none
Login and password textboxes accept any information as true RRS feed

  • Question

  • When I enter login and password into proper textboxes, not only my true login and password, but any characters, MainWindow showed. But I need MainWindow showed only I've entered correct login and password

    using System;
    using System.Collections.Generic;
    using System.Data.SqlClient;
    using System.Linq;
    using System.Security;
    using System.Text;
    using System.Threading.Tasks;
    
    namespace Decompression
    {
        public class DatabaseUser
        {
            public string DoWork(string pUserName, string pPassword)
            {
                string connectionString = $"Data Source={serverName};" + $"Initial catalog={catalogName};";
                var securePassword = new SecureString();
    
                foreach (var character in pPassword)
                {
                    securePassword.AppendChar(character);
                }
                securePassword.MakeReadOnly();
                return "";
            }
            private string serverName;
            private string catalogName;
            public DatabaseUser(string serverName, string catalogName )
            {
                this.serverName = serverName;
                this.catalogName = catalogName;
            }
    
    
    
            public bool SqlCredentialLogin(string pUserName, string pPassword)
            {
                string connectionString = $"Data source={serverName};" +
               $"Initial catalog={catalogName};";
    
                var securePassword = new SecureString();
    
                foreach (var character in pPassword)
                {
                    securePassword.AppendChar(character);
                }
                securePassword.MakeReadOnly();
    
                var credentials = new SqlCredential(pUserName, securePassword);
                using (SqlConnection cn = new SqlConnection { ConnectionString = connectionString })
                {
                    try
                    {
                        cn.Credential = credentials;
                        cn.Open();
                        return true;
                    }
                    catch (Exception e)
                    {
                        return true;
                    }
    
                }
    
    
    
            }
        }
    }
    

    Friday, November 29, 2019 2:06 PM

Answers

  • Well, if you are doing your login by means of SqlCredentialLogin, you should be aware that it returns true both if it succeeds and if it fails (see the "return true" statement both in the try block and in the catch block). So it's no wonder that it grants login regardless of whether you enter the correct credentials or not. Your method always returns true.

    That said, you should also examine the "ex" or at least log the exception somewhere. Otherwise, whenever there is any error unrelated to the credentials (for example a faulty network or server, or a syntax error in the connection string) you will still get the login rejected in the same way as if the user/password was wrong, even if it is perfectly correct.


    Friday, November 29, 2019 3:17 PM
    Moderator
  • As mentioned, you need to return false in the catch as per my original code.

    If you want to know the reason why there was a failure look at this code.


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange

    • Marked as answer by Decompressor Friday, November 29, 2019 8:12 PM
    Friday, November 29, 2019 4:49 PM
    Moderator

All replies

  • using System;
    using System.Collections.Generic;
    using System.ComponentModel;
    using System.Data;
    using System.Data.SqlClient;
    using System.Drawing;
    using System.Linq;
    using System.Text;
    using System.Threading.Tasks;
    using System.Windows.Forms;
    
    namespace Decompression
    {
        public partial class Form1 : Form
        {
            public Form1()
            {
                InitializeComponent();
    
            }
           
             
    
                private void btnOK_Click(object sender, EventArgs e)
            {
                    if (!string.IsNullOrWhiteSpace(loginTextBox.Text) && !string.IsNullOrWhiteSpace(passwordTextBox.Text))
                        {
                        var ops = new DatabaseUser("N10468000115\\SQLHUNTER", "demo");
                        var loginResults = ops.SqlCredentialLogin(loginTextBox.Text, passwordTextBox.Text);
                        if (loginResults)
                          {
    
                            var successValue = ops.DoWork(passwordTextBox.Text, loginTextBox.Text);
                            var workResult = string.IsNullOrWhiteSpace(successValue);
                            
                                if (workResult)
                                {
                                    Hide();
                                    Form MW = new MainWindow();
                                    MW.ShowDialog();
                                }
                                else
                                {
                                    MessageBox.Show(successValue);
                                }                                      
                          }
                               else
                                 {
                                      MessageBox.Show("Login is failed");
                                 }
                        }
                 
            }
        }
    }
    

    Friday, November 29, 2019 2:07 PM
  • using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Threading.Tasks;
    using System.Windows.Forms;
    
    namespace Decompression
    {
        static class Program
        {
            /// <summary>
            /// The main entry point for the application.
            /// </summary>
            [STAThread]
            static void Main()
            {
                Application.EnableVisualStyles();
                Application.SetCompatibleTextRenderingDefault(false);
                Application.Run(new Form1());
            } 
        }
    }
    

    Friday, November 29, 2019 2:07 PM
  • Well, if you are doing your login by means of SqlCredentialLogin, you should be aware that it returns true both if it succeeds and if it fails (see the "return true" statement both in the try block and in the catch block). So it's no wonder that it grants login regardless of whether you enter the correct credentials or not. Your method always returns true.

    That said, you should also examine the "ex" or at least log the exception somewhere. Otherwise, whenever there is any error unrelated to the credentials (for example a faulty network or server, or a syntax error in the connection string) you will still get the login rejected in the same way as if the user/password was wrong, even if it is perfectly correct.


    Friday, November 29, 2019 3:17 PM
    Moderator
  • As mentioned, you need to return false in the catch as per my original code.

    If you want to know the reason why there was a failure look at this code.


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange

    • Marked as answer by Decompressor Friday, November 29, 2019 8:12 PM
    Friday, November 29, 2019 4:49 PM
    Moderator
  • Since DoWork always returns an empty string, your program will never skip the MainWindow.

    Fixed username and password for database access are frequently defined in configuration files. Your Form1 probably is aimed to perform other kind of login. DoWork seems incomplete.


    • Edited by Viorel_MVP Friday, November 29, 2019 5:37 PM
    Friday, November 29, 2019 5:37 PM
  • Since DoWork always returns an empty string, your program will never skip the MainWindow.

    Fixed username and password for database access are frequently defined in configuration files. Your Form1 probably is aimed to perform other kind of login. DoWork seems incomplete.


    The OP took my code sample and mangled it which is why it's not working. They have been doing the same thing for weeks now but not getting it.

    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange

    Friday, November 29, 2019 6:34 PM
    Moderator
  • Thank you!
    Friday, November 29, 2019 8:11 PM