User Name and Passwords...

**Anjari** · Feb 14th, 2005, 07:18 PM

I can't seem to locate any tutorials that deal with using a form and matching a user / password against a SQL database... can anyone help?

Anjari

**Magiaus** · Feb 14th, 2005, 07:54 PM

SELECT Password FROM Users WHERE Name = @Name

If txtPassword.Text == r["Password"].ToString() Then login(Response.Redirect)

Also put you user info in the seesion and check it for every page if you want a secure login.... you could use a cookie too

**dj4uk** · Feb 16th, 2005, 09:44 AM

Its better to use ASP.NET built-in Forms Authentication than writing everything bespoke.

Loads of articles -> http://www.google.co.uk/search?hl=en...e+Search&meta=

HTH

DJ

**Magiaus** · Feb 16th, 2005, 10:02 AM

Originally Posted by dj4uk

Its better to use ASP.NET built-in Forms Authentication than writing everything bespoke.

Loads of articles -> http://www.google.co.uk/search?hl=en...e+Search&meta=

HTH

DJ

No it' not. There quite a few pitfalls you can come across when using Forms, and isn't it based on your windows login name? You couldn't pay me to use forms.

**dj4uk** · Feb 16th, 2005, 10:13 AM

Chill out!

It's a matter of opinion - why reinvent the wheel when a system is already available - granted there may be a couple of pitfalls for some situations but in general these don't apply or can be avoided.

You are getting Windows-Based authentication mixed up with Forms-Based authentication which can use a database, XML, or even web.config file to store authentication details.

DJ

**Magiaus** · Feb 16th, 2005, 10:16 AM

Ok. Didn't mean to come across as hostile.

I just like to be in control. You know backdoor and all that....

**dj4uk** · Feb 16th, 2005, 10:28 AM

Tis ok.

Every system has weaknesses - I've used Forms-Based authentication quite a bit and have had no problems so far - I have been careful to keep abreast of any issues e.g. SQL injection weaknesses etc. and ensured these have been addressed. I just think its too good a system just to ignore and start again from the ground up.

I'm sure if I wrote a system from scratch it would work just as well but I wouldn't be able to test it against as many attack techniques as an existing system has been. Its best to be aware of problems and fix them than to be blissfully ignorant.

Each to their own.

DJ

Thread: User Name and Passwords...

Thread Tools

Display

User Name and Passwords...

Re: User Name and Passwords...

Re: User Name and Passwords...

Re: User Name and Passwords...

Re: User Name and Passwords...

Re: User Name and Passwords...

Re: User Name and Passwords...

Posting Permissions