Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Programming
 How do write a good AUTH scrIpt? {NOT RESOLVED}

Author  Topic 

sqlontherun101
Starting Member

16 Posts
Posted - 2009-10-24 : 13:32:18
hi,

I have written this stored procedure (SP) to validate user login.
The script should first find for any rows for a combinaiton of Username and password then if the row exist them it should return First and Last anmes of the user and PRowsAffected. If the user doesnt exist it shold return the value in "PRowsAffected"

However, in my script there is problem at teh "End"...

could you please find the problem in it?

Sorry i forgot to include my SP in prior post: 


CREATE PROCEDURE ProcValidateUser 
	@PUser AS NVARCHAR(30), 
	@PPassword AS NVARCHAR(30), 
	@PFirstName AS NVARCHAR(50) OUTPUT, 
	@PLastName AS NVARCHAR(50) OUTPUT, 
	@PRowsAffected AS INT OUTPUT	
AS
BEGIN	
	SELECT 
	COUNT(*) AS PRowsAffected
	FROM tblUsers 
	where UserName = @PUser 
	AND 
	Password = @PPassword

	IF PRowsAffected > 0 
		SELECT 
		FirstName AS PFirstName, 
		LastName AS PLastName, 
		PRowsAffected 
		FROM 
		tblUsers 
		WHERE UserName = @PUser AND Password = @PPassword;
	ELSE		
		return PRowsAffected;
	END IF
END
GO

This is to validate  a user login from a ASP .NET page!
TY






TY

afrika
Master Smack Fu Yak Hacker

2706 Posts
Posted - 2009-10-24 : 15:50:03
what frontend are you using classic ASP or .net
if its .net you dont need a SP validate it.

2ndly can you paste your script here
Go to Top of Page

afrika
Master Smack Fu Yak Hacker

2706 Posts
Posted - 2009-10-26 : 06:39:26
quote:

This is to validate a user login from a ASP .NET page!



To validate a .net login you dont need all that, simply use



Membership.ValidateUser(Login1.UserName, Login1.Password);
Go to Top of Page

afrika
Master Smack Fu Yak Hacker

2706 Posts
Posted - 2009-10-26 : 09:42:37
Your approach is very wrong.

Since you are using .net its best to use .net memberhip and validate via .net validation controls

Bear in mind, passwords in .net memberships are encrypted so you cant compare it via Tsql
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site