The snippet below describes on how we are going to validate the user credentials being supplied by the end user in Login page using the ADO.NET way..
C#
protected void ValidateUserInfo(string user, string pass)
{
SqlConnection connection = new SqlConnection("YOUR CONNECTION STRING HERE");
string sql = "SELECT * FROM TableName WHERE UserID = @username AND Password = @password";
SqlCommand cmd = new SqlCommand(sql,connection);
cmd.Parameters.AddWithValue("@username", user);
cmd.Parameters.AddWithValue("@password", pass);
connection.Open();
DataTable dt = new DataTable();
SqlDataAdapter ad = new SqlDataAdapter(cmd);
ad.Fill(dt);
if (dt.Rows.Count > 0) { //check if the query returns any data
//Valid Username and Password
Response.Redirect("Default.aspx");
}
else
{
Response.Write("INVALID Username and Password, Try Again!");
}
connection.Close();
}
protected void Button1_Click(object sender, EventArgs e)
{
ValidateUserInfo(TextUserName.Text.Trim(), TextPassword.Text.Trim());
}
VB.NET
Protected Sub ValidateUserInfo(ByVal user As String, ByVal pass As String)
Dim connection As New SqlConnection("YOUR CONNECTION STRING HERE")
Dim sql As String = "SELECT * FROM TableName WHERE UserID = @username AND Password = @password"
Dim cmd As New SqlCommand(sql, connection)
cmd.Parameters.AddWithValue("@username", user)
cmd.Parameters.AddWithValue("@password", pass)
connection.Open()
Dim dt As New DataTable()
Dim ad As New SqlDataAdapter(cmd)
ad.Fill(dt)
If dt.Rows.Count > 0 Then
'check if the query returns any data
Response.Redirect("Default.aspx")
Else
Response.Write("INVALID Username and Password, Try Again!")
End If
connection.Close()
End Sub
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As EventArgs) Handles Button1_Click
ValidateUserInfo(TextUserName.Text.Trim(), TextPassword.Text.Trim())
End Sub
That simple! Happy Coding!