1

Here's the template's HTML form :

<form class="form-login" action="index.html">
            <h2 class="form-login-heading">sign in now</h2>
            <div class="login-wrap">
                <input type="text" class="form-control" placeholder="User ID" autofocus="autofocus">
                <br>
                <input type="password" class="form-control" placeholder="Password">
                <label class="checkbox">
                    <span class="pull-right">
                        <a data-toggle="modal" href="login.html#myModal"> Forgot Password?</a>

                    </span>
                </label>
                <button class="btn btn-theme btn-block" href="index.html" type="submit"><i class="fa fa-lock"></i> SIGN IN</button>

Here's my modification to it :

<form id="form1" runat="server" class="form-login" method="post" action="HomeDoc.aspx">
        <div>
            <h2 class="form-login-heading">sign in now</h2>
                    <div class="login-wrap">
                        <input type="text" class="form-control" placeholder="User ID" id="userid" runat="server" autofocus="autofocus"/>
                        <br/>
                        <input type="password" class="form-control" placeholder="Password" id="password" runat="server" />
                        <label class="checkbox">
                            <span class="pull-right">
                                <a data-toggle="modal" href="StaffLogin.aspx#myModal"> Forgot Password?</a>
                            </span>
                        </label>
                        <button class="btn btn-theme btn-block" runat="server" type="submit"><i class="fa fa-lock"></i> SIGN IN</button>

Output: So far, the page i intend to redirect the user to is being loaded every time i click the submit button, irrespective of the userid/password.

Question: What I want to do is compare the values of the 2 inputs here with the values in my SQLServer db using c#.

Also, i know the c# code for setting up connection and comparing values with db for web forms. So, what specific changes to bring to that code for html form inputs?

Please help. Thanks.

EDIT: Sorry for not providing the back end code. Here(ignore any trivial syntax error):

public partial class StaffLogin : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}
protected void Login_Click(object sender, EventArgs e)
{
    String getTextValuesUserID = Page.Request.Form["userid"].ToString();
    String getTextValuesPassword = Page.Request.Form["password"].ToString();

    //setting up connection with database 
    SqlConnection con = new SqlConnection("Data Source=(LocalDB)\\v11.0;AttachDbFilename=C:\\Users\\Pavel\\Documents\\Visual Studio 2013\\WebSites\\IMS\\App_Data\\DatabaseIMS.mdf;Integrated Security=True");
    con.Open();
    SqlCommand cmd = new SqlCommand("select * from Doctor where userid=@userid and password=@password", con);
    cmd.Parameters.AddWithValue("@userid", getTextValuesUserID);
    cmd.Parameters.AddWithValue("@password", getTextValuesPassword);
    SqlDataAdapter da = new SqlDataAdapter(cmd);
    DataTable dt = new DataTable();
    da.Fill(dt);
    if (dt.Rows.Count > 0)
    {
        //  Response.Redirect("UserLoggedIn.aspx");
        Response.Redirect("HomeDoc.aspx");
    }
    else
    {
        //javascript for invalid username and password Alert box
        ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Invalid Username and password')</script>");
    }
}

}

Improve this question
6
  • did you need to prevent page redirection before validation ? is it your problem ? or do you need to get html inputs in your c#? Commented Mar 3, 2015 at 10:57
  • 3
    You're basically asking the community to write your backend login code for you without providing any code that you've written to attempt to perform the checks yourself. Your question is unlikely to get answered in this form, so I suggest you try something and show your efforts. Commented Mar 3, 2015 at 11:10
  • @Tanner just put up my back end code. Commented Mar 4, 2015 at 11:41
  • 2
    Not an answer to your question, but would note that storing your passwords in plain text like this is not good practice. Commented Mar 4, 2015 at 11:43
  • 2
    Note 2 - if you're not familiar with the best practice for securing a site, rolling your own is hard. Would suggest you consider using the built in ASP.net authentication features. Commented Mar 4, 2015 at 11:47

1 Answer 1

Reset to default
3

You have multiple problems in your code, I'll point out just few of them. Before putting this site online, PLEASE, do some research on proper C# programming, because this is just plain wrong...

1.) if you use input fields with runat attribute, you can access their values in code-behind using their IDs! It's much better than to search for them in Request collection

so in your case, instead of 

string getTextValuesPassword = Page.Request.Form["password"].ToString();

you can just say 

string myPassword = password.Text;

2.) you should learn to close SqlConnection and dispose of external resources

3.) every time you store user's password, you SHOULD NEVER store it in plain text!!! Learn about proper hashing ASAP.

4.) you should never store connection string like this in .cs file. It can change or you may have to use it on multiple places. Store it at least in web.config

5.) .....

To address your specific problem, you are indeed comparing the values to the database values, BUT, you're not actually logging in the user. You need to do some research at least on basic Forms authentication, or if you need a more advanced scenario, you can use ASP.NET Identity.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.