I have posted couple of posts in last two days regarding sessions in ASP.NET. In this post I’ll be explaining how to create a login page with sessions in ASP.NET and also wiping it out, I mean deleting the sessions in ASP.NET :).
Anyways here are my previous two posts regarding sessions :
- ASP.NET Creating and Retrieving Sessions example
- ASP.NET Creating and retrieving Sessions with MS SQL server
ASP.NET Login page using Sessions
Make a new page in your project with name frmLogin.aspx and edit it as below :
frmLogin.aspx:
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="FrmLogin.aspx.cs" Inherits="FrmLogin" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Login Page</title> </head> <body> <form id="form1" runat="server" style="padding: 5px; font-family: Arial; color: #1c1c1c;"> <div> <h2> Enter your credentials</h2> <hr /> Username : <asp:TextBox runat="server" ID="txtusername" /> <br /> <br /> Password : <asp:TextBox runat="server" ID="txtpassword" TextMode="Password" /> <br /> <asp:Button runat="server" Text="Login" ID="btnLogin" OnClick="btnLogin_Click" /> <asp:Button runat="server" Text="Clear" ID="btnClear" OnClick="btnClear_Click" /> <br /> <br /> <asp:Label runat="server" ID="lblMessage" /> </div> </form> </body> </html>
Now edit its code file as below.
FrmLogin.aspx.cs :
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Data.SqlClient;
public partial class FrmLogin : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnLogin_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection("Data Source=hitesh\\sqlexpress;Initial Catalog=parallel;User ID=hitesh;Password=789;");
con.Open();
SqlCommand cmd = new SqlCommand("Select * from tblUsers where Username=@Username and Password=@Password", con);
cmd.Parameters.AddWithValue("@Username", txtusername.Text.ToString());
cmd.Parameters.AddWithValue("@Password", txtpassword.Text.ToString());
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
Session["userid"] = Convert.ToInt32(reader["userid"].ToString());
Session["Name"] = reader["Name"].ToString();
Session["Role"] = reader["Role"].ToString();
reader.Close();
cmd.Dispose();
con.Close();
Response.Redirect("index.aspx");
}
else
{
reader.Close();
cmd.Dispose();
con.Close();
lblMessage.Text = "Invalid credentials";
}
}
protected void btnClear_Click(object sender, EventArgs e)
{
txtpassword.Text = "";
txtusername.Text = "";
}
}
Here’s the Database script for Database creation :
Database script :
create database parallel;
use parallel;
create table tblUsers
(
UserId int identity(1,1) not null primary key,
[Name] nvarchar(50) not null,
Username nvarchar(50) not null,
Password nvarchar(50) not null,
Role nvarchar(50) not null
);
insert into tblUsers ([Name],Username,Password,Role) values ('Steve','Steve1','steve','Admin');
insert into tblUsers ([Name],Username,Password,Role) values ('John','John1','john','User');
select * from tblUsers
And now make a new form with name Index.aspx, and edit it as below.
Index.aspx :
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Index.aspx.cs" Inherits="Index" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title>Homepage</title> </head> <body> <form id="form1" runat="server" style="padding: 5px; font-family: Arial; font-weight: bold;"> <div> <asp:Label runat="server" ID="lbluserInfo"></asp:Label> <br /> <br /> <asp:Button ID="btnLogout" runat="server" BackColor="White" BorderStyle="None" Font-Bold="true" Text="Logout" Font-Size="16px" ForeColor="Red" OnClick="btnLogout_Click" /> </div> </form> </body> </html>
and edit it’s code file as below.
Index.aspx.cs :
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Drawing;
public partial class Index : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (Session["Name"] == null)
Response.Redirect("FrmLogin.aspx");
else
{
String userid = Convert.ToString((int)Session["userid"]);
String username = Session["Name"].ToString();
String userrole = Session["Role"].ToString();
lbluserInfo.Text = "Welcome, " + username + ". Your userid is " + userid + " and your role is " + userrole + ".";
}
}
protected void btnLogout_Click(object sender, EventArgs e)
{
Session["Name"] = null;
Session["Role"] = null;
Response.Redirect("FrmLogin.aspx");
}
}
On button click event I’m making the session value as null.