By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,988 Members | 1,367 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,988 IT Pros & Developers. It's quick & easy.

I want to create a login form in vb.net using the ms access as a backend tool

Ajay Bhalala
100+
P: 119
I am new here and
I am beginner in vb.net and I use the Ms Access as a backend tool.

I want to create a user loin form. I created the the form that have 1 combobox from that the user can select the username and 1 textbox in which user can enter the password for the selected username.

How to check the user enter the correct password for the selected username? on button click.
If the user enter the correct password for the selected username then the form1 should be open, and if wrong then msgbox should be open "Enter correct password."
How can i do this?

Can anyone help me on this? I tried lots but I can't do this.
Nov 12 '14 #1
Share this Question
Share on Google+
4 Replies


Frinavale
Expert Mod 5K+
P: 9,731
Well, to answer this question we would have to take a look at your current design.

What does your data table for user information contain?

What I have typically done to accomplish this is have a table called something like "user" or "identity" or something and it contains the following columns:
  • ID: some sort of identifier that can be used to identify the user
  • User name: typically characters
  • Password: a security "hash" that was generated based on the password provided by the user and the salt randomly generated so that the database never contains passwords
  • Salt: the key used to generate the password hash

To generate the salts and passwords that are stored in the database the controls and methods that are part of the System.Security.Cryptography namespace are used.

For example, the following would generate a salt to be used:
Expand|Select|Wrap|Line Numbers
  1. Public Function GetSalt() as String
  2.   Dim saltSize = 32
  3.   Dim salt As RNGCryptoServiceProvider = New RNGCryptoServiceProvider()
  4.   Dim randomBytes(saltSize - 1) As Byte
  5.   salt.GetBytes(randomBytes)
  6.   Return Convert.ToBase64String(randomBytes)
  7. End Function
And the following would generate the password hash using the SHA512 algorithm that is stored in the database:
Expand|Select|Wrap|Line Numbers
  1. Public Function HashedPassword(Byval salt as String, ByVal providedPassword As String) As String
  2.   Dim passWithSalt =  String.Concat(salt, providedPassword)
  3.   Dim rawPasswordData() As Byte = Encoding.UTF8.GetBytes(passWithSalt)
  4.   Dim sha As New SHA1CryptoServiceProvider()
  5.   Dim reslutingHash As Byte() = sha.ComputeHash(rawPasswordData)
  6.   Return Convert.ToBase64String(reslutingHash)
  7. End Function
  8.  
Now the thing is that the database has to be populated with user names, salts and passwords using the above functions in order for the rest of this to work...

Once you have populated your user table with the salt and password hashes using the above functions, all you have to do upon logging in is:
  • perform a database query that selects the user record from the database with the User Name (or User ID) that the user selected from the combobox
  • if a row was returned, retrieve the salt from the "salt" column and the hashed password from the "password" column
    • (if no row was returned then no user with that user name exists)
  • retrieve what the user entered as a password
  • execute the HashedPassword method with the salt from the database and the password-string that the user provided
  • compare the password hash generated based on what the user provided against the password has retrieved from record ...
    • if they match then they are authenticated and can log in
    • if they don't match then the user did not provide the correct password
Nov 12 '14 #2

Ajay Bhalala
100+
P: 119
Thank you for help.

But I am SY B.Sc.IT student and I don't know more about the vb.net.

I don't know about the HashPassword Method or salt so if another simple way is possible then please told me.

I want to do as follows..
• user have to select the username from the combobox
• and enter the password into the Textbox
• Then by clicking the "Login" button, the new form should be open if the user enter the correct password for the selected username.

I write the code as follows...
Expand|Select|Wrap|Line Numbers
  1. Imports System.Data.OleDb
  2.  
  3. Public Class Login
  4.  
  5.     Public con As New OleDbConnection("Provider=microsoft.jet.oledb.4.0 ; Data Source=E:\Brinda & Jay\Brinda\02 S.Y\VB.NET\My Project\Project.mdb")
  6.     Public qry As String
  7.     Public dr As OleDbDataReader
  8.  
  9.  Private Sub Login_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
  10.         Me.fillcombo()
  11.     End Sub
  12.  
  13.     Sub fillcombo()
  14.         con.Open()
  15.         qry = "select * from UserAccount"
  16.         Dim cmd As New OleDb.OleDbCommand
  17.         cmd.CommandText = qry
  18.         cmd.Connection = con
  19.         dr = cmd.ExecuteReader
  20.         While (dr.Read())
  21.             ComboBox1.Items.Add(dr("UserName"))
  22.         End While
  23.         cmd.Dispose()
  24.         dr.Close()
  25.         con.Close()
  26.     End Sub
  27.  
  28.     Private Sub ComboBox1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles ComboBox1.SelectedIndexChanged
  29.         con.Open()
  30.         qry = "select * from UserAccount where UserName=' " & ComboBox1.Text & " ' "
  31.         Dim cmd As New OleDbCommand
  32.         cmd.CommandText = qry
  33.         cmd.Connection = con
  34.         dr = cmd.ExecuteReader()
  35.         If (dr.Read() = True) Then
  36.             TextBox2.Text = dr("Password")
  37.             'MsgBox("Access")
  38.             'Else
  39.             'MsgBox("No Access Authorized!")
  40.         End If
  41.         cmd.Dispose()
  42.         con.Close()
  43.     End Sub
  44. End Class
  45.  
Please help me on this and say what changes I have to made in this code?
Nov 13 '14 #3

Frinavale
Expert Mod 5K+
P: 9,731
If password security is not a concern because this is a simple project for school then you don't need to worry about password hashes.

However, in the real world it is a VERY terrible idea to store the user's password, as they entered it, into the database as plain text.

To fix that, what is typically stored is a random string that is generated using a cryptography hashing method based on the value that the user entered. The hashing method that I used as an example was the SHA1 algorithm; however, there are several methods available for you to use.

To increase security a little more, salts are used along with the hashing method....


Anyways, it seems like you are just storing plain text so we will continue on that bases...

It may help if you added a button that the user can click to "log-in" after they have finished providing a password.


Then take what you have in this method:
Expand|Select|Wrap|Line Numbers
  1. Private Sub ComboBox1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles ComboBox1.SelectedIndexChanged
And move it to the button click event. Then modify that method to get the text provided by the user and compare it against the password field retrieved from the database for the user.

-Frinny
Nov 13 '14 #4

Ajay Bhalala
100+
P: 119
Thank you so much for the help. It is very useful for me.
Nov 13 '14 #5

Post your reply

Sign in to post your reply or Sign up for a free account.