Washington State University
Protecting your Website by Implementing Password Control – Featherman ?left13906500 7150100151511000703635972898000This program shows one quick and easy way to implement password control to protect your website. The content here is not the final implementation solution (which would require additional javascript code), but is a large step forward and certainly useful in the academic setting as you prepare your final project.The scenario is that we created a SQL Server database table with the schema on the right. We then added three registered users that can access our website content.The webpage shown on the left captures the userID and password from the program user in 2 textboxes, then we check if that combination of userID and password exists in our table of registered users. We use a parameterized SQL SELECT COUNT statement to count how many rows in the registered users table have the combination of userID and password. The SELECT COUNT(*) statement is run using a .executescalar method and assigning the results (0 or 1) to a local variable. If the number 0 is returned from the database query then the user is not in the table. It the number 1 is returned by the query then this means that the combination of userID and password is in the database table. If the number 1 is returned then the program tells the webserver to display a different webpage. The program user is redirected to the next web page in the series. The idea is to have a separate webpage that is for login only. This page is protecting the rest of your application which would conceivably reside on a different webserver behind a security system.Imports System.DataImports System.Data.SqlClientPartial Class LoginPage Inherits System.Web.UI.Page‘If you want to implement password access to your website, you would need to first create a ‘registeredUsers’ SQL database table with several approved people. Next you would add your connection string here that connects your webpage to your database.‘We want the program user to only have 3 attempts at typing in their password, so we use a global variable here that will get incremented each time the program user attempts login and fails (ie types the wrong password).Public Shared gintloopcounter As Integer = 0 Protected Sub Button1_Click(sender As Object, e As System.EventArgs) Handles Button1.Click 'Here we use the supplied login information to count the number of rows there are in the database table of registered users that match the login information (user ID and password). If zero rows are returned then the login is not valid. If 1 row was found in the registered users table, then the login information does match that of a registered user. If 1 row of information is found then move from the login page to another page - presumably the first page in your application.This next line is a SQLCommand that runs a SQL statement that counts the number of rows that have the values passed in by the two parameters (userID and password).Dim cmdCheckRegistrant As New SqlCommand("SELECT COUNT(*) from Registered_Users WHERE UserID = @p1 AND Password = @p2", con)This next variable will be used to receive the result of running the SELECT COUNT queryDim intRows As Integer = 0'if the user tried 3 times then they need to be locked out (0,1,2). You will need to find additional javascript code to freeze the webpage including locking the go back link. Here the screen controls are made invisible. If gintloopcounter = 2 Then Response.Write("System locked due to excessive attempts") Button1.Visible = False txtUserID.Visible = False txtPassword.Visible = False Exit Sub End If'The SQLCommand is parameterized so these next few lines take the values from the webpage controls and assign them to the parameters so that the values are passed into the SQL SELECT statement when the command is executed below using the .executescalar method. With cmdCheckRegistrant.Parameters .Clear() .AddWithValue("@p1", txtUserID.Text) .AddWithValue("@p2", txtPassword.Text) End With'Here we run the parameterized SQLCommand which returns one number that we assign to a local variable (intRows). If you are in the middle of your own programming and you realize you need to retrieve one value from the database (not a row of data) then use .executescalar. Try If con.State = ConnectionState.Closed Then con.Open() intRows = cmdCheckRegistrant.ExecuteScalar 'We check the number of rows (calculated from the SLECT COUNT(*)) to see if a row of data was found in the registered user table with the supplied userID and password. Below we increment the global counter variable if no registered user was found. If intRows = 0 Then gintloopcounter += 1 Response.Write("No Attendee with that UserID and Password " & gintloopcounter) txtUserID.Text = Nothing txtPassword.Text = Nothing End If 'if a user was found in the approved user table then navigate to another webpage and display that If intRows = 1 Then Response.Redirect("") Exit Sub52673255715000 End If Catch ex As Exception Response.Write(ex.Message) Finally con.Close() End Try End Sub#Region "Checking data entry to prevent duplicate data entry" Protected Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click Dim intNumber As Integer Dim CheckCustomerCommand As New SqlCommand("SELECT COUNT (*) FROM featherman.Customers WHERE CustomerName = @p1", con) With CheckCustomerCommand.Parameters .Clear() .AddWithValue("@p1", txtName.Text) End With Try If con.State = ConnectionState.Closed Then con.Open() intNumber = CheckCustomerCommand.ExecuteScalar Catch ex As Exception Response.Write(ex.Message) Finally con.Close() End Try If intNumber > 0 Then txtOutput.Text = "Customer already exists" Else txtOutput.Text = "Continue data entry" End If End Sub #End Region End Class ................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- setting up node red to transmit wzzard data to microsoft
- prolaborate user guides administrator guide
- connecting to munis from outside your district
- accessing your favorite database with sas and
- getting sas to play nice with others connecting sas to
- keep your database passwords out of the clear quick and
- connection strings in firebird 3 ibphoenix
- using md5 to encrypt passwords in a database
- eap and access control
- computer mathematics and the graphing calculator
Related searches
- washington state school report cards
- washington state department of lic
- ospi washington state report card
- workers compensation washington state rates
- washington state dept of lic
- washington state department of licensing
- washington state university bachelor degr
- washington state report card
- washington state university employee benefits
- washington state university baseball
- washington state university baseball roster
- washington state university baseball schedule