Click here to Skip to main content
15,908,111 members
Search within:


Login verification is not working with 3 tier archuitecture
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
C#
ASP.NET
with any inputs it is logging into application.

Data layer:
C#
public DataSet Userlogin(Users objlogin)
       {
           SqlConnection con = new SqlConnection(ConnString);
           SqlCommand cmd = new SqlCommand("SELECT * FROM User_details WHERE [Login Id]=@loginid AND [Password]=@password", con);
           cmd.Parameters.AddWithValue("@loginid", objlogin.loginId);
           cmd.Parameters.AddWithValue("@password", objlogin.Password);

           SqlDataAdapter da = new SqlDataAdapter(cmd);
           DataSet ds = new DataSet();
           da = new SqlDataAdapter(cmd);
           da.Fill(ds);
           return ds;
           //DataTable dt = new DataTable();
           //da.Fill(dt);
           //return (dt);
       }


BLL:
C#
public DataSet Userlogin(Users objUser)
       {

           DataLayer objUserDAL = new DataLayer();
           try
           {

               return objUserDAL.Userlogin(objUser);
           }
           catch (Exception ex)
           {
               throw ex;
           }
       }


UI layer:
C#
<pre> protected void btnlogin_Click(object sender, EventArgs e)
        {
            Users objuser = new Users();
            objuser.loginId = loginid.Text;
            objuser.Password = pwd.Text;
            DataSet ds = new DataSet();
            //DataTable dt = new DataTable();

            BAL objBAL = new BAL();
            ds= objBAL.Userlogin(objuser);

            if(ds.Tables.Count>0)
            {
                Session["User"] = loginid.Text;
                Response.Redirect("~/Transactions.aspx");
            }
            else
            {
                Response.Write("<script>alert('Invalid Credentials!')</script> ");
            }
          
        }
    }
}


What I have tried:

It is working with single tier- below code
C#
<pre>   protected void btnlogin_Click(object sender, EventArgs e)
        {
            String strConnString = ConfigurationManager.ConnectionStrings["conString"].ConnectionString;

            SqlConnection con = new SqlConnection(strConnString);

            SqlCommand cmd = new SqlCommand("SELECT * FROM User_details WHERE [Login Id]=@loginid AND [Password]=@password",con );
            cmd.Parameters.Add("@loginid", SqlDbType.VarChar).Value = loginid.Text;
            cmd.Parameters.Add("@password", SqlDbType.VarChar).Value = pwd.Text;
              
            SqlDataAdapter da = new SqlDataAdapter(cmd);

            DataTable dt = new DataTable();
            da.Fill(dt);
            if(dt.Rows.Count > 0)
            {
                Session["User"] = loginid.Text;
                Response.Redirect("Transactions.aspx");
               
            }

            else
            {
                
                Response.Write("<script>alert('Invalid Credentials!')</script> ");
               
            }
        }
Posted
Updated 27-Aug-18 5:47am
v2
Add a Solution
Comments
Richard Deeming 28-Aug-18 14:55pm    
NEVER store passwords in plain text!

Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

And why are you re-inventing the wheel? ASP.NET has several perfectly good authentication systems built-in - for example, ASP.NET Identity[^]

2 solutions

First step is to understand the code.

The one that does not work has
C#
if(ds.Tables.Count>0)

and the one that does work has
C#
if(dt.Rows.Count > 0)


You need to check if tables exist and THEN also check if Rows exist.
 
Share this answer
 
Posted
DataSet is composed of DataTables so you need to specify the table like this:

C#
ds.Tables["TableName"].Count > 0


or using index like this:

C#
ds.Tables[0].Count > 0


While what works, I would still recommend you to DataTable instead of DataSet since you are only dealing with one database table. Also, make it a habit to put objects that eat resources such as SqlConnection, SqlCommand and SqlDataAdapter within a using statement to ensure that objects will be properly disposed and closed after they are used. Here's a quick example:

C#
public DataTable Userlogin(Users objlogin){
       DataTable dt = new DataTable();
	   string sqlStatement = "SELECT * FROM User_details WHERE [Login Id]=@loginid AND [Password]=@password";
   
        	using(SqlConnection connection = new SqlConnection(GetConnectionString())){
           		using(SqlCommand cmd = new SqlCommand(sqlStatement ,connection)){
               	 	cmd.CommandType = CommandType.Text;
       	            cmd.Parameters.AddWithValue("@loginid", objlogin.loginId);
           			cmd.Parameters.AddWithValue("@password", objlogin.Password);
					using(SqlDataAdapter da = new SqlDataAdapter(cmd)){
						da.Fill(dt);
					}
        		}
        }
	return 	dt;	
}


Then in your Business layer, you would need to return a DataTable too so you can do something like this in your UI layer:

C#
BAL objBAL = new BAL();
            DataTable dt = objBAL.Userlogin(objuser);

            if(dt.Rows.Count > 0)
            {
                Session["User"] = loginid.Text;
                Response.Redirect("~/Transactions.aspx");
            }
            else
            {
                Response.Write("<script>alert('Invalid Credentials!')</script> ");
            }



Note that we're now using dt.Rows.Count to check if your query returns any data.
 
Share this answer
 
Posted
Updated 27-Aug-18 5:51am
v2
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 27 Aug 2018
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-05-29:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900