Microsoft & .NETASPBuilding Data Aware Web Applications with ASP.NET - Part 3

Building Data Aware Web Applications with ASP.NET – Part 3 content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

In this final installment of the series, you will learn how to authenticate users using the credentials from a database. I will use the database named “Wintergreen,” which we created in the first part of this series. Towards the end of this article, you will also learn how to apply Web Services for performing database operations. Typically, a site validates its users with their username and password. Some sites require you to feed in an e-mail address, which you gave at the time of registration. In this article, I’ll examine how to authenticate a user with the username and password. Here, you will have to write a separate stored procedure (see Listing 1). The procedure returns the respective values and notifies an ASP.NET application, based on which the appropriate action takes place.

Listing 1

create procedure DBVerify2

@username varchar(25),
@password varchar(25)


declare @ID INT
declare @actualpassword varchar(25)

@ID = identitycol,
@actualpassword = @password
from Employees
where username = @username

if @password = @actualpassword
return @ID
return -2
return -1

The user-interface for our project looks like what is shown in Figure 1.

Figure 1

The whole process is tied up in a function named Userverify (see Listing 2). This function accepts two arguments, namely username and password objects. The objects are typically derived from TextBox controls. As usual, the connection string is established and a stored procedure (DBVerify2) called. The add method accepts the username and password objects as parameters. Finally, if the return value is less than 0 or -1, it’s an indication that the user has not been registered. The user is automatically shown the respective error message with the help of the Label control. Otherwise, the password inputted by the user is invalid and the appropriate error message is displayed as output. The whole code for this function is shown below:

Listing 2

function Userverify(strusername as string, strpassword as string) _
                                as integer

     dim sconn as sqlconnection
     dim scmd as sqlcommand
     dim sparam as sqlparameter
     dim intresult as integer

     sconn  = new sqlconnection _

     ' DBVerify2 is the stored procedure for checking usernames
     ' and passwords
     scmd = new sqlcommand("DBVerify2",sconn)
     scmd.commandtype = commandtype.storedprocedure
     sparam = scmd.parameters.add("RETURN_VALUE",
     sparam.direction = parameterdirection.returnvalue
     intresult = scmd.parameters("RETURN_VALUE").value
     if intresult < 0 then
     if intresult = -1 then
     lblMessage.text = "Username not registered"
     lblMessage.text = "Invalid Password"
     end if
     end if
     return intresult
     end function

As specified above, our user-interface includes a button control. The validation and the above function are called only upon clicking this button. So, you have to dress up the button click event with some code (see Listing 3). Here, we have to verify a fact that if the function returns a value of greater than 0, the server redirects to some other Web page. It could be a page meant only for members of the site. Any action can occur depending upon the circumstances. In our example, the server displays a text message denoting that the information you entered is correct.

Listing 3

Sub btnLogin_Click(sender As Object, e As EventArgs)
     if isvalid then
     if Userverify(txtUsername.text, txtPassword.text) > 0 then
     lblMessage.text = "Information is Correct"
     end if
     end if
     End Sub

In this part and from the previous two parts, you had learned a lot about performing database manipulations using ASP.NET. With a little effort, you can easily implement these functionalities in your own project.

Using Web Services for Database Operations

Instead of creating an ASP.NET page, you can put the code for manipulating the database on a Web Service so that you can call them from anywhere using HTTP. Look at the typical Web Service code in Listing 4 below:

Listing 4

<%@ webservice class = "Data_Aware3" %>

imports system

<webservice> public class Data_Aware3 : inherits webservice

<webmethod()> public function Getproducts() as dataset

dim cn as sqlconnection = new sqlconnection _
          ("server=localhost;uid=sa;pwd=;database = northwind")
dim adapter as sqldataadapter = new _
               sqldataadapter("select * from products",cn)
dim mydataset as dataset = new dataset
adapter.fill(mydataset, "products")

return mydataset
end function
end class

Save the above file as Data_Aware3.asmx in the Inetpub/wwwroot directory. All .NET Web Services are saved with an .asmx extension. The above listing pulls all the records from the products table on the Northwind database. This database is automatically installed during the SQL Server setup. If you desire, you can substitute the database name with any other existing one. As you may notice from the above code listing, you have to include a new namespace called and provide the necessary class and function declaration on the <webservice> and <webmethod> attributes. The client can access only those methods that are marked with the <webmethod> attribute. You now can view the output of this file with Internet Explorer by entering the following URL:


The first page will display the function name and, upon clicking it, a new page will be displayed with an Invoke button. If you click the button, the output will be displayed in raw XML format.

The next step is to create a proxy file using the wsdl utility provided with the .NET Framework; the resulting file should be compiled with either the VB.NET or C# command line option. The proxy file can be created using the following syntax from the Visual Studio .NET Command Prompt:

wsdl /l:vb http://localhost/Data_Aware3.asmx

Upon successful completion, a file named Data_Aware3.vb will be created. The next step is to compile this proxy class using the Visual Basic compiler, vbc, as shown in the listing given below:

vbc /t:library /r:system.dll,,system.xml.dll, Data_Aware3.vb

The end result will be a .DLL file (Data_Aware3.DLL); it can be called in an ASP.NET program by creating an instance as shown in the listing given below:

sub page_load
Dim dw3 as Data_Aware3
dw3 = new Data_Aware3()
dgrid.datasource = dw3.Getproducts()
end sub

The whole code for the above listing is included in the zip file along with this article. The above example is illustrated purely by using the commands that are to be given on the command prompt. But Visual Studio .NET provides an easy way for developing and deploying Web Services. You will learn more about this in one of my upcoming articles, titled “Developing Web Services with Visual Studio .NET 2003.”


A live demo can be seen at:

Free ASP.NET Hosting Providers—Provides hosting on Windows Server 2003 and provides 20MB for files, 10MB in SQL Server database, FTP access, and much more—Provides 30 MB disk space with 500 MB data transfer—Provides 30 MB disk space, MS Access database support, unlimited FTP, DSN, WAP, and much more

Code Download

  1. Authentication Program
  2. Webservices Application

About the Author

Anand Narayanaswamy, a Microsoft Most Valuable Professional, works as a freelance Web/Software developer and technical writer. He runs and maintains, and provides technical support to users. His areas of interest include Web development using ASP, ASP.NET, software development using Visual Basic, and in the design and preparation of courseware, technical articles, help files, and tutorials. He can be reached at


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories