1

Hello so i wanna check on data base is user already logged in then if hes logged stop login in here is sample of my code thx for help.

protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
    {
        String name = ((Login)LoginView1.FindControl("Login1")).UserName;
        SqlConnection source_db = new SqlConnection();
        source_db.ConnectionString = ConfigurationManager.ConnectionStrings["source"].ConnectionString;//konfiguracja polaczenia z web.cfg 
        SqlCommand sql_polecenie3 = new SqlCommand("select Status from  aspnet_Users where UserName='" + name + "';", source_db);
        try
        {
            source_db.Open();//otwiera polaczenie
            if ((int)sql_polecenie3.ExecuteScalar() == 1)
            {
                Label1.Visible = true;
            }
            else
            {
                Label1.Visible = false;
            }
            source_db.Close();//zamyka polaczenie
        }
        catch (Exception)
        {
            source_db.Close();//zamyka polaczenie
        }
    }
Simon MᶜKenzie
  • 8,344
  • 13
  • 50
  • 77
vivid
  • 1,115
  • 2
  • 14
  • 34
  • You only want to check if the user **exists in the database (validate user credentials against the database)**? – Jupaol Aug 21 '12 at 10:14
  • Possible Duplicate: http://stackoverflow.com/questions/2599118/in-asp-net-site-how-to-prevent-multiple-logins-of-same-user-id – MaxDataSol Aug 21 '12 at 10:25
  • No that's working fine just need to break logging in of Login control. – vivid Aug 21 '12 at 10:33
  • @Alex - Your question is not clear. You should already be using a control that hides/reveals content based on their user profile status. – Security Hound Aug 21 '12 at 11:01
  • I believe he wants what I also want. That's a way to take a username or id and checking if that person is already logged in ie another machine. and prevent them from being logged in on both at once – Tony Cobb Jun 18 '19 at 21:47

3 Answers3

2

Alex, I would never use your code... you're doing several things wrong, and most important, anyone can delete your entire database from what you're just showed.

first things first...

  • you should always have your Database Access (database code) in a different project (normally a Library Project - DLL) - see my answer on this.
  • you should always dispose your object, in your case, you are safe to use the using keyword in both SqlConnection as well your SqlCommand.
  • you should always use sql variables and never create a SQL query directly from appending code, unless you're sure that you are sanitizing your input.

Regarding your answer it self, if you add e.Cancel = true; this will tell the Action that you have customized the response and you do not want the object to proceed with the automatic response.

Community
  • 1
  • 1
balexandre
  • 73,608
  • 45
  • 233
  • 342
  • still, it's always a good practice and you learn something new, plus you can stand out from your collegues ;) – balexandre Aug 21 '12 at 11:25
1

The Login control provides an event Authenticate for this purpose.
If you want to do some custom checks and deny a login on that basis, you should use the authenticate event.

<asp:Login id="Login1" runat="server"
                OnAuthenticate="OnAuthenticate">
            </asp:Login>



private void OnAuthenticate(object sender, AuthenticateEventArgs e)
{
    bool Authenticated = false;
    Authenticated = SiteSpecificAuthenticationMethod(Login1.UserName, Login1.Password);

    e.Authenticated = Authenticated;
}
nunespascal
  • 17,584
  • 2
  • 43
  • 46
0

The answer is to add e.Cancel = true or false depends when we wanna to cancel the logging in.

vivid
  • 1,115
  • 2
  • 14
  • 34