1

So here is the deal I am working on a simple project, with a log in form and a sign up form. In the beginning you will see this which is displayed in the picture.

enter image description here

After you sign up or log in, then you will get what is displayed in the picture below

enter image description here

When I click on a new page for example: like on the home page, videos, contact, then it will just return back to its original state in the first picture. I want to prevent that and keep it the way it is in the second picture until you click on log out. I have been looking everywhere for answers and can't seem to find exactly what I am looking for.

Here is a little code from what I have used to try and accomplish this

HTML code, which is located in the master page

<a id ="LogIn" runat="server" href="../LogIn.aspx">Log In:</a>
<a id ="SignUp" runat="server" href="../SignUp.aspx">Sign Up:</a>
<a id ="LogOut" href="../LogIn.aspx">Log Out:</a>

CSS code in the master page as well.

#LogIn
{
    margin-top: 10px;
    font-size: 25px;
    position: absolute;
    margin-left: 767px;
}
#SignUp
{
    margin-top: 10px;
    font-size: 25px;
    position: absolute;
    margin-left: 867px;
}
#LogOut
{
    margin-top: 30px;
    font-size: 20px;
    position: absolute;
    margin-left: 880px;
    display: none;
}

Okay I have tried doing it in javascript, which is in the master page

    function showAlert() {
        $(".SignUp").slideUp("25000");
        $(".LogIn").slideUp("25000");
        $(".CreateAccount").hide();
        $(".AccountLogIn").hide();
        $("h1").remove();
        $("#LogIn").remove();
        $("#SignUp").remove();
        $("#LogOut").show();
    }

the showalert function is being called from the button click event in C# for the LogIn form and SignUp form

SqlConnection connection = new SqlConnection();

protected void Page_Load(object sender, EventArgs e)
{
    connection.ConnectionString = @"Data Source=184.168.47.13;Initial Catalog=portfoliobrown;User ID=*******;Password=**************";
    connection.Open();
}

public void CheckEmail()
{
    SqlCommand Comm = new SqlCommand("select count(*) from SignUp where Email ='" + Email.Text + "'", connection);


    Comm.Parameters.AddWithValue("@Email", Email.Text);
    Comm.Connection = connection;
    int count = Convert.ToInt32(Comm.ExecuteScalar());


    if (count > 0)
    {
        Thread.Sleep(3000);
        VerifyEmail.Visible = true;
    }
    else
    {
        Thread.Sleep(5000);
        InsertData();

        VerifyEmail.Visible = false;
        Message.Visible = true;
        LogInAs.Visible = true;
        LogInAs.Text = "Loged in as " + FirstName.Text + " " + LastName.Text + ":";
        this.Controls.Add(new LiteralControl("<script type='text/javascript'>showAlert();</script>"));
    }
}

public void InsertData()
{

    SqlCommand Command = new SqlCommand("Insert into SignUp" + "(FirstName, LastName, Password, Email)values(@FirstName, @LastName, @Password, @Email)", connection);

    Command.Parameters.AddWithValue("@FirstName", FirstName.Text);
    Command.Parameters.AddWithValue("@LastName", LastName.Text);
    Command.Parameters.AddWithValue("@Password", Password.Text);
    Command.Parameters.AddWithValue("@Email", Email.Text);
    HtmlAnchor LogIn = (HtmlAnchor)Master.FindControl("LogIn");
    HtmlAnchor SignUp = (HtmlAnchor)Master.FindControl("SignUp");

    LogIn.Visible = false;
    SignUp.Visible = false;

    Command.ExecuteNonQuery();

}

protected void SignUp_Click(object sender, EventArgs e)
{
    CheckEmail();

    connection.Close();

    //ScriptManager.RegisterStartupScript(Page, Page.GetType(), "showAlert", "showAlert()", true);
    //Response.Write("<script language=JavaScript> alert('You have Successfully created an Account'); </script>");
    //Response.Redirect("~//Default.aspx");
}

I also tried doing it in the back end code as well shown above. It also shows how the user is being loged in and saved in the database. That is being called in the button click event, when you click to create an account or click to log into an account.

