The built in login controls in Visual studio stores the data entered inside of a SQL (.mdf) database. Does anyone know if it is possible to modify the controls in suck a way to allow them to store the data inside of an Access (.accdb) database?
-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: What's the most interesting small town you've visited in South Africa?
ASP.NET Login controls
- Thread starter Ipwn 4
- Start date
Ok, first question. Why access? You can use sql express instead. The login controls (and ultimately the database schema and so on that the controls need) rely heavily on sql. If you can find a provider that someone has written maybe, but I think you would be out of luck with this one.
Project I'm busy with require the database software use to be access, I would have preferred SQL server due to they tables can be created ect. I found some providers but most of them etheir add too much functionality or don't work correctly.
Ended up creating my own controls. Thanks anyway
Actually, First Question: Why use the default login??
Its very limited, and you will gain no coding experience from it.
My suggestion? Create your own login script, and verification. That way you have total control over... Everything..
And yes, because I'm such an amazing person, I'll paste the EXACT CODE YOU NEED!
(This is in C#, but you can adapt it to C++). Also, this is MY code, dot taken from any site or anything, so full credit foes to me. Enjoy.
Actual Login Page
Header of every other page that you want to secure
I store the data in sessions, because unlike cookies, they can hardly be hacked, and you can store unlimited amounts of variables in it. Cookies can only store 1.
Although, sessions only last until the browser closes. Great for security, but if you want an 'Always remember me', you need to store a cookie.
Please feel free to contact me for further assistance.
Its very limited, and you will gain no coding experience from it.
My suggestion? Create your own login script, and verification. That way you have total control over... Everything..
And yes, because I'm such an amazing person, I'll paste the EXACT CODE YOU NEED!
(This is in C#, but you can adapt it to C++). Also, this is MY code, dot taken from any site or anything, so full credit foes to me. Enjoy.Actual Login Page
Code:
using System.Data.OleDB
protected void Page_Load(object sender, EventArgs e)
{
if (Session["Logged"] == "Yes")
{
Response.Redirect("RegMembers.aspx");
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
try
{
string stringConn = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\myFolder\myAccess2007file.accdb;Jet OLEDB:Database Password=MyDbPassword;
OleDbConenction Conn = new OleDbConenction(stringConn);
Conn.Open();
SqlCommand command = new SqlCommand("Select * FROM [COLOR="#FF0000"][table name][/COLOR] WHERE [COLOR="#FF0000"]NickName='" + txtName.Text + "'[/COLOR] AND [COLOR="#FF0000"]Password = '" + txtPass.Text + "'"[/COLOR], Conn);
SqlDataReader rdr = command.ExecuteReader();
string passwordDB_temp = "", user = "", status = "", name = "", p_id = "", game = "";
while (rdr.Read())
{
passwordDB_temp = rdr.GetString(6);
user = rdr.GetString(3);
status = rdr.GetString(5);
name = rdr.GetString(2);
p_id = rdr.GetInt32(0).ToString();
game = rdr.GetString(7);
}
if (passwordDB_temp.Trim() == txtPass.Text.Trim())
{
Session["Logged"] = "Yes";
Session["User"] = user;
Session["Status"] = status;
Session["Name"] = name;
Session["ID"] = p_id;
Session["Game"] = game;
sqlConn.Close();
Response.Redirect("RegMembers.aspx");
}
else
{
sqlConn.Close();
txtLogin.Visible = true;
}
}
catch (SqlException)
{
Response.Redirect("fail.aspx");
}
}Header of every other page that you want to secure
Code:
protected void Page_Load(object sender, EventArgs e)
{
if (Session["Logged"] == "Yes")
{
}
else
{
Response.Redirect("Default.aspx");
}
if (Session["Status"].ToString() == "Admin")
{
lnkEditAdmin.Visible = true;
}
}I store the data in sessions, because unlike cookies, they can hardly be hacked, and you can store unlimited amounts of variables in it. Cookies can only store 1.
Although, sessions only last until the browser closes. Great for security, but if you want an 'Always remember me', you need to store a cookie.
