How to make a login page in ASP .NET C#

In this post, I will teach you guys about making a simple login using common page controls. First of all, you need two textboxes, one for username and another for password. I’ll call them usernameTextBox and passwordTextBox for this example. Drag down a button and call it loginButton. Now, in the OnClick event of loginButton, you need to check if the provided combination of username and password is correct or not. You can only do this if you have username and passwords stored somewhere. It is recommended to use a database to do this. Create a AccountDetails table in your database. The table should have username and password fields, both as text (VARCHAR for SQL). The way login is going to work is that you select records from AccountDetails table who have the provided username and password. This query should return one row if the combination matches. If not, then it should return nothing. Here’s the query you need to pass:

string query = "SELECT * FROM AccountDetails WHERE username='"+usernameTextBox.Text + "' AND pass='" + passwordTextBox.Text + "'";
Supply this query to the command object. This can be OleDbCommand or SqlCommand depending on your type of database. Invoke the ExecuteReader method of the command object and then check if the Read method of the DataReader object returns true. If it does then this means that the login is successful. If not, then login is invalid. Here’s a sample code.

string connectionString = "...";
OleDbConnection conn = new OleDbConnection(connectionString);
conn.Open();
string queryString = "SELECT * FROM AccountDetails WHERE username='"+usernameTextBox.Text + "' AND pass='" + passwordTextBox.Text + "'";
OleDbCommand command = new OleDbCommand(queryString, conn);
OleDbDataReader reader = command.ExecuteReader();
if(reader.Read()){
//Login is successful.
}else{
//Login failed.
}
Thats it! Your ASP website should now have a wonderful login to allow geniune users. To extend its capabilities, store the username in a session and then in PageLoad event of rest of the pages which require login, check if the session contains something. If it is null, then the page should redirect to login page. Same if for log-out. In the PageLoad event of the login page, check if the session username contains something. If it does, then clear out the session and display some notification saying that the user has been logged out. Now, in your page, to which the user gets redirected after successful login, put a simple link to login.

Now, initially when user lands on the login page, the session username will be empty. However, on typing correct username and password, this session gets filled with the username of the logged user and he/she is redirected to some sort of dashboard page. When the user clicks on the log-out link, he/she gets redirected to the login page which first checks if there is anything in the session. Since the user has previously logged in, there will be a username inside that session. Login page clears it out and displays a message saying that the user has been logged out. I hope that was easy.

If you have any queries or doubts, feel free to comment below.
If you want to know how session works, click here to see my post on Sessions.

Using Sessions in ASP .NET

Well, believe it or not, Session is the most important thing when it comes to web design. I used to hate it but now I am a big fan of it. Trust me. You will like it once you get hang of it. So, in this post, I will be teaching you about using them. First of all, a session is like a small memory pit where you can store values. Values in session are lost once the browser closes. However, they stay the same even if you change the page or open new tab. Hence, sessions are used to pass values from one page to another.

You can store an object in session. It can be int, double, string or any other FooClass object that you have defined. This is the main benefit of it. However, when taking values back, you need to make sure that you cast them back to its same original form. Here’s how you store value in a session. Let me define some variables.

int i=2;
string s="Hello";
FooClass foo = new FooClass();

Now, I will store each of them in session. To store a value, you need to give a session name. This must be unique. You must remember this because you will have to use it to extract value out of session. Here’s how you do it:

Session["someIntegerVariable"] = i;
Session["someStringVariable"] = s;
Session["someFooClassObject"] = foo;

Now that I have all of them in the session, I will extract them. Remember, I can only extract variable ‘i’ from ‘someIntegerVariable’ session and not ‘someStringVariable’ session.

int newI = (int)Session["someIntegerVariable"];
string newS = (string)Session["someStringVariable"];
FooClass = (FooClass)Session["someFooClassObject"];

Since session stores object only, you will have to cast the object back to its original form. In the code above, I have casted the object stored in ‘someIntegerVariable’ session back to its original form which is int.

That’s basically how you use sessions. It is widely used in tracking pages and variety of other purposes, especially when you have to keep something consistent between pages.