LogIn.aspx.cs

SqlConnection conn = new SqlConnection();

protected void Page_Load(object sender, EventArgs e)
{
    conn.ConnectionString = @"Data Source=184.168.47.13;Initial Catalog=portfoliobrown;User ID=*******;Password=*******";
    conn.Open();
}

private bool CompareStrings(string string1, string string2)
{
    return String.Compare(string1, string2, true, System.Globalization.CultureInfo.InvariantCulture) == 0 ? true : false;
}

public void ExecuteLogIn()
{

    SqlCommand Command = new SqlCommand("select ISNULL(Email, '') As Email, ISNULL(Password, '') As Password from SignUp where Email='" + Email.Text + "'",  conn);
    SqlCommand Command2 = new SqlCommand("select * from SignUp where FirstName= @FirstName", conn);

    Command2.Parameters.AddWithValue("@FirsName", FirstName.Text);

    SqlDataReader dr = Command.ExecuteReader();

    string UserEmail = Email.Text;
    string UserPassword = Password.Text;

    HtmlAnchor LogIn = (HtmlAnchor)Master.FindControl("LogIn");
    HtmlAnchor SignUp = (HtmlAnchor)Master.FindControl("SignUp");

    while (dr.Read())
    {
        if (this.CompareStrings(dr["Email"].ToString(), UserEmail) &&
             this.CompareStrings(dr["Password"].ToString(), UserPassword))
        {
            InvalidLogIn.Visible = false;
            Message.Visible = true;
            LogInAs.Visible = true;
            //LogInAs.Text = "Loged in as " + FirstName.Text + " " + LastName.Text + ":";
            this.Controls.Add(new LiteralControl("<script type='text/javascript'>showAlert();</script>"));

            LogIn.Visible = false;
            SignUp.Visible = false;
        }
        else
        {
            InvalidLogIn.Visible = true;
        }
    }


    //Command.Parameters.AddWithValue("@Password", Password.Text);
    //Command.Parameters.AddWithValue("@Email", Email.Text);

    conn.Close();
}

protected void LogIn_Click(object sender, EventArgs e)
{
    ExecuteLogIn();
}

Any help would be greatly appreciated thanks so much

1 Answers1

0

The code is missing too many pieces. I could only give you a direction. If you have specific question about FormAuthentication, please create a new question.

  1. CheckEmail method is prone to SQL Injection attack. You want to consider using Parameterized Query.

  2. We normally need both username*(or email)* and password to validate an account. Easiest way to implement authentication in ASP.NET Web Form is to use FormAuthentication.

The following is the sample code. I also created a sample project at GitHub, so that you can test it.

Sign-In method inside Login.aspx.cs

protected void SubmitButton_Click(object sender, EventArgs e)
{
    string username = UsernameTextBox.Text,
        password = PasswordTextBox.Text;
    bool rememberMe = RememberMeCheckBox.Checked;

    // Retrieve username and hashed password from database, and validate them
    if (username.Equals("johndoe", StringComparison.InvariantCultureIgnoreCase) &&
        password.Equals("123456", StringComparison.InvariantCultureIgnoreCase))
    {
        FormsAuthentication.RedirectFromLoginPage(username, rememberMe);
    }
    MessageLabel.Text = "Invalid username or password";
}

Global.asax.cs

We then retrieve username from cookie, and save it in Principal Object.

public class Global : HttpApplication
{
    protected void Application_AuthenticateRequest(object sender, EventArgs e)
    {
        HttpCookie decryptedCookie =
            Context.Request.Cookies[FormsAuthentication.FormsCookieName];

        if (decryptedCookie != null)
        {
            FormsAuthenticationTicket ticket =
                FormsAuthentication.Decrypt(decryptedCookie.Value);

            var identity = new GenericIdentity(ticket.Name);
            var principal = new GenericPrincipal(identity, null);

            HttpContext.Current.User = principal;
            Thread.CurrentPrincipal = HttpContext.Current.User;
        }
    }
}

web.config

Please ensure authentication tag is in web.config.

<authentication mode="Forms">
   <forms loginUrl="~/Login.aspx" />
</authentication>

Usage

protected void Page_Load(object sender, EventArgs e)
{
    if (User.Identity.IsAuthenticated)
    {
        string username = User.Identity.Name;
    }
}
Community
  • 1
  • 1
Win
  • 61,100
  • 13
  • 102
  • 181
  • Hey thanks a lot for the reply. A couple things I would like to comment on. I do have a Login.aspx.cs form which does compare the email and the password to allow the user to log in to there account. It just wasn't posted up as part of my code. Will update the code to show you what I have. Also you said the CheckEmail method is prone to an attack. Can you please show me a way to prevent that. –  Apr 09 '17 at 19:08
  • Please look at [this answer](http://stackoverflow.com/a/23205141/296861). – Win Apr 10 '17 at 01:56