Please feel free to contact me for further assistance.
Lol thanks Nem, just a tad bit late though, just put the final touches on my password recovery page. Did login, register, login info thingy, and pass recovery till now.
I agree creating them yourself gives you ten times the flexibility and control, hehe and I must say I'm quite proud so far, this is my first website EVER and it's looking fine. I ripped off the visual studio 2010 ultimate default template into web developer 2008 and it's looking pretty fine.
I agree creating them yourself gives you ten times the flexibility and control, hehe and I must say I'm quite proud so far, this is my first website EVER and it's looking fine. I ripped off the visual studio 2010 ultimate default template into web developer 2008 and it's looking pretty fine.
Ipwn 4, glad you came right 
Nemesis, your code above is exposed to sql injection attacks. Just remember to encode the input values, you can use HTMLEncode to do that. I keep on forgetting to do that myself, so now I have a sticky note just for reminding me
Nemesis, your code above is exposed to sql injection attacks. Just remember to encode the input values, you can use HTMLEncode to do that. I keep on forgetting to do that myself, so now I have a sticky note just for reminding me
Ipwn 4, glad you came right
Nemesis, your code above is exposed to sql injection attacks. Just remember to encode the input values, you can use HTMLEncode to do that. I keep on forgetting to do that myself, so now I have a sticky note just for reminding me
I missed the fine print in my project stating that you need to use a web service for all db interactions. That 2 hours of coding last night wasted as all my SQL statements were generate in te "code behind" each page. Fun fun fun!!
And yes, because I'm such an amazing person, I'll paste the EXACT CODE YOU NEED!
Please tell me you have heard of SQL Injection? You aren't doing any checks for injected SQL, and you aren't using parameters on the sql command.
Looking at that code, if i'm not mistaken, you're at a high risk of sql injection if someone cottons onto which sites you coded that into.
Here's some reading:
http://asimsajjad.blogspot.com/2008/12/sqlcommand-parameter-and-sql-injection.html
Ipwn 4, glad you came right
Nemesis, your code above is exposed to sql injection attacks. Just remember to encode the input values, you can use HTMLEncode to do that. I keep on forgetting to do that myself, so now I have a sticky note just for reminding me
Crap.. should read the whole thread before posting
Crap.. should read the whole thread before posting
Gave me some interesting reading, this question me be as noob as the come but I wouldn't know where to start to find the answer:
In my first attemp I had the oleDbConnections in the code behind each page, this I figured would mean lots op connections being opened and closed and would ultimately result in slow performance. After reading the fineprint I changed my code to make use of methods stored inside of a web service. This however has lead to a performance decrease(not much, less than a sec difference but enough to notice after refreashing a page a few times during testing). So my question is why? Why use a web service when the same can be done in the code behind each page? And why should I use a web service?
I apologize in advance if this question is stupid( I wouldn't know as this is my first website and my college books are a joke)
Web Services are just another way to communicate with your system, for things that can't work with web pages, or where web pages are not the ideal interface. That's a simplified although not 100% accurate description. There's a lot more to it, but for where you are now, that's good enough.
Think of a web service (these days better to use a WCF service) as a little antenna sitting in your web site that you can access remotely from a piece of software. You can talk to that antenna and ask it to do stuff in code. This is incredibly useful if your system needs to interface with other software (not web based, or not written by you). If you are just building a website to view / add / edit data, then a web service is just going to slow you down, and add a level of abstraction that you do not need. I would stay away from implementing any web services until you reach the point where you have windows desktop software (or linux / mac etc) needing to get info, or a third party software needs to integrate with you. At that point, you can simply add a service to your solution, expose the needed methods, secure it, and off you go. No code rewrite needed.
EDIT: On the point of having the database connection in each page... read up on data access layers. Ideally you want to separate your interfaces (web pages) from the underlying data layer, and methods to access the database.
