Redirecting a user (vb.net)

Hello Richard

Thank you for your reply and sorry for not getting back to you earlier.

That works a treat. The only reason the user is logging in is to upload files and that is achieved via Userpage.aspx.

Thanks again!

Hello

I am working my way through Microsoft's WebFormsIdentity template. In the template, the login.aspx page has this:

Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load

      RegisterHyperLink.NavigateUrl = "Register"
    ' Enable this once you have account confirmation enabled for password reset functionality
    ' ForgotPasswordHyperLink.NavigateUrl = "Forgot"
    OpenAuthLogin.ReturnUrl = Request.QueryString("ReturnUrl")
    Dim returnUrl = HttpUtility.UrlEncode(Request.QueryString("ReturnUrl"))
    If Not \[String\].IsNullOrEmpty(returnUrl) Then
        RegisterHyperLink.NavigateUrl += "?ReturnUrl=" & returnUrl
    End If
End Sub

Protected Sub LogIn(sender As Object, e As EventArgs)
    If IsValid Then
        ' Validate the user password
        Dim manager = Context.GetOwinContext().GetUserManager(Of ApplicationUserManager)()
        Dim signinManager = Context.GetOwinContext().GetUserManager(Of ApplicationSignInManager)()

        ' This doen't count login failures towards account lockout
        ' To enable password failures to trigger lockout, change to shouldLockout := True
        Dim result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout:=False)

        Select Case result
            Case SignInStatus.Success
                IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response)
                Exit Select
            Case SignInStatus.LockedOut
                Response.Redirect("/Account/Lockout")
                Exit Select
            Case SignInStatus.RequiresVerification
                Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}",
                                                Request.QueryString("ReturnUrl"),
                                                RememberMe.Checked),
                                  True)
                Exit Select
            Case Else
                FailureText.Text = "Invalid login attempt"
                ErrorMessage.Visible = True
                Exit Select
        End Select
    End If
End Sub

End Class

In that second Protected Sub under Select Case, can I comment out this line

IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl")

Hello

After adding MSSQLLocalDB and ProjectsV13 servers to my Web project which is based on the Register.aspx and Logon.aspx files in Microsoft's WebFormsIdentity template, I have the following in my Web.config file:

That's now working fine, Richard, many thanks.

Thanks, Richard, for replying. I have this:

Function ReturnDate() As String

Code for ordinal date

End Function

And then:

Protected Sub SendEmail_Click(sender As Object, e As System.EventArgs)

SMTP code here

End Sub

And this, where the errors occur:

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

    'user\_name.Focus()

    pnlFormFields.Visible = False
    pnlThankYouMessage.Visible = True
    LblDate.Text = ReturnDate()

End Sub

The forms tell the user 'thank you' when he clicks on 'Send' (the form), but I didn't think it would be part of the SMTP

Protected Sub SendEmail_Click

, and I didn't think the 'show date'would be part of the Date Function, so I put the three lines of code above (the ones with the errors) in that

Protected Sub Page_Load

. Thanks again.

Hello

I am just wondering why, if I have these lines of code in my aspx file

why I would get the following red underlined errors (VS 2017) in my corresponding aspx.vb file:

pnlFormFields.Visible = False
pnlThankYouMessage.Visible = True
LblDate.Text = ReturnDate()

Not declared or inaccessible due to protection levels.

What should I have, please?

Thanks!

Thanks. I am familiar with that link - been hours on this! I will give it all a go and fingers crossed! Many thanks again for your help.

Yes, you're right. I do have that against 'p' at the moment:

("

Hello " & strEmailValue & "

To reset your password....etc

", Nothing, "text/html")

I will take on board what you suggest about 'body' as opposed to 'p' and use your 'cid:email.BG'. Would I still need these two lines that follow the above line I have posted above:

Dim Logo As New LinkedResource(Server.MapPath("~/Images/emailBG.jpg"), "image/jpeg") 'embedded image
Logo.ContentId = "emailBG"

Isn't 'Logo.ContentId = "emailBG"' a repetition of your 'cid:emailBG'? Thanks. Can you see this message though it is not in 'Preview'?

Hello Richard Thanks for your reply. The article is 10 years old - not sure if the author will even see it. Thanks again.

Hello I have partly followed this tutorial: Sending email with an embedded image through ASP.NET[^] and, though the user receives his email, when I test my SMTP locally, the plain background image (600px x 600px) does not appear. In Visual Studio (2013), I don't get any errors. The image, emailBG.jpg, is in my Images folder in Solution Explorer, and the code I am using to send plain and HTML emails, and for the background image, is as follows:

Dim PlainMessage As AlternateView = AlternateView.CreateAlternateViewFromString("Hello. To reset your password....Nothing, "text/plain")
Dim mimeType As ContentType = New ContentType("text/html")
Dim HtmlMessage As AlternateView = AlternateView.CreateAlternateViewFromString("

pre> Thanks for any advice.

Hello

I am getting the following error:

System.Data.OleDb.OleDbException: Operation must use an updateable query.

when I type in a valid user's email (he exists in the Access mdb) on this page:

forgotten password[^] I have read a couple of articles on this question, including this one: Solve Operation Must Use an Updateable Query Error in Access[^]

and have set my permissions accordingly. The folder that houses my Access database, App_Data, has the following permissions: SYSTEM, Steve, and Administrators have full permissions, and Home Users have all permissions apart from Full Control.

[^]

After compiling my project, that folder is now on the server of my Web hosting service and these are the file permissions of App_Data on the server:

[^]

However, I am still getting the same error. Do I need to do anything in the Control Panel of the server, too (I have a Web hosting service) or is what I have already enough>

Thank you.

