ASP Login Script

I have been working on this script for logging into my website for quite some time now, and can't seem to get it working right. If anyone can help, I'd greatly appreciate it. Alright, the code is listed below:

The connection always fails, and if i use on error resume next, it only gives "Incorrect Username."

Hi ! I can't understand in your Coding . So I put my Coding you Find the Solution From Here. I hope it will Help You.

Imports System.Data.SqlClient
Imports System.Web.Security
Imports System.Data

Partial Class Logon
Inherits System.Web.UI.Page

Private Function ValidateUser(ByVal userName As String, ByVal passWord As String) As Boolean
Dim conn As SqlConnection
Dim cmd As SqlCommand
Dim lookupPassword As String

lookupPassword = Nothing

' Check for an invalid userName.
' userName must not be set to nothing and must be between one and 15 characters.
If ((userName Is Nothing)) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of userName failed.")
Return False
End If
If ((userName.Length = 0) Or (userName.Length > 15)) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of userName failed.")
Return False
End If

' Check for invalid passWord.
' passWord must not be set to nothing and must be between one and 25 characters.
If (passWord Is Nothing) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of passWord failed.")
Return False
End If
If ((passWord.Length = 0) Or (passWord.Length > 25)) Then
System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of passWord failed.")
Return False
End If

Try
' Consult with your SQL Server administrator for an appropriate connection
' string to use to connect to your local SQL Server.
conn = New SqlConnection(ConfigurationManager.ConnectionStrin gs("SQLConnStr").ConnectionString)
conn.Open()

' Create SqlCommand to select pwd field from the users table given a supplied userName.
cmd = New SqlCommand("SELECT Password, Username FROM Users WHERE Username=@userName AND Password=@passWord", conn)
cmd.Parameters.Add("@userName", SqlDbType.VarChar, 25)
cmd.Parameters("@userName").Value = userName
cmd.Parameters.Add("@passWord", SqlDbType.VarChar, 25)
cmd.Parameters("@passWord").Value = passWord


' Execute command and fetch pwd field into lookupPassword string.
lookupPassword = cmd.ExecuteScalar()

' Cleanup command and connection objects.
cmd.Dispose()
conn.Dispose()
Catch ex As Exception
' Add error handling here for debugging.
' This error message should not be sent back to the caller.
System.Diagnostics.Trace.WriteLine("[ValidateUser] Exception " & ex.Message)
End Try

' If no password found, return false.
If (lookupPassword Is Nothing) Then
' You could write failed login attempts here to the event log for additional security.
Return False
End If

' Compare lookupPassword and input passWord by using a case-sensitive comparison.
Return (String.Compare(lookupPassword, passWord, False) = 0)

End Function

Private Sub cmdLogin_ServerClick(ByVal sender As Object, ByVal e As System.EventArgs) Handles cmdLogin.ServerClick
If ValidateUser(txtUserName.Value, txtUserPass.Value) Then
Dim tkt As FormsAuthenticationTicket
Dim cookiestr As String
Dim ck As HttpCookie

tkt = New FormsAuthenticationTicket(1, txtUserName.Value, DateTime.Now(), DateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "your custom data")
cookiestr = FormsAuthentication.Encrypt(tkt)
ck = New HttpCookie(FormsAuthentication.FormsCookieName(), cookiestr)
If (chkPersistCookie.Checked) Then ck.Expires = tkt.Expiration
ck.Path = FormsAuthentication.FormsCookiePath()
Response.Cookies.Add(ck)

Dim strRedirect As String
strRedirect = Request("ReturnURL")
If strRedirect <> "" Then
Response.Redirect(strRedirect, True)
Else
strRedirect = "Default.aspx"
Response.Redirect(strRedirect, True)
End If
Else
Response.Redirect("Logon.aspx", True)
End If
End Sub

End Class

Try this..

I can't understand the logic behind the code that you have shared, kindly make it simple and logical.