How to stop ASP.NET bypass login using SQLSERVER 2005

Question

0.00/5 (No votes)

See more:

How to stop Bypass Login from asp.net login page. I have used sql server 2005 and .net framework 3.5, and using C# language. I have checked login id and password from database.If lofin id and password is correct then user can logged in and can use the application. But my question is that,when my friend entered anything login id in login field and entered something in password field, and he successfully logges in and can use the application.Later I knew that its a bypass login.I want to stop the bypass login. Anyone can help me please....

[Edit: Shouting Removed]

Posted 19-May-13 19:54pm

Suman Maji

Updated 19-May-13 20:09pm

Abhishek Pant

v2

Add a Solution

2 solutions

Solution 1

You can check database at login time for provided username and password existance.If it doesnt find the one,revoke the access.

C#

SqlConnection conn = new SqlConnection();
conn.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["your connection string name"].ConnectionString;
conn.Open();
SqlCommand cmd = new SqlCommand("Select uname, pswd from table where uname = @id and pswd = @password ", conn);
cmd.Parameters.Add(new SqlParameter("@id", "id here"));
cmd.Parameters.Add(new SqlParameter("@password", "password here"));
SqlDataReader dr = cmd.ExecuteReader();
if(dr.Read())
{
     //Username and password found.User exists.
}
else
{
        //Username or password not found.Throw error message.
        Response.Write("<script type='text/javascript'>");
        Response.Write("alert('Invalid Credentials.');");            
        Response.Write("</script>");
}

Posted 19-May-13 20:15pm

Thanks7872

Updated 19-May-13 20:17pm

v2

Comments

Sunasara Imdadhusen 20-May-13 8:32am

Good explanation...I recommend your solution as well!!!

Thanks7872 20-May-13 11:43am

Sorry,it was wrongly commented by me.Thanks alot for this appreciation.

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sunasara Imdadhusen · Accepted Answer · 2013-05-19T20:18:00

This is not possible to bypass your authentication process. instead of you have to provide proper security like

1. Client and server side validation - to restrict invalid data entry
2. Prevent HTML, SQL injection
3. Database call check - verify user's information (id and password?) with your database value and then allow access to your application if requested user's id and password is match with DB.
4. Apply encryption - Store user id and password in encrypted format so no one can break security.

Thanks