ASPnet custom login system tutorial

in this tutorial, we will make a custom login system which will compare data to our own SQL server database. this tutorial will be using VB net as the code behind.
first of all, let’s make a database first using the SQL code below.

create database test
use test
create table login(id int primary key identity(1,1), username varchar(32), password varchar(32), usertype varchar(32))
insert into login(username, password, usertype) values ('admin', 'admin', 'admin'), ('user', 'user', 'user')

in the table we have username, password and user type to identify different role in the system.
then after the database is set up, we continue to making our new project in Microsoft Visual Web Developer or Microsoft Visual Studio.

delete all files which is not shown in this picture and create all the files that is shown in below.

in the conn.vb, we will have some code which set up all the connection to the database, please change the strServer according to your own running system.

[spoiler title=”Conn.vb” open=”0″ style=”1″] Module Conn
Public connDB As New SqlClient.SqlConnection
Public comDB As New SqlClient.SqlCommand
Public rdDB As SqlClient.SqlDataReader

Public Item As ListViewItem

Public SQL As String

Public Sub connectDB()
'This is the connection for your MS SQL Server
Dim strServer As String = "localhost\SQLEXPRESS" 'This is the server IP/Server name. If server is intalled on your local machine, your IP should be 127.0.0.1 or you may use localhost
Dim strDbase As String = "test" 'Database name
Dim strUser As String = "your username" 'Database user
Dim strPass As String = "your password" 'Database password

'uncomment the following if using username and password authentication
'If connDB.State <> ConnectionState.Open Then connDB.ConnectionString = "Data Source=" & strServer.Trim & ";Initial Catalog=" & strDbase.Trim & ";MultipleActiveResultSets=False;User ID=" & strUser.Trim & ";Password=" & strPass

'uncomment the following if using integrated security
If connDB.State <> ConnectionState.Open Then connDB.ConnectionString = "Data Source=" & strServer.Trim & ";Initial Catalog=" & strDbase.Trim & ";MultipleActiveResultSets=False;Integrated Security=True"
If connDB.State <> ConnectionState.Open Then connDB.Open()
End Sub

'Close the connection from database
Public Sub closeDB()
If connDB.State <> ConnectionState.Closed Then connDB.Close()
End Sub

'Initialize the sql command object
Public Sub initCMD()
With comDB
.Connection = connDB
.CommandType = CommandType.Text
.CommandTimeout = 0
End With
End Sub

Public Sub execComDB(ByVal PstrSQL As String)
With comDB
.CommandText = PstrSQL
.ExecuteNonQuery()
End With
End Sub
End Module

[/spoiler]

then, we will make the ChkUser which deals with validating and logging the user into the system.

[spoiler title=”ChkUser.vb” open=”0″ style=”1″] Public Class ChkUser
Public Shared Type As String
Public Shared ID As Integer

Public Shared Function TryLogin(ByVal user As String, ByVal pass As String) As Boolean
If Login(user, pass) Then
Type = GetUserType(user) 'either admin or user
Return True
Else
Type = GetUserType(user) 'must be an empty string
Return False
End If
Return False
End Function

'this function will try to login into the system by verifying the username and password (only used in this class)
Public Shared Function Login(ByVal user As String, ByVal pass As String) As Boolean
Dim count As Int32
SQL = "select * from login where username ='" & user & "'"
With comDB
.CommandText = SQL
rdDB = .ExecuteReader
End With
Do While rdDB.Read
If (rdDB!password.ToString() = pass) Then
ID = rdDB!id.ToString()
count += 1
End If
Loop
rdDB.Close()
If count = 1 Then
Return True
Else
Return False
End If
End Function

Public Shared Function GetUserType(ByVal user As String) As String
Dim usertype As String = ""
SQL = "select top 1 usertype from login where username ='" & user & "'"
With comDB
.CommandText = SQL
rdDB = .ExecuteReader
End With
Do While rdDB.Read
usertype = rdDB!usertype.ToString()
Loop
rdDB.Close()
If (Not String.IsNullOrEmpty(usertype)) Then
Return usertype
Else
Return ""
End If
End Function
'this function is useful when you want to check if user is already registered
Public Shared Function Find(ByVal user As String) As Boolean
Dim count As Int32
SQL = "select * from login where username ='" & user & "'"
With comDB
.CommandText = SQL
rdDB = .ExecuteReader
End With
Do While rdDB.Read
count += 1
Loop
rdDB.Close()
If count = 1 Then
Return True
Else
Return False
End If
End Function
End Class

[/spoiler]

and the rest since i am very lazy right now, just copy all the code from the file i attached below.
basically, you only need to include some basic register, login and logout page.
then you make sure your Master page is all set up with code behind which handle all the user validation process.
oh by the way, i use cookies to retain the username and password in plain form. so if you are interested, you can continue to hash the password using message digest like SHA1 or MD5. usually i will use MD5 because my database is mostly using varchar(32).
please check out the master page as i am too lazy to explain. just check the comment i put it in.

[download]

This entry was posted in tutorial. Bookmark the permalink.

Comments are closed.