public PricingUser Userlogin(PricingUser User_) { PricingUser DBUser = new PricingUser(); bool blnAreThereErrors = false; bool blnHasRows = false; try { sqlConnectionX = new SqlConnection(ConfigurationManager.AppSettings["SQLConnection"]); sqlConnectionX.Open(); sqlCommandX = new SqlCommand(); sqlCommandX.Connection = sqlConnectionX; sqlCommandX.CommandType = CommandType.StoredProcedure; sqlCommandX.CommandText = "spx_Pricing_UserAuth"; sqlParam = new SqlParameter("UserName", User_.Username); sqlCommandX.Parameters.Add(sqlParam); sqlDR = sqlCommandX.ExecuteReader(); while (sqlDR.Read()) { DBUser.UserID = sqlDR.GetInt32(0); DBUser.Username = sqlDR.GetString(1); DBUser.Password = sqlDR.GetString(2); } blnHasRows = sqlDR.HasRows; sqlDR.Close(); sqlCommandX.Cancel(); sqlCommandX.Dispose(); if (blnHasRows) { //Check the password is correct bool flag = VerifyHash(User_.Password, "SHA512", DBUser.Password); if (flag != true) { blnAreThereErrors = true; if (DBUser.Result != null) { DBUser.Result += ", User password is incorrect"; } else { DBUser.Result = "User password is incorrect"; } } else { DBUser.Result = "Success"; DBUser.Password = ""; } } else { DBUser.Result = "User does not exist"; DBUser.Password = ""; } } catch (Exception ex) { DBUser.Result = ex.Message; return DBUser; } //finally //{ // sqlDR.Close(); // sqlDR.Dispose(); // sqlConnectionX.Close(); //} return DBUser; }
protected void RadButtonLogin_Click(object sender, EventArgs e) { try { PricingUser User = new PricingUser(); User.Username = RadTextBoxUsername.Text; User.Password = RadTextBoxPassword.Text; User = Userlogin(User); if (User.Result == "Success") { DataSet dsUserMenu = Get_UserMenu(User.UserID); Session["UserID"] = User.UserID; Session["UserMenu"] = dsUserMenu; Response.Redirect("Quote.aspx",false); } else { lblInfo.Text = User.Result; } } catch (Exception ex) { lblInfo.Text = ex.Message; } }