• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 454
  • Last Modified:

WebMethod - bool AuthenticateUser question?

I found this on the Internet. It seems like a good idea, but it always returns True:

Q. Is there something wrong with this code?

[WebMethod]
    public bool AuthenticateUser(string User, string Password)
    {
        try
        {
            string sql = " IF EXISTS (Select User From tbl_Users Where Users = '" + Email.ToString() + "')"+
                " SELECT Password FROM tbl_Users WHERE Password = '" + Password.ToString() + "' ";
            cn = new SqlConnection("integrated security=SSPI;server=localhost; persist security info=False;initial catalog=Northwind");
            SqlDataAdapter da = new SqlDataAdapter(sql, cn);
            cn.Open();
            da.SelectCommand.ExecuteNonQuery();
            cn.Close();            

            return true;
        }
        catch
        {
            return false;
        }
    }
0
kvnsdr
Asked:
kvnsdr
  • 3
  • 2
1 Solution
 
indu_mkCommented:
As there in no exception thrown by the executenonquery, even if nothing is fecthed, this always return true.
I would suggest something like this:
Private Function AuthenticateUser(ByVal userName As String, ByVal passWord As String) As Boolean
        Try
            Dim sql As String
            sql = "select count(*) from tbl_users where user_name = '" + userName + "' and user_password = '" + passWord + "'"
            Dim cn As New SqlConnection("Server=servername;User Id=sa;Password=sa;Trusted_Connection=False;Initial Catalog=northwind")
            Dim da As New SqlDataAdapter(sql, cn)
            cn.Open()
            Dim n As Integer
            n = da.SelectCommand.ExecuteScalar
            If n = 1 Then
                Return True
            Else
                Return False
            End If

        Catch ex As Exception
            Return False
        End Try
    End Function
0
 
kvnsdrAuthor Commented:
Very simple, just the way I like it, however I recieve the following compile error message:

Cannot implicitly convert type 'object' to 'int'. An explicit conversion exists (are you missing a cast?)
0
 
kvnsdrAuthor Commented:
Never Mind, I forgot to include all the { } in the If Else method.
0
 
kvnsdrAuthor Commented:
More points, another question regarding WebServices.

I using the following code in a Windows App to recieve the WebMethod bool return into a textbox and also check email & pass authorization for other methods to use...

I always returns a False......


string strEmail = txtEmail.Text; strPassword = txtPassword.Text;

private bool AuthenticateUser(string sEmail, string sPassword)
        {            
            MyWebSite.Service service1 = new MyWebSite.Service();
            service1.Credentials = CredentialCache.DefaultCredentials;
            bool EmailPass = service1.AuthenticateUser(strEmail, strPassword);

            txtbool.Text = EmailPass.ToString();

            return EmailPass;
        }            
0
 
indu_mkCommented:
This works fine for me in VS2003 and VS2005. Check the authentication you are using for your web service in IIS. Use Integrated Windows Authentication and remove Anonymous Access.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now