On my login form after i save my content to SQL and if i try to get the information from the database the information passes the evaluation to true even if the information provided is typed both ways - upper case or lower case.Here is my login code,please help me understand.I'am contacting database with Entity Framework.the currUser is a variable where I save the current user information.
try
{
if (!string.IsNullOrWhiteSpace(username) && !string.IsNullOrWhiteSpace(password))
{
var users = from c in context.CustomerTables where c.username == username && c.password == password select c;
List<CustomerTable> table = users.ToList();
if (table.Any())
{
MessageBox.Show("Successfully logged in.\nWelcome " + username + "!", "Welcome", MessageBoxButton.OK, MessageBoxImage.Asterisk);
currUser.username = username;
currUser.password = password;
return true;
}
else
{
MessageBox.Show("Username or password is invalid.", "Error logging in", MessageBoxButton.OK, MessageBoxImage.Error);
return false;
}
}
else
{
MessageBox.Show("Username and password format is invalid!","Null username or password",MessageBoxButton.OK,MessageBoxImage.Warning);
return false;
}
The simplest fix would be to replace
if (table.Any())
with
if (table.Any() && table[0].username == username && table[0].password == password)
The reason why this would work is that string comparison in C# is case-sensitive by default.
Related
I have created this user ID and password console application. First, I ask and verify that they enter an ID integer and not a string. Next, I ask for a password; if the user ID and password match Predetermined values I added to the application to verify for, it log the user in. Apparently works good, but If user and password are ok at first time, instead of stop, it continues asking for ID name and password, I have tried break, and it doesn't work. Thanks.
using System;
namespace UserId
{
class Program
{
static void Main(string[] args)
{
string text;
var username = 123;
string password = "valid";
for (int i = 0; i < 3; i++)
{
Console.WriteLine("Please,Enter your user ID number :");
text = Console.ReadLine();
if (!int.TryParse(text, out username))
{
Console.WriteLine("Please, Enter a valid ID number such as a 12345");
}
else
{
Console.WriteLine("Please enter your password:");
password = Console.ReadLine();
}
if (username == 123 && password != "valid")
{
Console.WriteLine("Incorrect user ID and password combination, Try again");
}
}
if (username == 123 && password == "valid")
{
Console.WriteLine("You are now logged in!");
Console.ReadLine();
}
}
}
}
Here is a screen shot of the problem:
You can try this.
if ((username == 123 && password != "valid") || (username != 123 && password == "valid"))
{
Console.WriteLine("Incorrect user ID and password combination, Try again");
}
else
{
break;
}
Simply change your code to this. It will check if either of username or password is incorrect it will prompt error otherwise it will logged in and not ask for the second time
if (username != 123 || password != "valid")
{
Console.WriteLine("Incorrect user ID and password combination, Try again");
}
else
{
break;
}
I'm creating a LMS. It has a part which checks the username and password from the database and grants access but i dont know how to do that.here is the code.
{
if (uname.Text == "" || pass.Text == "")
{
MessageBox.Show("Fields cannot be left blank.");
}
else
{
if (uname.Text != "member")
{
MessageBox.Show("Username Incorrect.");
}
else if (pass.Text != "member")
{
MessageBox.Show("Password Incorrect");
}
else
{
Form3 frm = new Form3();
frm.Show();
}
Now here i need to change "member" to the values that i have entered in the password database.Here is the database
the database is successfully linked
how do i make read like if "username from my database"== myusername and same for password?
you can put query like this
Select * from passdb where username=#user and password=#pass;
for checking null fields you can put validators.
I want to create LogIn button through Active Directory.
So i have an idea to take Name logged user(Windows) from his Domain:
string Name = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
and then take Group for Login above:
string Group = System.Security.Principal.WindowsIdentity.GetCurrent().Groups.ToString(); // <---I think this is wrong ?
string allowedGroup = "Admins";
then something like:
if(Name == string.Empty)
{
MessageBox.Show("Your Name in domain doesn't exist");
}
if(Group.ToString() != allowedGroup)
{
MessageBox.Show("You don't have permissions to log in");
}
else
{
MessageBox.Show("Hello");
}
I think my 'getting group' is wrong. How can I do it? I don't know how to exactly search for one or two groups where User is assigned.
What about when user is assigned to many Groups?
Here is the point to use windows identity to authorize login.
1) Get the windows identity of user.
2) Use Windows identity object to get the other information like name and group.
use group name to validate user request.
Hope this will help you. Please write in comment in you have any questions.
System.Security.Principal.WindowsIdentity WI = System.Security.Principal.WindowsIdentity.GetCurrent();
string sUserName = WI.Name;
bool bAuthorized = false;
string allowedGroup = "Admins";
IdentityReferenceCollection irc = WI.Groups;
foreach (IdentityReference ir in irc)
{
if(ir.Translate(typeof(NTAccount)).Value == allowedGroup)
{
bAuthorized = true;
break;
}
}
if(string.IsNullOrEmpty(sUserName))
{
MessageBox.Show("Your Name in domain doesn't exist");
}
if(bAuthorized == false)
{
MessageBox.Show("You don't have permissions to log in");
}
else
{
MessageBox.Show("Hello");
}
Ok, i got this. Thanks for Pankaj.
