Problem in authentication using asp.net for a webpage

[NITIN MUNJAL]

I am trying to implement a simple way to authenticate users before
entering my webpage. I have two textboxes one each for username and
password. On the button click I call the function authenticate() which
is written below. It queries to an access database db.mdb which has 3
fields id, usernames and passwords. However this doesnt seem to work as
I seem to get an exception always on the line maked by *** and the
print statement in the catch statement is executed each time. Could
someone help me out on this please as to where am I going wrong?

//Code Snippet

public void authenticate()
{
int i=0;
string StrConn=@"Provider=Microsoft.Jet.OLEDB.4.0 ;Data
Source=" + Server.MapPath("/db.mdb");
OleDbConnection myConn=new OleDbConnection(StrConn);
string strCon="SELECT * FROM authenticate WHERE
uname="+UserName.Text;
OleDbCommand oledbcomm = new OleDbCommand(strCon, myConn) ;
myConn.Open();
try{
**** OleDbDataReader reader = oledbcomm.ExecuteReader();
reader.Read();
string pass=reader.GetString(2);
if(pass==UserPass.Text)
{
i=reader.GetInt32(0);
reader.Close();
myConn.Close();
if(i==0)
Msg.Text = "Invalid Credentials: Please try again";
else
Response.Redirect("default.aspx");
}
else
{
reader.Close();
myConn.Close();
Msg.Text="Username and password do not match. (You
provided "+UserName.Text+")";
}
}
catch (System.Data.OleDb.OleDbException e){Msg.Text="Usernaword do
not match. (You provided "+UserName.Text+")";}
}



TIA


Nitin

 

[Marina]

Why would an exception being thrown reading from the database being
indicative of password and username not matching? That just means an error
occurred.

There are 2 things wrong with your sql statement:
1. You aren't actually checking the password - which presumably you want to
do, given your error message
2. More importantly, you are not building valid SQL. String constants in a
SQL statement must be surrounded by single quotes. You are not doing this.

Lastly, when you post a question on a newsgroup, never say 'it did not
work', or 'there was an error'. You must always include the error message
to help the people trying to help you.

Did you think to try running your sql statement against the database outside
of the .NET application to make sure that works? Did you try debugging this
page?

I don't think you really needed us for this, you could have just done the
above and found the problems yourself.

 

[NITIN MUNJAL]

source:
<script runat="server">

void LoginBtn_Click(Object sender, EventArgs e)
{
if (Page.IsValid)
{
authenticate();
}
}

public void authenticate()
{
int i=0;
string StrConn=@"Provider=Microsoft.Jet.OLEDB.4.0 ;Data
Source=" + Server.MapPath("/db.mdb");
OleDbConnection myConn=new OleDbConnection(StrConn);
string strCon="SELECT * FROM authenticate WHERE
uname="+UserName.Text;
OleDbCommand oledbcomm = new OleDbCommand(strCon, myConn) ;
myConn.Open();
OleDbDataReader reader = oledbcomm.ExecuteReader();
reader.Read();
string pass=reader.GetString(2);
if(pass==UserPass.Text)
{
i=reader.GetInt32(0);
reader.Close();
myConn.Close();
if(i==0)
Msg.Text = "Invalid Credentials: Please try again";
else
Response.Redirect("default.aspx");
}
else
{
reader.Close();
myConn.Close();
Msg.Text="Username and password do not match. (You
provided "+UserName.Text+")";
}
}


</script>



error details:
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.

Exception Details: System.Data.OleDb.OleDbException: No value given for
one or more required parameters.

Source Error: Line 23: OleDbDataReader reader =
oledbcomm.ExecuteReader();


my db.mdb file has the table authenticate with ID(int), uname(text),
passwd(text) as the fields.
also note that ""(double quotes is working in other pages)
thank you