March 1, 2005 at 1:26 pm
I am in the process of building a web site using asp.net and a sql database. I have my login page set up using cookies.
I will have several different pages the user will fill out - something like an extensive survey. How can I set up a stored procedure to grab the user's ID from the cookie?
I also want to have pages that will display the information the user has input. What is the best way to pull the information from the database so I can format it the way I need? Will also need to filter the records based on the User ID stored in the cookie.
Suggestions on a starting point or a code sample would be greatly appreciated.
Thank you!
March 2, 2005 at 8:43 pm
use Request.Cookies("CaseSensaTiveCookieName") to read it in.
use Response.Cookies("CaseSensativeCookieName") to write it back out after a successfull login.
--In SQL
open the table in design view and change the collation for the password collumn to Case-sensative.
Create Proc userLogin
(
@User VARCHAR(25)
,@Password VARCHAR(15)
)
AS
Select ID From Users Where User=@User and Password =@Password
RETURN
-- in the page
Sub ButtonLogin_Submit(...)...
Dim con As New SqlConnection("connectionstring...")
Dim da As New SqlDataAdapter()
Dim cmd As New SqlCommand()
Try
With cmd
.Connection=con
.CommandText="userLogin"
.commandType=CommandType.StoredProcedure
.Parameters.Add("@User",SqlDbType.Varchar,25).value=me.txtUserName.Text
.Parameters.Add("@Password",SqlDbType.VarChar,15).Value = me.txtPassword.Text
End With
da.SelectCommand = cmd
Dim ds as new DataSet
da.Fill(ds,"User")
con.close()
if ds.Tables(0).Rows.Count>1 Then
Response.Cookies("UserID") = ds.Tables(0).Rows(0)("UserID")
Else
me.lblMessage.Text="Invalid Login"
End If
Catch Ex As Exception
me.lblMessage.Text=ex.Message
Finally ' this will always run no matter( unless power outage)
if con.State = ConnectionState.Open Then con.Close()
Con.Dispose()
cmd.Dispose()
da.Dispose()
End Try
End Sub
' later on ALL member driven pages (or you can do FormsAuthentication)
If Request.Cookies("UserID") Is Nothing OrElse Request.Cookies("UserID")="" then
Response.Redirect("./login.aspx")
Else
'do a database call passing the user info into a stored procedure parameter or query
End If
March 10, 2005 at 1:07 pm
Sorry for the delay have been working on my navigation system.
I have my login all set based on a user_name which works great. It passes the user_name and the user's role into the cookie and I am able to restrict access to certain folders based on the role.
I have several different tables that are all related to the main table that houses the UserID (identity field), user_name, and password.
I am trying to set it up where the user can move between all of my forms and submit their information and the UserID from the main table will be entered into the UserID field of the related table. Of course I will need the UserID to be selected based on the user's user_name which is stored in the cookie. I have been doing quite a bit of reading to try and figure out how to store the userID in a session but I am just getting more confused. I would like to pass my the userID stored in the session to my stored procedure for each form.
I do know that I need to pass the userID to the session in my Global.ascx page.
Any help in clearing this up for me would be greatly appreciated. A code sample is also helpful.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply