Re: Problem in authentication using asp.net for a webpage

Why would an exception being thrown reading from the database being
indicative of password and username not matching? That just means an error
occurred.

There are 2 things wrong with your sql statement:
1. You aren't actually checking the password - which presumably you want to
do, given your error message
2. More importantly, you are not building valid SQL. String constants in a
SQL statement must be surrounded by single quotes. You are not doing this.

Lastly, when you post a question on a newsgroup, never say 'it did not
work', or 'there was an error'. You must always include the error message
to help the people trying to help you.

Did you think to try running your sql statement against the database outside
of the .NET application to make sure that works? Did you try debugging this
page?

I don't think you really needed us for this, you could have just done the
above and found the problems yourself.

"NITIN MUNJAL" <nitinm87@xxxxxxxxx> wrote in message
news:1134422028.207465.123850@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>I am trying to implement a simple way to authenticate users before
> entering my webpage. I have two textboxes one each for username and
> password. On the button click I call the function authenticate() which
> is written below. It queries to an access database db.mdb which has 3
> fields id, usernames and passwords. However this doesnt seem to work as
> I seem to get an exception always on the line maked by *** and the
> print statement in the catch statement is executed each time. Could
> someone help me out on this please as to where am I going wrong?
>
> //Code Snippet
>
> public void authenticate()
> {
> int i=0;
> string StrConn=@"Provider=Microsoft.Jet.OLEDB.4.0 ;Data
> Source=" + Server.MapPath("/db.mdb");
> OleDbConnection myConn=new OleDbConnection(StrConn);
> string strCon="SELECT * FROM authenticate WHERE
> uname="+UserName.Text;
> OleDbCommand oledbcomm = new OleDbCommand(strCon, myConn) ;
> myConn.Open();
> try{
> **** OleDbDataReader reader = oledbcomm.ExecuteReader();
> reader.Read();
> string pass=reader.GetString(2);
> if(pass==UserPass.Text)
> {
> i=reader.GetInt32(0);
> reader.Close();
> myConn.Close();
> if(i==0)
> Msg.Text = "Invalid Credentials: Please try again";
> else
> Response.Redirect("default.aspx");
> }
> else
> {
> reader.Close();
> myConn.Close();
> Msg.Text="Username and password do not match. (You
> provided "+UserName.Text+")";
> }
> }
> catch (System.Data.OleDb.OleDbException e){Msg.Text="Usernaword do
> not match. (You provided "+UserName.Text+")";}
> }
>
>
>
> TIA
>
>
> Nitin
>


.