locked
Account created in sql database failed to Login RRS feed

  • Question

  • User-218090889 posted

    I have a web application in asp.net c#, when a mobile users sign up they could not sign in, but the data will be on my database in sql. if try to copy the data to use it to login from my side it will fail. but the ones created via desk top work fine, and sometimes the ones created via mobile work fine but not always.

    please do any one know what could be causing this to happen that way, HELP?

    Friday, September 1, 2017 11:26 AM

All replies

  • User753101303 posted

    Hi,

    You are using ASP.NET identity or you have rebuilt your own authentication mechanism ? How does it fail exactly? This is because the id/password doesn't match a user row or could it be some other reason?

    BTW if an account is created form the desktp version, it works on a mobile device?

    It's hard to guess from a description. Try to really get at the exact behavior which should make easier to understand (and then fix) the problem.

    Friday, September 1, 2017 11:59 AM
  • User-218090889 posted

    Hi,

    You are using ASP.NET identity or you have rebuilt your own authentication mechanism ? How does it fail exactly? This is because the id/password doesn't match a user row or could it be some other reason?

    BTW if an account is created form the desktp version, it works on a mobile device?

    It's hard to guess from a description. Try to really get at the exact behavior which should make easier to understand (and then fix) the problem.

    if account is created via desktop it work fine on mobile, but if created via mobile it does not work fine on mobile and desktop.

    Friday, September 1, 2017 12:26 PM
  • User753101303 posted

    And this is the same code for both or do you have a special mobile version? I would try perhaps to create two accounts differing with a single letter and then selecting both from the db using SQL Server Management Studio to see if I can spot a difference.

    IMO try also to narrow down how it fails. Is this really because the id/password doesn't match. Make sure your code doesn't silently reject the login because an exception happens. Then if maybe some other user profile value is not properly saved by the mobile version, it might cause an exception just after the user is logged that would be processed by your code as a login failure.

    IMHO the key is really to check what is the EXACT behavior of the code. For example if using ASP.NET Identity I would check if the issue could be that it returns SignInStatus.RequiresVerification etc...

    Friday, September 1, 2017 2:35 PM
  • User-218090889 posted

    PatriceSc

    And this is the same code for both or do you have a special mobile version?

    It is the same code, the same id, I only have a duplicate of it in a sub folder for mobile, and redirect user to it using 51 degrees foundation dll.

    And again when the system experienced an error with a particular data, the system will never accept that data even when I deleted it from database and try to sign up with the same data via another device.

    Friday, September 1, 2017 2:48 PM
  • User753101303 posted

    IMHO it will be easier to find the problem if you can progressively narrow down what happens rather than stopping at what you saw first and then keep wondering how it could happen.

    It is still unclear how it fails and I still don't know if you are using ASP.NET identity or your own authentication system or something else. My first move would be really to check the exact line that is checking credentials against what is stored in the db to find if the difference is on the user name or on the password (or maybe it if actually fails later).

    Saturday, September 2, 2017 3:06 PM
  • User-218090889 posted

    I still don't know if you are using ASP.NET identity or your own authentication system or something else

    I used membership authentication method.

    Below is my code for user registration

    protected void ButtonMakeProfile_Click(object sender, EventArgs e)
            {
    
                
                    if (UploadUserPhoto.PostedFile != null)
                    {
                        string myMap = MapPath("~/").ToLower();
                        Random r = new Random();
                        int next = r.Next();
                        string ImageName = UploadUserPhoto.PostedFile.FileName;
                       
                        sImageFileExtension = ImageName.Substring(ImageName.LastIndexOf(".")).ToLower();
                        if (sImageFileExtension == ".gif" || sImageFileExtension == ".png" || sImageFileExtension == ".jpg" || sImageFileExtension == ".jpeg" || sImageFileExtension == ".bmp")
                        {
                            string ImageSaveURL = myMap + "UserImage/" + next + sImageFileExtension;
                            try
                            {
                                UploadUserPhoto.PostedFile.SaveAs(ImageSaveURL);
    
                                string EmailV = TextBoxEmail.Text;
                                string PasswordV = TextBoxPassword.Text;
                                string NameV = TextBoxName.Text;
                                string CountryV = TextBoxCountry.Text;
                                string DescriptionV = TextBoxComment.Text;
                                string ImageNameV = next + sImageFileExtension;
    
                                //string connetionString = null;
                                SqlConnection con = new SqlConnection(@"Data Source=MyDB;Integrated Security=False;");
                                SqlCommand cmd = new SqlCommand("INSERT INTO [User] (Email,Password,Name,Country,Description,ImageName) VALUES(@Email,@Password,@Name,@Country,@Description,@ImageName)");
                                cmd.Parameters.Add("@Email", SqlDbType.NVarChar).Value = EmailV;
                                cmd.Parameters.Add("@Password", SqlDbType.NVarChar).Value = PasswordV;
                                cmd.Parameters.Add("@Name", SqlDbType.NVarChar).Value = NameV;
                                cmd.Parameters.Add("@Country", SqlDbType.NVarChar).Value = CountryV;
                                cmd.Parameters.Add("@Description", SqlDbType.NVarChar).Value = DescriptionV;
                                cmd.Parameters.Add("@ImageName", SqlDbType.NVarChar).Value = ImageNameV;
                                
