Dot Net Sea: security in web using dictionary...

take two text box one for userid and and another for password

and do the following code on default.aspx page:

using System;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using SECURE1;

public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}

string tablename = "emp2";
protected void Button1_Click(object sender, EventArgs e)
{
SECURE1.WebAuthentication obj = SECURE1.WebAuthentication.checkLogin(tablename, TextBox1.Text, TextBox2.Text);
if (obj == null)
{
Response.Write("invalid user id and password");

}
else
{
Session["xx"] = Session.SessionID;

SECURE1.webSession.startSession(Session.SessionID, obj);
Response.Redirect("Default2.aspx");
}

}
}

-----------------------------
and add a class

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
namespace SECURE1
{

public class WebAuthentication
{

string _UserName, _Role;

public string Role
{
get { return _Role; }

}

public string UserName
{
get { return _UserName; }

}
public WebAuthentication(string userName, string role)
{
_UserName = userName;
_Role = role;
}

public static WebAuthentication checkLogin(string tableName, string userName, string password)
{
SqlConnection con = new SqlConnection("database=master;data source=ANONYMOUS\\SQLEXPRESS;integrated security=true;");
con.Open();
SqlCommand cmd = new SqlCommand("select * from " + tableName + " where Name='" + userName + "' and Password='" + password + "'", con);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
return new WebAuthentication(userName, dr[3].ToString());

}
else
{
return null;

}
}
}
public class webSession
{
static Dictionary<string, WebAuthentication> _Users = new Dictionary<string, WebAuthentication>();
public static void startSession(string sessionId, WebAuthentication user)
{
if (!_Users.ContainsKey(sessionId))
{
_Users.Add(sessionId, user);
}
}
public static WebAuthentication validateSession(string sessionId)
{
if (_Users.ContainsKey(sessionId))
{
return _Users[sessionId];
}
else
{
return null;
}
}
public static void endSession(string sessionId)
{
if (_Users.ContainsKey(sessionId))
{
_Users.Remove(sessionId);
}
}
}
}

--------------------------------

take default2.aspx

and take one button for sign out..

and do following code..........

using System;

using System.Collections;

using System.Configuration;

using System.Data;

using System.Linq;

using System.Web;

using System.Web.Security;

using System.Web.UI;

using System.Web.UI.HtmlControls;

using System.Web.UI.WebControls;

using System.Web.UI.WebControls.WebParts;

using System.Xml.Linq;

using SECURE1;

public partial class Default2 : System.Web.UI.Page

{

protected void Page_Load(object sender, EventArgs e)

{

if (SECURE1.webSession.validateSession(Session["xx"].ToString()) == null)

{

Response.Redirect("Default.aspx");

}

protected void Button1_Click(object sender, EventArgs e)

{

Response.Redirect("default3.aspx");

}

---------------------------

and take user control for sign out from every page...

and do the following code...

public partial class WebUserControl : System.Web.UI.UserControl

{

protected void Page_Load(object sender, EventArgs e)

{

}

protected void Button1_Click(object sender, EventArgs e)

{

SECURE1.webSession.endSession(Session.SessionID);

Response.Redirect("Default.aspx");

}

Dot Net Sea

Monday, 8 October 2012

security in web using dictionary...

No comments:

Post a Comment