Solved

Login form

Posted on 2006-11-23
6
347 Views
Last Modified: 2010-04-23
This is the code I'm using for a simple login form, which checks the entered username and password against a table in a remote database:



Imports System.Data.SqlClient

Public Class frmLogin

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
        Dim strLoginConnStr As String
        strLoginConnStr = "Data Source=xxx;" & _
            "Initial Catalog=xxx;User Id=xxx;Password=xxx;"
        Dim connLogin As New SqlClient.SqlConnection(strLoginConnStr)
        connLogin.Open()
        Dim strSQL As String = "sp_workshop_login '" & _
            Replace(tbUsername.Text, "'", "''") & "', '" & _
            Replace(tbPassword.Text, "'", "''") & "'"
        Dim comLogin As New SqlCommand(strSQL, connLogin)
        Dim Reader As SqlDataReader = comLogin.ExecuteReader()
        If Reader.Read() Then
            MsgBox("Good username and password!")
        Else
            MsgBox("Bad username or password!", MsgBoxStyle.Exclamation)
        End If
        connLogin.Close()
    End Sub

    Private Sub btnClose_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnClose.Click
        Me.Close()
    End Sub
End Class



I've got two questions in this regard:

1) Is this the best way to code a login form?

2) When the database is not available, the line        connLogin.Open()      will make the program hang. I even tried to surround it with a Try..Catch, but the exception doesn't occur when the database is down. How can I manage it to show an error message when the database is down?
0
Comment
Question by:huji
6 Comments
 
LVL 69

Expert Comment

by:Éric Moreau
ID: 18003075
2) you can shorter the timeout property of the Command object.
0
 
LVL 6

Accepted Solution

by:
Jayadev Nair earned 200 total points
ID: 18003715
Hi

Please try adding "Connect Timeout=5" parameter to your connection string. this must solve the issue. But donot forget to catch the timeout.

Thanks.
0
 
LVL 24

Assisted Solution

by:Jeff Certain
Jeff Certain earned 200 total points
ID: 18004186
1. Use your command to call a stored procedure, not the strange version of dynamic SQL you've got now.
2. Use "using" if you're in VB2005.
3. Create a stored procedure that takes the user name and password as parameters, and returns the user name.

Here's the function to check:

Public Function CheckLogin(ByVal userName As String, ByVal pwd As String) As Boolean
    Dim strLoginConnStr As String
    strLoginConnStr = "Data Source=xxx;" & _
        "Initial Catalog=xxx;User Id=xxx;Password=xxx;"
    Using connLogin As New SqlClient.SqlConnection(strLoginConnStr)
      connLogin.Open()
      Using cmd As New SqlCommand("sp_workshop_login", connLogin)
        cmd.CommandType = CommandType.StoredProcedure
        cmd.Parameters.Add("@userName", SqlDbType.VarChar, 30).Value = userName
        cmd.Parameters.Add("@password", SqlDbType.VarChar, 30).Value = pwd
        Return Not (cmd.ExecuteScalar Is System.DBNull.Value)
      End Using
    End Using
  End Function

Note: in general, it is a bad idea to transmit credentials in clear text; I hash passwords and then submit the hash to the sproc to check to see if the login is valid.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 14

Author Comment

by:huji
ID: 18004223
>> ... "Connect Timeout=5" ...
It did the trick.

>> 2. Use "using" if you're in VB2005.
What is its benefit in this case?
0
 
LVL 24

Expert Comment

by:Jeff Certain
ID: 18004230
2. Using disposes the objects for you. In the case of connection objects, it closes them for you as well.
0
 
LVL 14

Author Comment

by:huji
ID: 18004827
Great.

Follow me here please: http:Q_22070999.html

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: jpaulino
XML Literals are a great way to handle XML files and the community doesn’t use it as much as it should.  An XML Literal is like a String (http://msdn.microsoft.com/en-us/library/system.string.aspx) Literal, only instead of starting and ending with w…
It’s quite interesting for me as I worked with Excel using vb.net for some time. Here are some topics which I know want to share with others whom this might help. First of all if you are working with Excel then you need to Download the Following …
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now