SQL Datareader only checks first line in database

Hi

I am building a .net website and want to be able to use a login control to access a page where the username and password are taken from an existing database.

The code I have used is below:


Now this works great.... as long as you are the first person in the database table. For some reason the datareader doesn't read all the rows to match the username and password entered.

Any help would be greatly appreciated.
Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As AuthenticateEventArgs) 
    Dim Authenticated As Boolean = False 
    Authenticated = SiteLevelCustomAuthenticationMethod(Login1.UserName, Login1.Password) 
    e.Authenticated = Authenticated 
    If Authenticated = True Then 
        Response.Redirect("Home.aspx") 
    End If 
End Sub 
 
Private Function SiteLevelCustomAuthenticationMethod(ByVal UserName As String, ByVal Password As String) As Boolean 
    Dim boolReturnValue As Boolean = False 
    ' Insert code that implements a site-specific custom 
    ' authentication method here. 
    ' This example implementation always returns false. 
    Dim strConnection As String = "server=dtpxp-skumari;database=master;uid=sa;pwd=;" 
    Dim Connection As New SqlConnection(strConnection) 
    Dim strSQL As String = "Select * From Employee" 
    Dim command As New SqlCommand(strSQL, Connection) 
    Dim Dr As SqlDataReader 
    Connection.Open() 
    Dr = command.ExecuteReader() 
    While Dr.Read() 
        If (UserName = Dr("name").ToString()) And (Password = Dr("Password").ToString()) Then 
            boolReturnValue = True 
        End If 
        Dr.Close() 
        Return boolReturnValue 
    End While 
End Function

Open in new window

LVL 2
DJFullerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Guy Hengel [angelIII / a3]Billing EngineerCommented:
you close the datareader and return inside the while loop... bad move.
While Dr.Read()         
  If (UserName = Dr("name").ToString()) And (Password = Dr("Password").ToString()) Then        
     boolReturnValue = True       
  End If        
End While 
Dr.Close()         
Return boolReturnValue     

Open in new window

0
Dirk HaestProject managerCommented:
Dr = command.ExecuteReader()    
While Dr.Read()        
   If (UserName = Dr("name").ToString()) And (Password = Dr("Password").ToString()) Then
               boolReturnValue = True        
   End If
end while
Dr.Close()        
Return boolReturnValue
0
imitchieCommented:
if i may, break to speed things up

While Dr.Read()        
  If (UserName = Dr("name").ToString()) And (Password = Dr("Password").ToString()) Then        
     boolReturnValue = True
     break
  End If        
End While
Dr.Close()        
Return boolReturnValue    
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

imitchieCommented:
replace

    Dim strSQL As String = "Select * From Employee"
    Dim command As New SqlCommand(strSQL, Connection)
    Dim Dr As SqlDataReader
    Connection.Open()
    Dr = command.ExecuteReader()
    While Dr.Read()
        If (UserName = Dr("name").ToString()) And (Password = Dr("Password").ToString()) Then
            boolReturnValue = True
        End If
        Dr.Close()
        Return boolReturnValue
    End While

with

    Dim strSQL As String = "Select [name] From Employee where [name] = '" + Replace(UserName, "'", "''") + "' and [Password]= '" + Replace(Password, "'", "''") + "'"
    Dim command As New SqlCommand(strSQL, Connection)
    Dim Dr As SqlDataReader
    Connection.Open()
    Dr = command.ExecuteReader()
    boolReturnValue = Dr.Eof
    Dr.Close()
    Return boolReturnValue
0
imitchieCommented:
grr... time tosleep
    Dim strSQL As String = "Select [name] From Employee where [name] = '" + Replace(UserName, "'", "''") + "' and [Password]= '" + Replace(Password, "'", "''") + "'"
    Dim command As New SqlCommand(strSQL, Connection)
    Dim Dr As SqlDataReader
    Connection.Open()
    Dr = command.ExecuteReader()
    boolReturnValue = not Dr.Eof
    Dr.Close()
    Return boolReturnValue 

Open in new window

0
DJFullerAuthor Commented:
Oh my god.. what an idiot I am..

Thanks all of you... I guess I can share points out.

imitchie: what does adding break do?
0
Guy Hengel [angelIII / a3]Billing EngineerCommented:
>imitchie: what does adding break do?
it finishes the while immediately. as at that place, you knew the username/password is correct, no need to loop further in the DataReader.

the suggestion of imitchie to include the username/password test directly in the query is obviously the most efficient method, but could even be made better by using sqlcommand and sqlparameter objects ... but that is another discussion. just read up on those key terms will help you coding alot.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.