Imports System.Web.Security ' ||||| Required Class for Authentication Imports System.Data ' ||||| DB Accessing Import Imports System.Data.Sqlclient ' |||||| SQL Database Required Import! Imports System.Data.OleDb Imports System.Configuration ' |||||| Required for Web.Config appSettings ||||| Partial Class Login Inherits System.Web.UI.Page Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load ' ||||| Put user code to initialize the page here End Sub Private Sub cmdSubmit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdSubmit.Click If Page.IsValid Then ' ||||| Connect to Database for User Validation ||||| If DBConnection(txtUserName.Text, txtPassword.Text) Then FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, False) ' ||||| default.aspx Page! Else ' ||||| Credentials are Invalid lblMessage.Text = "Invalid Login!" End If End If End Sub Private Function DBConnection(ByVal UserName As String, ByVal Password As String) As Boolean ' ||||| Declare Required Variables ' ||||| Access appSettings of Web.Config for Connection String (Constant) Dim LoginSQL As String Dim MyConn As Data.SqlClient.SqlConnection = New Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("strConn").ToString) ' ||||| Pass in Stored procedure ' ||||| Set CommandType to Stored Procedure Dim MyCmd As New SqlCommand("sp_ValidateLogin", MyConn) MyCmd.CommandType = CommandType.StoredProcedure ' ||||| Create Parameter Objects for values passed in Dim objParam1, objParam2 As SqlParameter Dim objParam3, objParam4 As New SqlParameter ' ||||| Add the parameters to the parameters collection of the ' ||||| command object, and set their datatypes (OleDbType in this case) objParam1 = MyCmd.Parameters.Add("@user", SqlDbType.NVarChar, 255) objParam2 = MyCmd.Parameters.Add("@pass", SqlDbType.NVarChar, 50) objParam3 = MyCmd.Parameters.Add("@folder", SqlDbType.NVarChar, 50) objParam4 = MyCmd.Parameters.Add("@admin", SqlDbType.NVarChar, 50) objParam1.Direction = ParameterDirection.Input objParam2.Direction = ParameterDirection.Input objParam3.Direction = ParameterDirection.Output objParam4.Direction = ParameterDirection.Output objParam1.SqlValue = txtUserName.Text.ToString objParam2.SqlValue = txtPassword.Text.ToString ' ||||| Set the value(s) of the parameters to the respective source controls ' ||||| Try, catch block! Try ' ||||| Check if Connection to DB is already open, if not, then open a connection If MyConn.State = ConnectionState.Closed Then ' ||||| DB not already Open...so open it MyConn.Open() End If ' ||||| Create OleDb Data Reader Dim objReader As SqlDataReader objReader = MyCmd.ExecuteReader(CommandBehavior.Default) ' ||||| Close the Reader and the Connection Closes with it While objReader.Read() If Len(Trim(CStr(objReader.GetValue(0)))) = 0 Then lblMessage.Text = "Invalid Login!" Else Session("Loggedin") = "Yes" Session("Folder") = Trim(CStr(objReader.GetValue(0))) Session("Admin") = Trim(CStr(objReader.GetValue(1))) objReader.Close() ' ||||| Close the Connections & Reader Return True End If End While Catch ex As Exception lblMessage.Text = "Error Connecting to Database!" End Try End Function End Class