ASP.NET Login page using Sessions

I have posted couple of posts in last two days regarding sessions in ASP.NET. In this post I’ll be explaining how to create a login page with sessions in ASP.NET and also wiping it out, I mean deleting the sessions in ASP.NET :).

Anyways here are my previous two posts regarding sessions :

1. ASP.NET Creating and Retrieving Sessions example
2. ASP.NET Creating and retrieving Sessions with MS SQL server

ASP.NET Login page using Sessions

Make a new page in your project with name frmLogin.aspx and edit it as below :

frmLogin.aspx:

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="FrmLogin.aspx.cs" Inherits="FrmLogin" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
 <title>Login Page</title>
</head>
<body>
 <form id="form1" runat="server" style="padding: 5px; font-family: Arial; color: #1c1c1c;">
 <div>
 <h2>
 Enter your credentials</h2>
 <hr />
 Username : &nbsp;&nbsp;
 <asp:TextBox runat="server" ID="txtusername" />
 <br />
 <br />
 Password : &nbsp;&nbsp;&nbsp;
 <asp:TextBox runat="server" ID="txtpassword" TextMode="Password" />
 <br />
 <asp:Button runat="server" Text="Login" ID="btnLogin" OnClick="btnLogin_Click" />&nbsp;&nbsp;
 <asp:Button runat="server" Text="Clear" ID="btnClear" OnClick="btnClear_Click" />
 <br />
 <br />
 <asp:Label runat="server" ID="lblMessage" />
 </div>
 </form>
</body>
</html>

Now edit its code file as below.

FrmLogin.aspx.cs :

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Data.SqlClient;

public partial class FrmLogin : System.Web.UI.Page
{
 protected void Page_Load(object sender, EventArgs e)
 {

 }
 protected void btnLogin_Click(object sender, EventArgs e)
 {
 SqlConnection con = new SqlConnection("Data Source=hitesh\\sqlexpress;Initial Catalog=parallel;User ID=hitesh;Password=789;");
 con.Open();
 SqlCommand cmd = new SqlCommand("Select * from tblUsers where Username=@Username and Password=@Password", con);
 cmd.Parameters.AddWithValue("@Username", txtusername.Text.ToString());
 cmd.Parameters.AddWithValue("@Password", txtpassword.Text.ToString());
 SqlDataReader reader = cmd.ExecuteReader();
 if (reader.Read())
 {
 Session["userid"] = Convert.ToInt32(reader["userid"].ToString());
 Session["Name"] = reader["Name"].ToString();
 Session["Role"] = reader["Role"].ToString();
 reader.Close();
 cmd.Dispose();
 con.Close();
 Response.Redirect("index.aspx");
 }
 else
 {
 reader.Close();
 cmd.Dispose();
 con.Close();
 lblMessage.Text = "Invalid credentials";
 }
 }
 protected void btnClear_Click(object sender, EventArgs e)
 {
 txtpassword.Text = "";
 txtusername.Text = "";
 }
}

ASP.NET Login page using Sessions – frmLogin.aspx design

Here’s the Database script for Database creation :

Database script :

create database parallel;
use parallel;
create table tblUsers
(
UserId int identity(1,1) not null primary key,
[Name] nvarchar(50) not null,
Username nvarchar(50) not null,
Password nvarchar(50) not null,
Role nvarchar(50) not null
);
insert into tblUsers ([Name],Username,Password,Role) values ('Steve','Steve1','steve','Admin');
insert into tblUsers ([Name],Username,Password,Role) values ('John','John1','john','User');
select * from tblUsers

And now make a new form with name Index.aspx, and edit it as below.

Index.aspx :

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Index.aspx.cs" Inherits="Index" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
 <title>Homepage</title>
</head>
<body>
 <form id="form1" runat="server" style="padding: 5px; font-family: Arial; font-weight: bold;">
 <div>
 <asp:Label runat="server" ID="lbluserInfo"></asp:Label>
 <br />
 <br />
 <asp:Button ID="btnLogout" runat="server" BackColor="White" BorderStyle="None"
 Font-Bold="true" Text="Logout" Font-Size="16px" ForeColor="Red" OnClick="btnLogout_Click" />
 </div>
 </form>
</body>
</html>

and edit it’s code file as below.

Index.aspx.cs :

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Drawing;

public partial class Index : System.Web.UI.Page
{
 protected void Page_Load(object sender, EventArgs e)
 {
 if (Session["Name"] == null)
 Response.Redirect("FrmLogin.aspx");
 else
 {
 String userid = Convert.ToString((int)Session["userid"]);
 String username = Session["Name"].ToString();
 String userrole = Session["Role"].ToString();
 
 lbluserInfo.Text = "Welcome, " + username + ". Your userid is " + userid + " and your role is " + userrole + ".";
 }
 }
 protected void btnLogout_Click(object sender, EventArgs e)
 {
 Session["Name"] = null;
 Session["Role"] = null;
 Response.Redirect("FrmLogin.aspx");
 }
}

ASP.NET Login page using Sessions – Index.aspx design

On button click event I’m making the session value as null.