ASP.NET Security

 

 

1.      
Web.config

  <authentication
mode="Forms">

      <forms
name=".jobsite" loginUrl="login.aspx"></forms>

    </authentication>

 

2.      
DATABASE
TABLE

CREATE TABLE [dbo].[userlist1](

                [username]
[varchar](50) NULL,

                [userpass] [varchar](50) NULL,

                [fname] [varchar](50) NULL,

                [lname] [varchar](50) NULL,

                [email]
[varchar](50) NULL,

                [BRIEFDESC] [text] NULL,

                [FULLDESC] [varchar](50) NULL,

                [RESUMEDETAILS] [varchar](50) NULL,

                [ID] [int] IDENTITY(1,1) NOT NULL

) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]

 

GO

SELECT * FROM USERLIST1

 

select * from addjobs

create proc sp_register

(

@uname varchar(50),

@upass varchar(50),

@fname varchar(50),

@lname varchar(50),

@mail varchar(50),

@desc text,

@full varchar(50),

@resume varchar(50)

)

as

begin

 

if exists

( select username from userlist1 where username=@uname)

return 1

else

insert into
USERLIST1(username,userpass,fname,lname,email,BRIEFDESC,FULLDESC,RESUMEDETAILS)
values (@uname,@upass,@fname,@lname,@mail,@desc,@full,@resume)

 

 

end

 

 

 

 

 

 

CREATE proc verifypassword

  (

  @username varchar(50),

  @userpwd
varchar(50)

 

  )

 

  as

 

  BEGIN

 

  declare
@founduser varchar(50)

 

 Select @founduser=username
from userlist1 where username=@username and userpass=@userpwd

 

   

  if @founduser IS NOT NULL

 

  return
0

 

 

       

 else

 if
exists (Select username from userlist1 where username=@username)

 

return 2

 

 else

 

 return 1

 

  END

GO

 

 

 

//another method to insert record

create table addjobs

(

uname varchar(50),

bdesc varchar(50),

fulldesc text

)

as

 

 

create proc addjob

(

@uname varchar(50),

@bdesc varchar(50),

@fulldesc text

)

as

insert addjobs (uname,bdesc,fulldesc
)values(@uname,@bdesc,@fulldesc )

 

update userlist1 set resumedetails=0 where
username=@uname

 

 

 

 

 

 

3.      
Login
Form

using
System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Data.SqlClient;

 

using System.Web.Security;

 

 

using System.Data;

 

public
partial class login : System.Web.UI.Page

{

 

 

    SqlConnection con
= new SqlConnection(System.Configuration.ConfigurationManager.AppSettings["Constr"]);

    SqlCommand cmd;

   

 

   // int tot;

    protected void Page_Load(object sender, EventArgs
e)

    {

 

       

    }

   

    public int verifypassword(string txt1,
string txt2)

    {

       

      

        con.Open();

        SqlParameter param;

 

        cmd
= new SqlCommand("verifypassword",
con);

        cmd.CommandType
= System.Data.CommandType.StoredProcedure;

      

 

       param=cmd.Parameters.Add("@return",
System.Data.SqlDbType.Int);

    

     param.Direction=ParameterDirection.ReturnValue;

     cmd.Parameters.AddWithValue("@username", txt1);

     cmd.Parameters.AddWithValue("@userpwd", txt2);

     cmd.ExecuteNonQuery();

 

     

        con.Close();

        return (int)cmd.Parameters["@return"].Value;

    }

    protected void Button1_Click(object sender, EventArgs e)

    {

        if (IsValid)

        {

  

          

 

            switch (verifypassword(TextBox1.Text, TextBox2.Text))

            {

                case
0:

                    FormsAuthentication.RedirectFromLoginPage(TextBox1.Text, CheckBox1.Checked);

 

                 

                   

                  

                    break;

                case
1:

                    Label3.Text = "You Not
Registered";

 

                    break;

                case
2:

                    Label3.Text = "Your
Password Incorrect";

 

                    break;

                default :

                    Label3.Text = "Login
Failed";

                    break;

            }

       

 

        }

    }

}