0

I have a big problem with Login and database. I was searching a lot but couldn't find a solution. First of all I'm trying to get row from my DB. When everything is true, I want to redirect. But when I'm writing my login and password, after around 30 sec I receive "A network-related or instance-specific error occurred while establishing a connection to SQL Server..."

Here is my code 

 using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using System.Web.Configuration;
    using System.Data;
    using System.Data.SqlClient;

    namespace _29
    {
public partial class Default : System.Web.UI.Page
{  
    private string strcon = WebConfigurationManager.ConnectionStrings["UserConnectionString1"].ConnectionString;
    protected void Page_Load(object sender, EventArgs e)

 {
        if ((Session["Check"] != null) && (Convert.ToBoolean(Session["Check"]) == true))
        {

// If User is Authenticated then moved to a main page
            if (User.Identity.IsAuthenticated)
                Response.Redirect("Welcome.aspx");
        }     
}

   protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        Boolean wynik;
        wynik = false;       

wynik = Authentication(Login1.UserName, Login1.Password);

        if (wynik == true) {
            e.Authenticated = true;


Session["Check"] = true;
        }
        else
        {
            e.Authenticated = false;



        }
    }
   private bool Authentication(string p1, string p2)
   {



       SqlConnection con = new SqlConnection(strcon);
       SqlCommand cmd = new SqlCommand("Select count(UserName) from Users where UserName='" + p1 + "' and Password ='" + p2 + "'", con);


con.Open();
       int result = (int)cmd.ExecuteScalar();
       if (result == 1)
       {


return true;
       }
       else
       {


return false;
       }

   }}



       }

Here is my Web.Config

<configuration>
    <connectionStrings>
        <add name="UserConnectionString1" connectionString="Data Source=(LocalDB)\v11.0;AttachDbFilename=|DataDirect`enter code here`ory|\User.mdf;Integrated 

    Security=True"
                    providerName="System.Data.SqlClient" />
            </connectionStrings>
            <system.web>


<compilation debug="true" targetFramework="4.5" />
      <httpRuntime targetFramework="4.5" />
    </system.web>
  <appSettings>


<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
  </appSettings>
</configuration>

Trying to get the result by rows but it doesn't work. Please help me :)

demongolem
  • 9,474
  • 36
  • 90
  • 105
vid20
  • 1
  • First and foremost, you should parameterize you sql statement. This is ripe for sql injection. Please look at articles such as this one -> http://www.codeproject.com/Articles/604268/Hack-Proof-Your-ASP-NET-Applications-From-SQL-Inje As to your question, I would check your connection string as it is more than likely not pointing to a valid sql server instance. – Ross Bush Apr 16 '14 at 01:37

2 Answers2

0

Your connection string seems to be wrong.

It should be like

Server=.\SQLExpress;AttachDbFilename=|DataDirectory|User.mdf;Database=dbname;
Trusted_Connection=Yes;

Not as you've used in you web.config

Data Source=(LocalDB)\v11.0;AttachDbFilename=|DataDirect`enter codehere`ory|\User.mdf;Integrated Security=True

Always check this website to get the proper connection string. It's very useful.

Cheers!

Sam
  • 2,917
  • 1
  • 15
  • 28
0

I think connection is Ok, because when i use connection on Page_Load, i can recieve information from my database. In this case "result" is 1 because only 1 row exist. But as you can see, i have to put already strings on my code. I want to use input (login control). THank you

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Configuration;
using System.Data;
using System.Data.SqlClient;

namespace _29
{

    public partial class Default : System.Web.UI.Page
    {


        private string strcon = WebConfigurationManager.ConnectionStrings["UserConnectionString1"].ConnectionString;
        protected void Page_Load(object sender, EventArgs e)
        {
            string p1 ="david";
            string p2 = "1234a";
            SqlConnection con = new SqlConnection(strcon);
            SqlCommand cmd = new SqlCommand("Select count(UserName) from Users where UserName='" + p1 + "' and Password ='" + p2 + "'", con);
            con.Open();
            int result = (int)cmd.ExecuteScalar();
            Response.Write(result);

        }
}
vid20
  • 1