Hi micah,
Refer the below sample.
HTML
Login.aspx
<asp:Login ID="LoginINNOVATION" runat="server" OnAuthenticate="ValidateUser">
</asp:Login>
Home.aspx
<div>
Welcome
<asp:LoginName ID="LoginName1" runat="server" Font-Bold="true" />
<br />
<br />
<asp:Label ID="lblLastLoginDate" runat="server" />
<asp:LoginStatus ID="LoginStatus1" runat="server" />
</div>
Code
Login.aspx.cs
protected void ValidateUser(object sender, EventArgs e)
{
string userName;
string constr = ConfigurationManager.ConnectionStrings["conn"].ConnectionString;
using (SqlConnection con = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand("ValidateUser"))
{
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@UserName", LoginINNOVATION.UserName);
cmd.Parameters.AddWithValue("@Password", Encrypt(LoginINNOVATION.Password));
cmd.Connection = con;
con.Open();
userName = Convert.ToString(cmd.ExecuteScalar());
con.Close();
}
if (!string.IsNullOrEmpty(userName) && userName != "-1" && userName != "-2")
{
FormsAuthentication.RedirectFromLoginPage(LoginINNOVATION.UserName, LoginINNOVATION.RememberMeSet);
Session["userName"] = userName;
}
else
{
switch (Convert.ToInt32(userName))
{
case -1:
LoginINNOVATION.FailureText = "Username or password not correct.";
break;
case -2:
LoginINNOVATION.FailureText = "Account has not been activated.";
break;
}
}
}
}
private string Encrypt(string clearText)
{
string EncryptionKey = "MAKV2SPBNI99212";
byte[] clearBytes = System.Text.Encoding.Unicode.GetBytes(clearText);
using (System.Security.Cryptography.Aes encryptor = System.Security.Cryptography.Aes.Create())
{
System.Security.Cryptography.Rfc2898DeriveBytes pdb =
new System.Security.Cryptography.Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (System.IO.MemoryStream ms = new System.IO.MemoryStream())
{
using (System.Security.Cryptography.CryptoStream cs =
new System.Security.Cryptography.CryptoStream(ms, encryptor.CreateEncryptor(), System.Security.Cryptography.CryptoStreamMode.Write))
{
cs.Write(clearBytes, 0, clearBytes.Length);
cs.Close();
}
clearText = Convert.ToBase64String(ms.ToArray());
}
}
return clearText;
}
Home.aspx.cs
protected void Page_Load(object sender, EventArgs e)
{
if (!this.Page.User.Identity.IsAuthenticated)
{
FormsAuthentication.RedirectToLoginPage();
}
}
Web.config
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="conn" connectionString="Data Source=.;Initial Catalog=test;user id=sa;password=password;"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Forms">
<forms defaultUrl="~/Home.aspx" loginUrl="~/Login.aspx" slidingExpiration="true" timeout="2880"></forms>
</authentication>
</system.web>
</configuration>
SQL
CREATE PROCEDURE [dbo].[ValidateUser]
@UserName NVARCHAR(20),
@Password NVARCHAR(MAX)
AS
BEGIN
SET NOCOUNT ON;
DECLARE @UserId INT
SELECT @UserId = ID
FROM User3
WHERE UserName = @UserName AND [Password] = @Password
IF @UserId IS NOT NULL
BEGIN
IF NOT EXISTS(SELECT UserId FROM UserActivation WHERE UserId = @UserId)
BEGIN
SELECT Username FROM User3 WHERE ID = @UserId
END
ELSE
BEGIN
SELECT -2 -- User not activated.
END
END
ELSE
BEGIN
SELECT -1 -- User invalid.
END
END
Table Data
Data After Registration
After registration data saved in encrypted format like below.
UserName |
Encrypted String |
Password |
john3h |
mx27XyO/urE7nlwVfhrODw== |
ixgxg |
efefe |
AcoRaeSW6Sw+B5scRRy6qWUbQeS02pXpJyqW57QW908= |
qwqwqweqwe |
can |
RJ4HQBP8uKj2qWt9r9J81w== |
ingfhfg |
Output