Losec Losec - 11 months ago 72
ASP.NET (C#) Question

asp.net website SQL connection

i'm having problems getting my ASP.NET site to log me in using SQL, here is some code (Login.ASPX.CS);

private bool ValidateCredentials(string userName, string password)
bool returnValue = false;

if (this.IsAlphaNumeric(userName) && userName.Length <= 50 && password.Length <= 50)
SqlConnection conn = null;

string sql = "select count(*) from dbo.Users where UserName = '@username' and password = '@password'";

conn = new SqlConnection(ConfigurationManager.ConnectionStrings["MembershipSiteConStr"].ConnectionString);
SqlCommand cmd = new SqlCommand(sql, conn);

SqlParameter user = new SqlParameter();
user.ParameterName = "@username";
user.Value = userName.Trim();

SqlParameter pass = new SqlParameter();
pass.ParameterName = "@password";
pass.Value = Hasher.HashString(password.Trim());


int count = (int)cmd.ExecuteScalar();

if (count > 0) returnValue = true;

Here is my web.config connectionstring

<add name="MembershipSiteConStr" connectionString="Data Source=dev-pc\;Initial Catalog=MembershipSite;User ID=test;Password=test" />

i've tested this SQL connection using server explorer and SQL managment and it all works.

here are some SP of what's going on;

enter image description here

here is evidence that the user and pass im putting in should work;
The user is there:

enter image description here

that the SQL query works:

enter image description here

Answer Source

Change code of Adding Password Parameter as follow

 SqlParameter pass = new SqlParameter();
 pass.ParameterName = "@password";
 //pass.Value = Hasher.HashString(password.Trim());
 pass.Value = password.Trim();