10 '14 at 14:32
  • http://stackoverflow.com/questions/7505808/using-parameters-in-sql-statements :) – Liath Feb 10 '14 at 14:37

1 Answers1

0

First type cast your object from session then put these values in controls like this:

protected void Page_Load(object sender, EventArgs e)
    {
        //string DOB;
        if (Session["UserAuthentication"] != null)
        {
            Student student = (Student)Session["UserAuthentication"];
            lbStudentNum.Text= student.StudentNumber ;
            City.Text= student.City;
            Postcode.Text= student.Postcode ; 
        }
        else
        {
            Response.Redirect("Index.aspx");
        }
Vaibhav Bhootna
  • 166
  • 2
  • 15