protected void LogIn(object sender, EventArgs e) { if (IsValid) { DataSet ds = new DataSet(); String cmd = "UserName='******'"; FileStream fs = new FileStream(Server.MapPath("../App_Data/Users.xml"), FileMode.Open, FileAccess.Read); StreamReader reader = new StreamReader(fs); ds.ReadXml(reader); fs.Close(); DataTable users = ds.Tables[0]; DataRow[] matches = users.Select(cmd); if( matches != null && matches.Length > 0 ) { DataRow row = matches[0]; HashComputer hashComputer = new HashComputer(); string hashedpwd = hashComputer.hash(Password.Text); String pass = (String)row["Password"]; if (0 != String.Compare(pass, hashedpwd, false)) { // Tell the user if no password match is found. It is good // security practice give no hints about what parts of the // logon credentials are invalid. FailureText.Text = "Invalid username or password."; ErrorMessage.Visible = true; } else { // If a password match is found, redirect the request // to the originally requested resource (Default.aspx). FormsAuthentication.RedirectFromLoginPage (UserName.Text, RememberMe.Checked); } } else { FailureText.Text = "Invalid username or password."; ErrorMessage.Visible = true; } } }
protected void CreateUser_Click(object sender, EventArgs e) { if(0 != String.Compare(captchaBox.Text, "v4xbg", true)) { ErrorMessage.Text = "The text doesn't match that in the image."; return; } DataSet ds = new DataSet(); String userFile = "../App_Data/Users.xml"; FileStream fs = new FileStream(Server.MapPath(userFile), FileMode.Open, FileAccess.Read); StreamReader reader = new StreamReader(fs); ds.ReadXml(reader); fs.Close(); HashComputer hashComputer = new HashComputer(); string hashedpwd = hashComputer.hash(Password.Text); DataRow newUser = ds.Tables[0].NewRow(); newUser["UserName"] = UserName.Text; newUser["Password"] = hashedpwd; newUser["Role"] = roleList.SelectedItem.Text; ds.Tables[0].Rows.Add(newUser); ds.AcceptChanges(); fs = new FileStream(Server.MapPath(userFile), FileMode.Create, FileAccess.Write | FileAccess.Read); StreamWriter writer = new StreamWriter(fs); ds.WriteXml(writer); writer.Close(); fs.Close(); if (!String.IsNullOrEmpty(Request.QueryString["ReturnUrl"])) Response.Redirect(Request.QueryString["ReturnUrl"]); else Response.Redirect("~/Account/Login"); }