[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 155
  • Last Modified:

Check if Values Exists

Hello Experts,

I'm creating an application that give employees the ability to register themselves to Online Courses. Employees can view all courses offered and if they like a Course then they click on the "register" button which will take them to login.aspx page where they either have to login with there credentials or signup for an account before they can register for a course.

Please Note: Once a user clicks on the "register" button it collects the following two values ghaoc_id and ghaocp_id. Those two values are passed to the login.aspx page and once the employee logs in then they are redirected back to the "register" page which by the way the "register" page is secured and you cannot access unless authenticated. But once you are authenticated it takes you back to this page allowing you to add the employee's ID, ghaoc_id, and ghaocp_id into the Database.

I have two questions:

1.) How can I check to make sure users_id is NOT NULL. If it's NULL then redirect back to login.aspx page using FormsRedirectToLogin Page property?

2.) How can I retrieve the data related to ghaoc_id and ghaocp_id in my database against the values stored in the HiddenFields?

I have attached the CODEBEHIND for the "register" page.

CODEBEHIND:

using System;
using System.Configuration;
using System.Collections.Generic;
using System.Data;
using System.Data.SqlClient;
using System.IO;
using System.Net.Mail;
using System.Net.NetworkInformation;
using System.Security.Cryptography;
using System.Text;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;

public partial class programinfo_ghap_login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }

    protected void btn_ProgramInfoSignIn_Click(object sender, EventArgs e)
    {
        //Retrieve the guid from db
        string guid = String.Empty;

        using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["HealthCourses"].ConnectionString))
        {
            SqlCommand cmd = new SqlCommand();
            cmd.CommandText = "HealthCourses_LoginPassSalt";
            cmd.CommandType = CommandType.StoredProcedure;
            cmd.Connection = conn;

            cmd.Parameters.AddWithValue("@users_username", SqlDbType.VarChar).Value = txtUserName.Text;

            DataTable dtGuid = new DataTable();

            SqlDataAdapter adp = new SqlDataAdapter();
            adp.SelectCommand = cmd;
            adp.Fill(dtGuid);

            if (dtGuid != null && dtGuid.Rows.Count > 0)
            {
                guid = dtGuid.Rows[0]["users_password_salt"].ToString();

                SqlCommand cmdClientLogin = new SqlCommand();
                cmdClientLogin.CommandText = "HealthCourses_Login";
                cmdClientLogin.CommandType = CommandType.StoredProcedure;
                cmdClientLogin.Connection = conn;

                cmdClientLogin.Parameters.AddWithValue("@users_username", SqlDbType.VarChar).Value = txtUserName.Text;
                cmdClientLogin.Parameters.AddWithValue("@users_password", SqlDbType.VarChar).Value = SHA512_HASH.ComputeSHA512Hash(txtPassword.Text + guid);

                conn.Open();

                SqlDataReader rdr = cmdClientLogin.ExecuteReader();

                if (rdr.HasRows && rdr.Read())
                {
                    rdr.Close();
                    conn.Close();
                    Session["UserNameSessionID"] = txtUserName.Text;
                    FormsAuthentication.RedirectFromLoginPage(txtPassword.Text, false);
                }
            }

            else
            {
                lblSignInError.Text = "Invalid Credentials!";
            }
        }
    }
}

Open in new window

0
asp_net2
Asked:
asp_net2
  • 4
  • 3
1 Solution
 
Rajkumar GsSoftware EngineerCommented:
public static bool checkSession()
{

      if (!HttpContext.Current.User.Identity.IsAuthenticated) {
            HttpContext.Current.Response.Redirect("Default.aspx");

            return false;
      } else {
            return true;
      }
}



protected void Page_Load(object Sender, EventArgs E)
{
      if (!escc.UserClass.checkSession)
            return;
}
0
 
jjamstrongCommented:
Are you using ASP.Net default membership system?
0
 
Rajkumar GsSoftware EngineerCommented:
#1 - Simply
 
protected void Page_Load(object Sender, EventArgs E)
{
 if (!HttpContext.Current.User.Identity.IsAuthenticated) {
            HttpContext.Current.Response.Redirect("Default.aspx");
}

Open in new window



 
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
asp_net2Author Commented:
@RajkumarGS,

I'm confused with what you provided. For example, I understand my login logic code that I have attached and once the user is authenticated on the login page a Session is created called "UserNameSessionID". So I guess I need to check to determine if "UserNameSessionID" exist on the "register" page but not sure how to do so. Please see my attached login.aspx CODEBEHIND.


using System;
using System.Configuration;
using System.Collections.Generic;
using System.Data;
using System.Data.SqlClient;
using System.IO;
using System.Net.Mail;
using System.Net.NetworkInformation;
using System.Security.Cryptography;
using System.Text;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;

public partial class programinfo_ghap_login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }

    protected void btn_ProgramInfoSignIn_Click(object sender, EventArgs e)
    {
        //Retrieve the guid from db
        string guid = String.Empty;

        using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["HealthCourses"].ConnectionString))
        {
            SqlCommand cmd = new SqlCommand();
            cmd.CommandText = "HealthCourses_LoginPassSalt";
            cmd.CommandType = CommandType.StoredProcedure;
            cmd.Connection = conn;

            cmd.Parameters.AddWithValue("@users_username", SqlDbType.VarChar).Value = txtUserName.Text;

            DataTable dtGuid = new DataTable();

            SqlDataAdapter adp = new SqlDataAdapter();
            adp.SelectCommand = cmd;
            adp.Fill(dtGuid);

            if (dtGuid != null && dtGuid.Rows.Count > 0)
            {
                guid = dtGuid.Rows[0]["users_password_salt"].ToString();

                SqlCommand cmdClientLogin = new SqlCommand();
                cmdClientLogin.CommandText = "HealthCourses_Login";
                cmdClientLogin.CommandType = CommandType.StoredProcedure;
                cmdClientLogin.Connection = conn;

                cmdClientLogin.Parameters.AddWithValue("@users_username", SqlDbType.VarChar).Value = txtUserName.Text;
                cmdClientLogin.Parameters.AddWithValue("@users_password", SqlDbType.VarChar).Value = SHA512_HASH.ComputeSHA512Hash(txtPassword.Text + guid);

                conn.Open();

                SqlDataReader rdr = cmdClientLogin.ExecuteReader();

                if (rdr.HasRows && rdr.Read())
                {
                    rdr.Close();
                    conn.Close();
                    Session["UserNameSessionID"] = txtUserName.Text;
                    FormsAuthentication.RedirectFromLoginPage(txtPassword.Text, false);
                }
            }

            else
            {
                lblSignInError.Text = "Invalid Credentials!";
            }
        }
    }
}

Open in new window

0
 
asp_net2Author Commented:
@jjamstrong,

>> Are you using ASP.Net default membership system?

No, I'm using my own Custom authentication system.
0
 
asp_net2Author Commented:
@RajkumarGS:

You there?
0
 
asp_net2Author Commented:
Lack of help!!!
0
 
Rajkumar GsSoftware EngineerCommented:
Sorry! I didn't notice the updates on this question somehow.

The code that I posted is to use in all inner pages page_load event, which will help to check whether the user is authenticated or not. There are possibility that user may type-in some inner page URL directly. This code will prevent loading those pages without a valid login.

Raj
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now