System.Security.Principal.WindowsIdentity WI = System.Security.Principal.WindowsIdentity.GetCurrent();
string sUserName = WI.Name;
bool bAuthorized = false;
string allowedGroup = "Admins";
IdentityReferenceCollection irc = WI.Groups;
foreach (IdentityReference ir in irc)
{
NTAccount accInfo = (NTAccount)ir.Translate(typeof(NTAccount));
if (accInfo.Value == allowedGroup)
{
bAuthorized = true;
break;
}
}
if(string.IsNullOrEmpty(sUserName))
{
MessageBox.Show("Your Name in domain doesn't exist");
}
if(bAuthorized == false)
{
MessageBox.Show("You don't have permissions to log in");
}
else
{
MessageBox.Show("Hello");
}
i am creating an asp.net application, it's already working by now, but the problem is when i use "Live HTTP Headers" i found that my site have 2 ASPXAUTH cookie, and the one being used is the bottom one.
here i give a screen shoot what i found:
btw here is some of my code in login page :
string email = tbEmail.Text;
string pass = tbPass.Text;
bool remember = cbRemember.Checked;
var res = (from user in ctx.users
where user.password == ctx.ConvertPassword(pass)
&& user.email == email
select user).FirstOrDefault(); // Remark : 0 = active, 1 = Inactive, 2 = Suspend, 3 = Unconfirmed
if (res != null && res.email.ToLower() == email.ToLower())
{
if (res.userstatus == 0 || res.userstatus == 3)
{
FormsAuthentication.SetAuthCookie(email, remember);
FormsAuthentication.RedirectFromLoginPage(email, remember);
var arr = Request.Cookies.AllKeys;
}
else if (res.userstatus == (int)UserStatus.Inactive)
{
lblMessage.Text = "You have deleted your account, if you wish to restore it, please click ";
btRecover.Visible = true;
}
else if (res.userstatus == (int)UserStatus.Suspended)
{
lblMessage.Text = "Your account has been suspended, for more information, please contact our support";
}
else
{
lblMessage.Text = "Invalid username or password";
}
}
else
{
lblMessage.Text = "Invalid username or password";
}
what i do wrong?
The
FormsAuthentication.SetAuthCookie(email, remember);
sets the cookie. But also does
FormsAuthentication.RedirectFromLoginPage(email, remember);
which is a higher level facade - not only sets the cookie but also redirects from the login page to the redirecturi pointing page.
Hi all I have a University project and I am coding a login screen, my text book is far too vague and I can't figure out how to show a message box if the user name is not inside the database. Here is my code:
public void login()
{
//try
//{
var tbl = from s in this.database1DataSet.employee
where s.Username == userNameBox.Text
select s;
foreach (var s in tbl)
{
if (s.Username == userNameBox.Text && s.Password == passwordBox.Text)
{
MessageBox.Show("Access granted welcome " + s.fName);
this.Close();
}
else
{
MessageBox.Show("Access denied invalid login details");
}
}
//}
/*catch (SyntaxErrorException)
{
MessageBox.Show("User Does not exist");
}*/`enter code here`
If your where clause doesn't match any users, there won't be any rows in the results.
Therefore, your loop will never execute.
Instead, you can call FirstOrDefault() to get the first result row, or null if there aren't any.
You can check for existance of a user like:
if(!database1DataSet.employee.Any(r=> r.Username == userNameBox.Text))
{
MesasgeBox.Show("User does not exist");
}
Also IMO, its better if you check the user name and password together, and show a message like "Invalid Username/password" instead of multiple messages.
var user = database1DataSet
.employee
.FirstOrDefault(r=> r.Username == userNameBox.Text &&
r.Password == passwordBox.Text)
if(user != null)
{
MessageBox.Show("Access granted welcome " + user.fName);
this.Close();
}
else
{
MessageBox.Show("Invalid username/password");
}
Also see: Why encrypt user passwords?
I believe you want:
var user = (from s in this.database1DataSet.employee
where s.Username == userNameBox.Text &&
s.Password == passwordBox.Text
select s).FirstOrDefault();
if(user != null{
MessageBox.Show("Access granted welcome " + s.fName);
this.Close();
}
else{
MessageBox.Show("Access denied invalid login details");
}
void login()
{
var tbl = from s in this.database1DataSet.employee
where s.Username == userNameBox.Text
select s;
if(tbl.Count() == 0)
{
MessageBox.Show("User Does not exist");
return; // or this.Close(); if it's what you want
}
foreach (var s in tbl)
{
if (s.Username == userNameBox.Text && s.Password == passwordBox.Text)
{
MessageBox.Show("Access granted welcome " + s.fName);
this.Close();
}
else
{
MessageBox.Show("Access denied invalid login details");
}
}
First of all, assuming your usernames are unique, you will only ever have 0 or 1 values in tbl. That's fine, but be aware of it. Second, you're wanting to have different functionality of the size of tbl is 0, or 1. This is easily done with an if statement. If there is an entry, check credentials. Otherwise, show an error message for invalid username. Since this is a course project, I won't actually write sample code for you, but that should be enough to get it working. Good luck!