Hello Richard Many thanks. I will debug all the code again and give it a trial run. Before my previous While/End While, I had:

Dim strEmailFound As Boolean = False
Dim passwordFound As Boolean = False

but if I use your

Dim userFound As Boolean = False

I can delete my two declarations because, as you say, 'you only need a single variable to indicate that you have found the correct user record'. Does it matter which variable finds the record? Thank again for all your help.

As I understand it, the logic should be to read the database using While and End While. In the database, where there are two columns called 'password' and 'strEmail' (the exact same IDs as for the two form fields), the code should check that the email variable (strEmailValue) entered in the email form field is the same as the entry in the database column whose name is strEmail. (strEmail is the name of the database column AND the email text field in the form, whereas strEmailValue is the variable entered by the user in the form text field.) If the entry in the database column is the same as the variable entered by the user, then it is true that strEmailValue has been found - hence strEmailFound = True. Likewise, for password. The code should check that the password variable (passwordValue) entered in the password form field is the same as the entry in the database column whose name is password. (password is the name of the database column AND the password text field in the form, whereas passwordValue is the variable entered by the user in the form text field.) If the entry in the database column is the same as the variable entered by the user, then it is true that passwordValue has been found - hence passwordFound = True. So, I now have:

While reader.Read

If strEmailValue = reader("strEmail") Then

strEmailFound = True

End If

If passwordValue = reader("password") Then

passwordFound = True

End While

Does the above make sense? Thanks again.

I am trying to tidy it up a little. I didn't have these namespaces in, for example, beforehand:

Imports System.Data.OleDb.OleDbCommand
Imports System.Data.OleDb.OleDbDataReader

and the 'order' is OleDbConnection, an OleDbCommand, and an OleDbDataReader. The While/End While code should then read through the data, before closing OleDbDataReader, and then OleDbConnection. That structure is now reflected in my own code. The examples I have see around look a lot like this:

dr = myCommand.ExecuteReader()
While dr.Read()
'reading from the datareader
MessageBox.Show("colname1" & dr(0).ToString())
'displaying the data from the table
End While
dr.Close()

I probably need to use something like this

("colname1" &
dr(0).ToString())

from the example above, but I don't want the code to display anything - only to log me on. As I said earlier, the code I initially posted doesn't actually 'read' the rows, does it?

Thanks for the links, Richard. I have just taken a look at this page: Secure Password Authentication Explained Simply[^] which looks up-to-date (referring to SHA512 and RNGCrypto), and I have put your post into my favourites but, as I say, I will investigate the While/End While first.

Hello Richard Many thanks for your reply. Yes, there are a couple of flaws - plain text passwords as opposed to salting/hashing, and empty form fields - but for the moment I just wanted to get the engine started and then, when I can log in, I will explore those other important features of a log-in form. Thanks for pointing out the While reader.Read/End While You mean it's not actually doing anything?! Thanks again for your reply.

Hello I have been trying for some time to log-in to a site who register.aspx page works (new user's details are inserted in the database). However, when I use those same details of a user (email and password) to log-in, I am not able to. I get no debug errors in Visual Studio 2013 for Web or server errors. The form just stands still when I click the logon button. Are there are glaring errors, please, in my log-on code? In my aspx file, the two form fields are ID = strEmail and ID = password:

Protected Sub LogonBtn_Click(sender As System.Object, e As System.EventArgs) Handles LogonBtn.Click

    Try

        Using conn As OleDbConnection = New OleDbConnection(System.Configuration.ConfigurationManager.ConnectionStrings("students").ConnectionString)

            conn.Open()

            Dim strEmailValue As String = strEmail.Text
            Dim passwordValue As String = password.Text
            Dim MSAccess As String = "Provider=Microsoft.Jet.OleDb.4.0; Data Source=|DataDirectory|students.mdb;"
            Dim ConnectionString As String = "SELECT \* FROM university WHERE strEmail = '" & strEmailValue & "' AND \[password\] = '" & passwordValue & "'"

            Dim cmd As New OleDbCommand

            Dim reader As OleDbDataReader = cmd.ExecuteReader

            Dim strEmailFound As Boolean = False

            Dim passwordFound As Boolean = False

            'if in database:

            While reader.Read

                strEmailFound = True

                strEmailValue = reader("strEmail")

                passwordFound = True

                passwordValue = reader("password")

            End While

            conn.Close()

            'check result

            If strEmailFound = True And passwordFound = True Then

                Dim target = String.Format("~/userpage.aspx?strEmail={0}", strEmailValue)

                Response.Redirect(target, True)

            End If

        End Using

    Catch ex As Exception

        Console.WriteLine(ex.Message)

        Dim MessageBox As String

        MessageBox = "Sorry, email or password not found"

    End Try

End Sub

Protected Sub Page\_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

    'Dim strEmailValue As String = ""

    'Dim strEmailValue As String = strEmail.Text

    If Not IsPostBack Then

Hello Richard Just a quick question about the code you kindly sent to me. It concerns this line here:

Dim recordExists As Boolean = False

Is there a reason this is not 'true'? Either the user exists in the database or not. If he does, then he gets sent the link; if not, he should register. Isn't it as black and white as that? If Boolean is set to false, doesn't that suggest that it is unimportant whether he exists or not? Thanks

Thanks, Ryan Adding a Date/Time column to Access sounds a bit easier! But thanks for suggesting an alternative!

Wow! I feel as if I have been hit by Mike Tyson! What a wake up call. It's my first attempt at it in my defence, but your code is so neat and makes easy reading even though I don't yet understand every line. I will go through it and research a bit things I am hazy about (especially after that knockout blow!) and when it's all up and running I will post back so that you can admire your craft. Many thanks, Richard, I am so grateful.