// Button to login event protected void btnLogin_Click(object sender, EventArgs e) { try { // UserID is retrieved from database using CheckUserID method var userID = SecurePasswordHasher.CheckUserID(txtCustID.Text); // if the UserID is not in the database then execute this block of code if (userID == 0) { lblAlert.Text = "Please enter a valid CustomerID and Password"; txtCustID.Text = ""; txtPassword.Text = ""; txtCustID.Focus(); } else { // pass is equal to the GetHashPassword method using the CustomerID as the argument // this gets the hashed password from database var pass = SecurePasswordHasher.GetHashPassword(txtCustID.Text); // result is equal to the Verify method being executed taking the Password input and hashed password as arguments var result = SecurePasswordHasher.Verify(txtPassword.Text, pass); //var result2 = SecurePasswordHasher.ComparePasswords(txtPassword.Text, pass); // if the result is correct and the passwords match then execute this block of code if (result == true) { Session["loginState"] = "true"; // loginstate is set to true Session["user"] = txtCustID.Text; // custId is now the session Response.Redirect("MainPage.aspx"); // redirect to main page } else { // try again and resets all fields lblAlert.Text = ("Please enter a valid CustomerID and Password"); txtCustID.Text = ""; txtPassword.Text = ""; txtCustID.Focus(); } } } catch (Exception) { lblAlert.Text = ("Please enter a valid CustomerID and Password"); txtCustID.Text = ""; txtPassword.Text = ""; txtCustID.Focus(); } }
protected void btnLogin_Click(object sender, EventArgs e) { //var hash = SecurePasswordHasher.Hash(txtPassword.Text); var pass = SecurePasswordHasher.GetHashPassword(txtCustID.Text); var result = SecurePasswordHasher.Verify(txtPassword.Text, pass); //var result2 = SecurePasswordHasher.ComparePasswords(txtPassword.Text, pass); if (result == true) { Session["loginState"] = "true"; Session["user"] = txtCustID.Text; Response.Redirect("MainPage.aspx"); } else { Response.Write("Login Failed"); } }