login in aspx

[Abraham]

in my sql server database i have a table with the
following fields;
email
username
password
secret_Questin

i have connected this table to ASP.net...
So can anyone give me the code of creating .aspx page
(aspx.vb) that will require a user to enter password and
user name, forgot password and sign up for new user.
i need the "username" to be the email address...
and if the user forgot the password it will ask him to
enter his email and the email will aoutomatically sent to
user's address
in brief i need the log in screen and forgot password as
the same an in the below website

For login:>>
http://www.asp.net/Forums/default.aspx?
tabindex=1&tabid=39

For creating new account>>
http://www.asp.net/Forums/User/CreateUser.aspx?tabindex=1

For forgeting password>>
http://www.asp.net/Forums/User/EmailForgottenPassword.aspx?
tabindex=1

i am not expert in ASP.Net....so would u plz send me the
code of my request..
my email is (e-mail address removed)

 

[Soni]

hi abraham ..
everybody has to start somewhere .. and its good that u started ..
it would be very easy to send u the code .. but could u try it first
...? that way from a beginner u'll learn a lot more ...
i'm not sure if u have any previous web development experience .. but
i'll still tell u how to go about it ..
Login :
Create the form and drag and drop 2 texboxes and a button and a label.
double click on the button and go to the code behind page.
here import the system.data.sqlclient class.
in the button_click event .. create a db connection and run a simple
sql command that will fetch u any records with that userid and
password.use the datareader to execute the command.
if no record exists then give assign an error message to the label.
if u do this .. u can easliy create the create account form.. concept
is the same ..
for validation chk the sdk on how to use validation controls ..
ur forgot password requires u to use the webmail class i think .. u
can find enough help in teh sdk or in msdn ..
try it .. if u still have any difficulties .. let us know and we'll
help u out ..
good day ..

 

[Michael Giagnocavo [MVP]]

Have you looked at http://www.asp.net/Tutorials/quickstart.aspx?
Especially the ASP.NET Web Forms and Security part?

One issue is that you should make sure that you are not storing the
password itself, but instead a hash of the password. This is for
security -- what happens if someone steals your database? They get
everyone's password, which A) may be the same on other systems and B)
they can login without anyone noticing that the password has been
compromised.

Here is a hashing function that uses the username as a salt:

Imports System
Imports System.Security.Cryptography

Public Shared Function HashPassword(username as string, password as
string) As String
Dim combined as string = username.ToUpper() + password 'Username
is case-insensitive
Dim data as Byte() =
System.Text.Encoding.Unicode.GetBytes(combined)
Dim myMD5 as MD5 = MD5.Create()
Dim output as Byte() = myMD5.ComputeHash(data)
myMD5.Dispose()
Return Convert.ToBase64String(output)
End Function

The result is a 24 character string, that you can store in the
database.

-mike
MVP

 

[Abraham S]

i would like to thank you alot Michael Giagnocavo
i really appreciate your help.
i will try to do it

Mr.Abraham S
Cyber_Man
(e-mail address removed)

 

[Abraham S]

thanks alot Soni, i really appreciate your help

Mr.Abraham S
Cyber_Man
(e-mail address removed)