2

The current program I am working on is for a Registration page for a shopping cart, I have setup a SQL Server with tables to allow data to be recorded as

  1. UserName,
  2. Email,
  3. Password all are set a Nvarchar(max).

The version of the .NET Framework is 4.5 and I am using VS 2012 and am coding in C#, and the server is an SQL Server instance KENSULLIVAN-PC\KSSQL using integrated Windows Authentication.

So far, I have been able to run the registration page to the point where it will save a cookie of the information but, not send any information to the tables in SQL Server. 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;

public partial class Account_Register : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        RegisterUser.ContinueDestinationPageUrl = Request.QueryString["ReturnUrl"];      
    }
    //Submit button for user registration information
    protected void RegisterUser_CreatedUser(object sender, EventArgs e)
    {
        int TheUserID = 5000;
        SqlConnection conn = new SqlConnection("Server=KENSULLIVAN-PC/KSSQL;Database=GroupProject; Integrated Security=True");

        //INSERT command for values to be updated or added to the Database
        SqlCommand comm = new SqlCommand("INSERT INTO RegUser (UserName, Email, Password) VALUES (@UserName, @Email, @Password)", conn);
        comm.Parameters.Add("@UserName", System.Data.SqlDbType.NVarChar, 100);
        comm.Parameters["@UserName"].Value = RegisterUser.UserName; 
        comm.Parameters.Add("@Email", System.Data.SqlDbType.NVarChar, 100);
        comm.Parameters["@Email"].Value = RegisterUser.Email;
        comm.Parameters.Add("@Password", System.Data.SqlDbType.NVarChar, 100);
        comm.Parameters["@Password"].Value = RegisterUser.Password;       

        try
        {
            conn.Open();
            comm.ExecuteNonQuery();
            Response.Redirect("~/LoggedIn.aspx");
        }
        catch
        {
           //ErrorDB.Text = "Error Submitting, Try Again";
        }
        finally
        {
            conn.Close();
        }

        FormsAuthentication.SetAuthCookie(RegisterUser.UserName, false /* createPersistentCookie */);
        string continueUrl = RegisterUser.ContinueDestinationPageUrl;

        if (String.IsNullOrEmpty(continueUrl))
        {
            continueUrl = "~/LoggedIn.aspx";
        }
        Response.Redirect(continueUrl);  
    }
}

What should I be doing differently, what do you notice that is not really recommended?

Thank you, Kenneth

Improve this question

2 Answers 2

Reset to default
2

I see a couple of possible issues.

First, the instance name for SQL databases should be using a backslash. Of course you'll need to escape that backslash, so try this:

SqlConnection conn = new SqlConnection("Server=KENSULLIVAN-PC\\KSSQL;Database=GroupProject; Integrated Security=True");

Second, integrated security can be a little tricky from ASP.NET since often times it's running from a service or system account. You may want to enable MIXED authentication mode in MS-SQL, create a SQL account, and pass in a username and password. I would recommend storing your connection string in the web.config and encrypting it.

Is there a specific error/exception you're receiving? That would be very helpful to us.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Rather than using backslash why not just use @ for verbatim strings ?
0

First of all @Adam already pointed out, your connection string has issue, for named instance of SQl server, if you are using .Net, it should be backslash 

SqlConnection conn = new SqlConnection("Server=KENSULLIVAN-PC\\KSSQL;Database=GroupProject; Integrated Security=True");
OR using @

SqlConnection conn = new SqlConnection(@"Server=KENSULLIVAN-PC\KSSQL;Database=GroupProject; Integrated Security=True");

Second, because you are using Window Authentication, you need to set you ThreadPool which host you web application to run under a windows domain account, which has enough permission to backend database.

If each user using your web site login with windows domain account, and you want to use user's window domain credential to access to backend database, then you need more set up, you need the impersonation, you probably also need constrained delegation.

Improve this answer

1 Comment

if you are using .Net he has mentioned of asp.net,visual studio and C# :-)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.