M
mo
The code I've pasted below is taken directly from Microsoft's site at
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308157
As far as I can tell the error is raised on this line:
conn = New SqlConnection("server=MyServer;Integrated
Security=SSPI;database=pubs")
If I use the code as is, I get the error above. The code only works if I
hardcode the username and pwd into it as in the following line:
conn = New SqlConnection("server=MyServer;uid=**;pwd=*******;database=pubs")
and have removed the reference to SSPI.
I assumed the whole point of this was so that you didn't have to hardcode
usernames and passwords, but could authenticate directly against a SQL
Server DB? Is there something obvious that I'm doing wrong?
Thanks for any help.
P.S. The pubs db holds a table called 'users' which has all the user
cretendials as per the instructions on the webpage.
--------------------------------
Code:
Private Function ValidateUser(ByVal userName As String, ByVal passWord As
String) As Boolean
Dim conn As SqlConnection
Dim cmd As SqlCommand
Dim lookupPassword As String
lookupPassword = Nothing
' Check for an invalid userName.
' userName must not be set to nothing and must be between one and 15
characters.
If ((userName Is Nothing)) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of
userName failed.")
Return False
End If
If ((userName.Length = 0) Or (userName.Length > 15)) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of
userName failed.")
Return False
End If
' Check for invalid passWord.
' passWord must not be set to nothing and must be between one and 25
characters.
If (passWord Is Nothing) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of
passWord failed.")
Return False
End If
If ((passWord.Length = 0) Or (passWord.Length > 25)) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of
passWord failed.")
Return False
End If
Try
' Consult with your SQL Server administrator for an appropriate connection
' string to use to connect to your local SQL Server.
'conn = New
SqlConnection("server=QMWIPMRM3;uid=sa;pwd=sys_admin;database=pubs")
conn = New SqlConnection("server=QMWIPMRM3;Integrated
Security=SSPI;database=pubs")
conn.Open()
' Create SqlCommand to select pwd field from the users table given a
supplied userName.
cmd = New SqlCommand("Select pwd from users where uname=@userName", conn)
cmd.Parameters.Add("@username", SqlDbType.VarChar, 25)
cmd.Parameters("@username").Value = userName
' Execute command and fetch pwd field into lookupPassword string.
lookupPassword = cmd.ExecuteScalar()
' Cleanup command and connection objects.
cmd.Dispose()
conn.Dispose()
Catch ex As Exception
' Add error handling here for debugging.
' This error message should not be sent back to the caller.
System.Diagnostics.Trace.WriteLine("[ValidateUser] Exception " & ex.Message)
End Try
' If no password found, return false.
If (lookupPassword Is Nothing) Then
' You could write failed login attempts here to the event log for additional
security.
Return False
End If
' Compare lookupPassword and input passWord by using a case-sensitive
comparison.
Return (String.Compare(lookupPassword, passWord, False) = 0)
End Function
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308157
As far as I can tell the error is raised on this line:
conn = New SqlConnection("server=MyServer;Integrated
Security=SSPI;database=pubs")
If I use the code as is, I get the error above. The code only works if I
hardcode the username and pwd into it as in the following line:
conn = New SqlConnection("server=MyServer;uid=**;pwd=*******;database=pubs")
and have removed the reference to SSPI.
I assumed the whole point of this was so that you didn't have to hardcode
usernames and passwords, but could authenticate directly against a SQL
Server DB? Is there something obvious that I'm doing wrong?
Thanks for any help.
P.S. The pubs db holds a table called 'users' which has all the user
cretendials as per the instructions on the webpage.
--------------------------------
Code:
Private Function ValidateUser(ByVal userName As String, ByVal passWord As
String) As Boolean
Dim conn As SqlConnection
Dim cmd As SqlCommand
Dim lookupPassword As String
lookupPassword = Nothing
' Check for an invalid userName.
' userName must not be set to nothing and must be between one and 15
characters.
If ((userName Is Nothing)) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of
userName failed.")
Return False
End If
If ((userName.Length = 0) Or (userName.Length > 15)) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of
userName failed.")
Return False
End If
' Check for invalid passWord.
' passWord must not be set to nothing and must be between one and 25
characters.
If (passWord Is Nothing) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of
passWord failed.")
Return False
End If
If ((passWord.Length = 0) Or (passWord.Length > 25)) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of
passWord failed.")
Return False
End If
Try
' Consult with your SQL Server administrator for an appropriate connection
' string to use to connect to your local SQL Server.
'conn = New
SqlConnection("server=QMWIPMRM3;uid=sa;pwd=sys_admin;database=pubs")
conn = New SqlConnection("server=QMWIPMRM3;Integrated
Security=SSPI;database=pubs")
conn.Open()
' Create SqlCommand to select pwd field from the users table given a
supplied userName.
cmd = New SqlCommand("Select pwd from users where uname=@userName", conn)
cmd.Parameters.Add("@username", SqlDbType.VarChar, 25)
cmd.Parameters("@username").Value = userName
' Execute command and fetch pwd field into lookupPassword string.
lookupPassword = cmd.ExecuteScalar()
' Cleanup command and connection objects.
cmd.Dispose()
conn.Dispose()
Catch ex As Exception
' Add error handling here for debugging.
' This error message should not be sent back to the caller.
System.Diagnostics.Trace.WriteLine("[ValidateUser] Exception " & ex.Message)
End Try
' If no password found, return false.
If (lookupPassword Is Nothing) Then
' You could write failed login attempts here to the event log for additional
security.
Return False
End If
' Compare lookupPassword and input passWord by using a case-sensitive
comparison.
Return (String.Compare(lookupPassword, passWord, False) = 0)
End Function