locked
username and password in vb.net

    Question

  •  can someone help me to do this?

    i will create a registration for my vb 2005 application.in this module I will ask the user to enter their desired username and password as their user account. How will I use the username and password they've entered so that they can have an access in my system?

    please help me with this...


    thank you so much...
    Sunday, August 24, 2008 3:29 PM

Answers

  • Hi,
    You should first store the usernames and passwords in a database, .ini file,
    registry or any other way you want

    When a new user enter to your system, he will be asked to create an account
    by entering his username and password then you store these enteries in your
    store file.

    When an existing user enter to your system, he will be asked to enter his
    log-in information (username, password)
    After he enter his  enteries, you should validate this account's existance in your database and if you found this account you should allow him to enter
    your system else you should notify him that his account not exist.

    For example, Using Database as a storage media:
    To save a new account:
    Insert Into Users(UserId, Username, Password) Values (1, "GHOST2010", "123456")

    To check account existance:
    Dim cmd As New SqlCommand("Select Password From Users Where Username = '" & txtUserName.Text & "'", yourConnection)
    Dim pwd As Object = cmd.ExecuteScalar()
    If IsDbNull(pwd) OrElse IsNothing(pwd) Then
    pwd = ""
    End If

    If pwd <> txtPassword.Text Then
    MsgBox "Invalid Password!"
    Else
    myMainForm.Show()
    End If

    This is a very simple example, Of course you will need to encrypt the password on save and decrypt on read. Also you need to protect your storage file from being modified by the user.
    • Edited by GHOST2010 Monday, August 25, 2008 4:48 AM code
    • Marked as answer by Xingwei Hu Wednesday, August 27, 2008 8:11 AM
    Monday, August 25, 2008 4:38 AM

All replies

  • Hi,
    You should first store the usernames and passwords in a database, .ini file,
    registry or any other way you want

    When a new user enter to your system, he will be asked to create an account
    by entering his username and password then you store these enteries in your
    store file.

    When an existing user enter to your system, he will be asked to enter his
    log-in information (username, password)
    After he enter his  enteries, you should validate this account's existance in your database and if you found this account you should allow him to enter
    your system else you should notify him that his account not exist.

    For example, Using Database as a storage media:
    To save a new account:
    Insert Into Users(UserId, Username, Password) Values (1, "GHOST2010", "123456")

    To check account existance:
    Dim cmd As New SqlCommand("Select Password From Users Where Username = '" & txtUserName.Text & "'", yourConnection)
    Dim pwd As Object = cmd.ExecuteScalar()
    If IsDbNull(pwd) OrElse IsNothing(pwd) Then
    pwd = ""
    End If

    If pwd <> txtPassword.Text Then
    MsgBox "Invalid Password!"
    Else
    myMainForm.Show()
    End If

    This is a very simple example, Of course you will need to encrypt the password on save and decrypt on read. Also you need to protect your storage file from being modified by the user.
    • Edited by GHOST2010 Monday, August 25, 2008 4:48 AM code
    • Marked as answer by Xingwei Hu Wednesday, August 27, 2008 8:11 AM
    Monday, August 25, 2008 4:38 AM
  • thank you so much for that information..i've done it and it helps me alot..


    do you know how to print a page in vb.net? bcoz what i will do is a voting system.. this will provide a paper trail that would serve as a copy of the vote that the voter has entered..


    how will I connect the application to the printer so that I can print the voter's vote?


    thank you in advance...
    Friday, August 29, 2008 1:25 PM
  • Passwords:

    1. There is never any need to decrypt a password.

    2. Never transmit a password as plain text.

    3. Never store a password as plain text.

    If you do, then anyone who has access to your storage mechanism also has potential access to your users bank accounts, credit cards, etc.

    Perform a one-way hash on the password as soon as it's entered and store that hash. A Password can never be recovered/guessed from a hash.

    Stephen J Whiteley
    Friday, August 29, 2008 2:31 PM
    Moderator