Database Storage with the ASP.NET Web Matrix: Simple Login Page - Encrypting the password

(Page 4 of 5 )

Because we chose to encrypt the user’s password on the registration page before it was written to the database, we need to also encrypt the password when it is submitted on the login page, otherwise the values won’t match.  Add the following block of code, which is exactly the same as it was on the register page:

Dim hashMethod as string
hashMethod = "MD5"
Dim encryptPassword as string
encryptPassword =
FormsAuthentication.HashPasswordForStoringInConfigFile
(txtPassword.Text, hashMethod)

We now need to create a method that passes the txtUsername value to the first SELECT statement, and a variable in which to hold the returned dataset:

Dim userDetailsName As New System.Data.DataSet
userDetailsName = checkUserName(txtUsername.Text)

The userDetailsName variable will now hold a dataSet containing the matching values from the database.  We also need to get a dataSet containing both the matching usernames and passwords from the database, so also add the following code to the page:

Dim userDetailsPass As New System.Data.DataSet

userDetailsPass = checkUserPass(txtUsername.Text,
encryptPassword)

So now we have two datasets, one containing the matching Username from the database and one containing the matching Username and the encrypted Password from the database.   You need to use two datasets so that an appropriate error message can be displayed.  The first dataSet is just used to check that the user is defined in the database, while the second dataSet is used to check that the username matches the password.

The data returned in the datasets is automatically formatted into a table by .NET, so to address the data correctly you need to specify which table in the dataSet the row holding the information resides in. There will only be one table in our datasets, and because the tables within a dataSet have zero-based indices, we will be working with table(0).  DataSets don’t have to be created by a dataAdapter reading data from a database; they can also read information from XML files, or be constructed manually.  Additionally, because the database we are using can only hold unique values, only one row will be held in the dataSet -- therefore if the Count method returns anything other than a one, it will return a zero. 

Add the following If statement to the Code page, which checks that both dataSets hold just one record each:

If userDetailsName.Tables(0).Rows.Count <> 1 Then
      lblUsernameError.Text = "* Username not known, please <a
 href='register.aspx'>Register</a> with us"
    Else If userDetailsPass.Tables(0).Rows.Count <> 1 Then
      lblPasswordError.Text = "* Password incorrect"
Else
      lblWelcome.Text = "Welcome back " + txtUsername.Text
End If

This statement first checks that the username entered on the page exists in the dataSet; if it doesn’t, it displays an error message and links to the registration page.  If the username does exist, the statement then moves on and checks that the password entered matches the password associated with the username in the second dataSet. If it doesn’t, it displays a message advising that the password is incorrect.  If both of these conditions are true, a welcome message is displayed.  Test the page to check that it’s working properly.

Next: Do you want to use a template? >>
 

More Database Articles
More By Dan Wellman

Comments On: Database Storage with the ASP.NET Web Matrix: Simple Login Page

· Hi everybody, this is the second in a so far four part series exploring the built...   >>> Post your comment now!