                                try
                                {
                                    cmd.Connection = con;
                                    con.Open();
                                    int rows = cmd.ExecuteNonQuery();
                                }
                                finally
                                {
    
                                    con.Close();
                                    Cleartextbox();
    
                                }
                                Response.Redirect("~/SuccessPage.aspx");
                            }
                            catch (Exception ex)
                            {
                            }
                        }
                        else
                        {
                        }
                    }
                    else
                    {
                        ToSaveImageName = "No";
                        sImageFileExtension = "Image";
                    }
    
                }
            }

    This is the Login code

     protected void OnAuthenticate(object sender, AuthenticateEventArgs e)
            {
                bool Authenticated = false;
                CheckBox chBox = (CheckBox)ctlLogin.FindControl("RememberMe");
                Authenticated = UserAuthenticate(ctlLogin.UserName, ctlLogin.Password);
                e.Authenticated = Authenticated;
                if (Authenticated == true)
                {
                    if (chBox.Checked == true)
                    {
                        Response.Cookies["RFriend_Email"].Value = ctlLogin.UserName;
                        Response.Cookies["RFriend_PWD"].Value = ctlLogin.Password;
                        Response.Cookies["RFriend_UID"].Value = Session["UserId"].ToString();
                        Response.Cookies["RFriend_Email"].Expires = DateTime.Now.AddMonths(3);
                        Response.Cookies["RFriend_PWD"].Expires = DateTime.Now.AddMonths(3);
                        Response.Cookies["RFriend_UID"].Expires = DateTime.Now.AddMonths(3);
                    }
                    Response.Redirect("~/UserDetails.aspx?Id=" + Session["UserId"].ToString());
                }
            }
    
            private bool UserAuthenticate(string UserName, string Password)
            {
                bool boolReturnValue = false;
                //--------------------------------
                //Check UserID From Config File
                if (UserName == "UserName" && Password == "pasword")
                {
                    boolReturnValue = true;
                    return boolReturnValue;
                }
                else
                {
    
                    DataTable dt = new DataTable();
                    string UserNameV = ctlLogin.UserName;
                    string PasswordV = ctlLogin.Password;
    
    
                    SqlConnection con = new SqlConnection(@"Data Source=MyDB;Integrated Security=False;");
                    SqlCommand cmd = new SqlCommand("LoginUser", con);
                    SqlDataAdapter adp = new SqlDataAdapter();
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.Add("@UserName", SqlDbType.NVarChar).Value = UserNameV;
                    cmd.Parameters.Add("@Password", SqlDbType.NVarChar).Value = PasswordV;
    
    
                    try
                    {
                        cmd.Connection = con;
                        con.Open();
    
                        adp.SelectCommand = cmd;
                        adp.Fill(dt);
    
                    }
    
                    finally
                    {
    
                        con.Close();
    
                        adp.Dispose();
    
                        con.Dispose();
    
                    }
    
                    
    
                    if (dt.Rows.Count > 0)
                    {
                        boolReturnValue = true;
                        Session["UserId"] = dt.Rows[0]["Id"].ToString();
                        string updateLastLogin = "Update [User] SET LastLogin='" + System.DateTime.Now.ToString() + "' where Id='" + Session["UserId"].ToString() + "'";
                        dbClass.ConnectDataBaseToInsert(updateLastLogin);
                    }
                    return boolReturnValue;
                }
            }

    And this is my stored procedure for Login

    CREATE  PROCEDURE [dbo].[LoginUser]  (
       @UserName nvarchar(20),   
        @Password nvarchar(20) 
     )  
     
    AS
    BEGIN
      
     
        SELECT*  FROM [User]  WHERE Email = @UserName AND Password = @Password  
         
      
      END



    Saturday, September 2, 2017 4:37 PM
  • User475983607 posted
    Make sure you are consistently using email as the username.
    Saturday, September 2, 2017 5:57 PM
  • User347430248 posted

    Hi Enzyme,

    if we try to check your code, then we can find that you are using try .....catch but in that you did nothing , it is empty or sometimes you did not include the catch block and just use the try and finally.

    in this situation , if error comes then you will not get any notifications for it and you will not able to know about the error.

    so it looks like when you run the code on mobile, the error occurs but you did not handle it in catch block so it executes the finally after that.

    I suggest you to handle the error properly in catch block and take proper steps after error occurs and don't let to insert data in your database. inform the user to correct the data if error is about incorrect data and try again.

    try to correct your code and let us know about the results.

    Regards

    Deepak

    Monday, September 4, 2017 6:51 AM