Login page in asp.net c# with sql database

I have written this article basically for the fresher and the beginners. On their mind that how to create a login page and contact with the database. so I will explain here how to create a login page in asp.net c# and contact with the Sql server


Frist we create data base

Design



Script for creating table
create database CodeSolution

USE [CodeSolution]
GO

/****** Object:  Table [dbo].[login]    Script Date: 12/30/2014 23:27:26 ******/
SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO

CREATE TABLE [dbo].[login](
          [user_id] [int] IDENTITY(1,1) NOT NULL,
          [username] [nvarchar](50) NULL,
          [pwd] [nvarchar](50) NULL,
 CONSTRAINT [PK_login] PRIMARY KEY CLUSTERED
(
          [user_id] ASC
)WITH (PAD_INDEX  = OFF, STATISTICS_NORECOMPUTE  = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS  = ON, ALLOW_PAGE_LOCKS  = ON) ON [PRIMARY]
) ON [PRIMARY]

GO

Design


Script for inserting data:-

insert into login (username,pwd)values('srinickraj','12345678')

Source Code:-

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="loginpage.aspx.cs" Inherits="loginpage" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div align="center">
    <fieldset style ="width:200px;">
    <legend>Login page </legend>
        <asp:TextBox ID="txtusername" placeholder="username" runat="server"
            Width="180px"></asp:TextBox>
        <br />
        <br />
        <asp:TextBox ID="txtpassword" placeholder="password" runat="server"
            Width="180px" TextMode="Password"></asp:TextBox>
        <br />
        <br />
        <asp:Button ID="btnsubmit" runat="server" Text="Submit"
           Width="81px" onclick="btnsubmit_Click" />
            <br />
           
    </fieldset>
    </div>

    </form>
</body>
</html>

  
Code behind(C#):-

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;

public partial class loginpage : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void btnsubmit_Click(object sender, EventArgs e)
    {
       SqlConnection con = new SqlConnection("Data Source=NEERAJ-PC;Initial Catalog=CodeSolution;Persist Security Info=True;User ID=sa; password=12345678");
       con.Open();
       SqlCommand cmd = new SqlCommand("Select * from login where username='" + txtusername.Text + "' and pwd ='" + txtpassword.Text + "'", con);
       SqlDataAdapter da = new SqlDataAdapter(cmd);
       DataTable dt = new DataTable();
       da.Fill(dt);
       if (dt.Rows.Count > 0)
       {
           Response.Redirect("Details.aspx");
       }
       else
       {
           Response.Write("<script>alert('Please enter valid Username and Password')</script>");
       }
    }
}





 Out-Put:-

Login page in asp.net c# with sql database Login page in asp.net c# with sql database Reviewed by NEERAJ SRIVASTAVA on 6:58:00 PM Rating: 5

32 comments:

  1. Very Informative Post..Thanks A lot..Found it much helpful.:)

    ReplyDelete
  2. you can also use here dataset and datareader

    ReplyDelete
  3. WORKED!!!!!! YEEEAAAAHHHHH!!!!!! THANKS A TON MATE! :D :D

    ReplyDelete
  4. Thnx bro really very easy and helpfull

    ReplyDelete
  5. hello sir... in script u use pwd for password column...and in sqlcommand u use password.... so here is a correction.

    ReplyDelete
  6. After gone through so many websites, I created my first log in successfully with this reference. Many thanks...

    ReplyDelete
  7. It was so helpfull! Thanks a lot... :)

    ReplyDelete
  8. Nice SQL Injection vulnerability there. Plus password in plain text.

    To be clear, you should NEVER concatenate user input into a sql statement and execute it.

    With your code, entering a username of "whatever'' OR 1=1; --" would automatically log me in without any need to guess passwords, and that's about the least malicious thing someone could do with SQL Injection. They could also modify data (like setting an admin's password to a known value), drop tables, drop databases, possibly even get access to the underlying OS,

    The example as written is *incredibly* dangerous and a very bad example to give people.

    ReplyDelete
    Replies
    1. i agree the code shouldn't be use specially on production poorly written

      Delete
  9. Troy Hunt sends his love.

    ReplyDelete
  10. my code is for login form and jump another form as main please check where is mistake because error is found when run time
    private void button2_Click(object sender, EventArgs e)
    {

    SqlConnection con = new SqlConnection("Data Source = welcome-pc;initial catalog = Ashish;User ID =sa;Password = 363791");
    con.Open();
    SqlCommand cmd = new SqlCommand("select * from Login_Car where User Name = '"+textBox1.Text+"' and Password = '" +textBox2.Text+"'",con);
    SqlDataAdapter da = new SqlDataAdapter(cmd);
    DataTable dt = new DataTable();
    da.Fill(dt);
    if (dt.Rows.Count > 0)
    {
    this.Hide();
    Main ma = new Main();
    ma.Show();
    }
    else
    {
    MessageBox.Show("invalid data");
    }

    ReplyDelete
  11. Sample output:

    Enter Player Name (Q to quit): Bob

    Enter score for Bob: 3245

    Enter Player Name (Q to quit): Sue

    Enter score for Sue: 1098

    Enter Player Name (Q to quit): Dave

    Enter score for Dave: 8219

    Enter Player Name (Q to quit): Pat

    Enter score for Pat: 3217

    Enter Player Name (Q to quit): Q
    Name Score
    Bob 3245
    Sue 1098
    Dave 8219
    Pat 3217
    Average Score: 3944.75
    Players who scored below average

    Name Score
    Bob 3245
    Sue 1098
    Pat 3217
    Press any key to continue . . .

    ReplyDelete
  12. OMG.. atlast i could create a login page functionality..Great post

    ReplyDelete
  13. Hi... coding works fine... but one problem is that username and password check is not case sensitive. if i store username=ADMIN and password=ADMIN in the database and when i pass value from the form in lowercase then also it redirects to the otherpage. which should not be happend. so is there any way to make case sensitive query... or table.

    ReplyDelete
  14. dear neeraj i m facing a error n sqlconnection but my web config is accurate...i m facing error in instance name

    ReplyDelete
  15. Create a standard site page and put all your substance on this site. Before this substance page have a username and secret key login for individuals to finish.
    TalkTalk login/

    ReplyDelete
  16. You need to double up any quote characters in the username and password to stop sql injection or your web site will get hacked.

    Try putting in a username of (including the ' characters)
    '; drop table login; select '

    ReplyDelete
  17. Hi, Can you do the same example but using LinqToSql those are a good way for other user, Nice example kudos, good job,

    ReplyDelete
  18. Very Useful Information thanks.

    ReplyDelete
  19. This code isnt SQL injection proof.
    And that's pretty risky since those pages often face the internet front

    ReplyDelete
  20. Replies
    1. dear @fallon

      the below link will help you

      http://www.neerajcodesolutions.com/2013/06/insert-data-using-stored-procedure-in-c.html

      Delete

Powered by Blogger.