EDIT 2: In a web environment, you are going to have lots of DB calls (i'm ignoring the available caching mechanisms here) regardless of whether the calls are being made from the interface or from the data access layer, because for the most part, the website is stateless, and you will need to call the db every time you need new data. Using a data access layer will make your code more maintainable though. Also, you can group certain database calls by creating SQL that will fetch data from more than one table, if that data is relevant. It may be a bit of a jump... but I would spend a bit of time reading up on Linq and data access frameworks. More pain now means less pain later... depending on the amount of time you have.
Last edited:
Or find a Linq Access provider - save yourself alot of OleDb pain . Although I don't know if one exists.
Also, although you gain alot of power by writing your own auth, the built in one is pretty good and encompassing (get over it! It really is.). And if you do need more, just override the methods so that you can still use the default controls, but with your code.
Voila.
. Although I don't know if one exists.Also, although you gain alot of power by writing your own auth, the built in one is pretty good and encompassing (get over it! It really is.). And if you do need more, just override the methods so that you can still use the default controls, but with your code.
Voila.
Well you need to use the right tool for the job, and those tools will be very different depending on the task. So I switch depending on the project (I don't just do web development). For your run of the mill enterprise web development, EF can be awesome, and is usually my first choice. It has its short comings when you start looking at desktop application development with a bucket load of multi-threading. Multi-threading is something it does not handle well at all in my experience. For high volume multi-threaded DB access I use standard T-SQL and stored procs. It takes longer to do the plumbing, but you have more control.
L2SQL became irrelevant when EF was released, so I stopped using it. I haven't used NHibernate. At the moment i'm using custom binary files for storage on an app i'm working on as it needs to share data with a device running embedded C. Binary files can be a lot faster when accessing info, if you have the right file access methodology and you don't require hundreds of thousands of rows. It's overkill unless you need something very specific, and performance is paramount. There can be quite a bit of overhead when using a relational DB.
All these frameworks and methodologies are just tools in your belt. There is no silver bullet.
Or find a Linq Access provider - save yourself alot of OleDb pain
Also, although you gain alot of power by writing your own auth, the built in one is pretty good and encompassing (get over it! It really is.). And if you do need more, just override the methods so that you can still use the default controls, but with your code.
Voila.
Spent two days solid just on user auth...recreated most of the controls you usually see online but all in my own code. Even though it was a pain in the ass I must say it was a) a nice challenge and b) a good learning activity. The whole process gave me a better idea of how stuff works( redirecting if not logged in ect.)
I would like to upload this site once I'm done to get some opinions from everyone and advice on where and what I shouldn't have done, would you guys be willing to offer some criticism?
FarligOpptreden
Executive Member
I'd provide some comments / criticism on your site. BTW - web services are an awesome way of achieving some sort of a SOA in your project. It'll also save you a lot of time later on when you need to build or provide some form of API to your web application. ANOTHER benefit is AJAX-ifying many of your interactions later on. So, plan early and save yourself a lot of time later on.
I'd provide some comments / criticism on your site. BTW - web services are an awesome way of achieving some sort of a SOA in your project. It'll also save you a lot of time later on when you need to build or provide some form of API to your web application. ANOTHER benefit is AJAX-ifying many of your interactions later on. So, plan early and save yourself a lot of time later on.
Most of what u said is French to me hehe xD. The module I did is only a brief intro to asp and I don't know anything about actual web design so it's all built of a fairly basic template. Think the whole point was to show us what C# and asp can do together, the main theme is the db interactions with the use of a web service.
Lol took me two days to do the auth and after 3 hours today I'm busy with my last two pages. Says alot about the actual complicity of the project.
FarligOpptreden
Executive Member
OH! I misunderstood it for a work project, and by the sounds of it this is a tertiary (secondary?) education project. Am I right in assuming that?
Sorry, I never knew I had to go into that detail? I provided what was asked for, just thought I would help.
Thanks for the info tho, is really useful! One thing I still don't really consider is SQL Injections. Meh... I suppose I should get around to it
Thanks again!
Thanks for the info tho, is really useful! One thing I still don't really consider is SQL Injections. Meh... I suppose I should get around to it
Thanks again!