Create Login page in asp.net using Stored Procedure

Create Login page in asp.net using Stored Procedure

Create table in sql:

create table login(id int identity,username varchar(max),password varchar(max))

insert into login values('aravindh','aravindh')

create procedure:

create procedure sp_login(@username varchar(max),@password varchar(max),@outres int OUTPUT)

as

set @outres = (select count(*) from login where username=@username and password=@password)

if(@outres =1)

begin

set @outres = 1

end

else

begin

set @outres=0

end

Source Code(default.aspx)

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="WebForm1.aspx.cs" Inherits="WebApplication1.WebForm1" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">

<head runat="server">

    <title></title>

</head>

<body>

    <form id="form1" runat="server">

    <div>

    <table>

        <tr><td>Username</td><td><asp:TextBox ID="txtuser" runat="server" ></asp:TextBox></td></tr>

        <tr><td>Password</td><td><asp:TextBox ID="txtpass" runat="server" TextMode="Password" ></asp:TextBox></td></tr>

        <tr><td></td><td><asp:Button ID="btsub" runat="server" Text="Login" /></td></tr>

       

    </table>

        <asp:Label ID="lblMessage" runat="server" ></asp:Label>

    </div>

    </form>

</body>

</html>

Codebehind page(default.aspx.cs)

using System;

using System.Collections;

using System.Configuration;

using System.Data;

using System.Linq;

using System.Web;

using System.Web.Security;

using System.Web.UI;

using System.Web.UI.HtmlControls;

using System.Web.UI.WebControls;

using System.Web.UI.WebControls.WebParts;

using System.Xml.Linq;

using System.Data.SqlClient;

namespace login

{

    public partial class _Default : System.Web.UI.Page

    {

        SqlConnection con = new SqlConnection("Data Source=DEV007\\sqlexpress;Initial Catalog=aravindh;Integrated Security=True");

        protected void Page_Load(object sender, EventArgs e)

        {

        }

        public int validate_login(string username, string password)

        {

            //con.Open();

            SqlCommand cmd = new SqlCommand();

            cmd.CommandType = CommandType.StoredProcedure;

            cmd.CommandText = "sp_login";

            cmd.Parameters.Add("@username", SqlDbType.VarChar).Value = username;

            cmd.Parameters.Add("@password", SqlDbType.VarChar).Value = password;

            cmd.Parameters.Add("@outres", SqlDbType.Int);

            cmd.Parameters["@outres"].Direction = ParameterDirection.Output;

            cmd.Connection = con;

            int Results = 0;

            try

            {

                con.Open();

                cmd.ExecuteNonQuery();

                Results = (int)cmd.Parameters["@outres"].Value;

            }

            catch (SqlException ex)

            {

                lblMessage.Text = ex.Message;

            }

            finally

            {

                cmd.Dispose();

                if (con != null)

                {

                    con.Close();

                }

            }

            return Results;

        }

        protected void btsub_Click(object sender, EventArgs e)

        {

            int results = 0;

            if (txtuser.Text != string.Empty && txtpass.Text != string.Empty)

            {

                results = validate_login(txtuser.Text.Trim(), txtpass.Text.Trim());

                if (results == 1)

      {

       lblMessage.Text = "Login is Good, Send the User to another page or enable controls";

      }

      else

      {

        lblMessage.Text = "Invalid Login";

         lblMessage.ForeColor = System.Drawing.Color.Red;

//Dont Give too much information this might tell a hacker what is wrong in the login

      }

}

else

{

    lblMessage.Text = "Please make sure that the username and the password is Correct";

}

            }

        }

    }