Modifying a password through stored procedure in ASP.NET

Chris Sells

Published: 09 Feb 2004

I have three textboxes: username, password new password and I want to modify the password through stored procedure in ASP.NET. How do I do this?
There are a couple different ways of doing this. The most efficient would be to use a single stored procedure that would check current username/password and then update if appropriate. It would return a value indicating success/failure, and its cause. In this case, 0 could be "updated successfully", 1 could be "invalid user name", and 2 "invalid current password":


ALTER PROCEDURE UpdatePassword
 (
  @username varchar (50),
  @password varchar (10), 
  @newpassword varchar (10)
 )
AS

IF NOT EXISTS(SELECT Password FROM Users WHERE UserName=@username)
 RETURN 1
IF NOT EXISTS(SELECT Password FROM Users WHERE UserName=@username AND Password=@password)
 RETURN 2

UPDATE Users SET Password=@newpassword WHERE UserName=@username AND Password=@password
RETURN 0

You can execute this SP with the following code:

IDbConnection cn = new System.Data.SqlClient.SqlConnection("Data Source=.;Database=Dottext;Integrated Security=true;");
IDbCommand cmd = cn.CreateCommand();
cmd.CommandText = "UpdatePassword";
cmd.CommandType = CommandType.StoredProcedure;

IDbDataParameter prm = cmd.CreateParameter();
prm.ParameterName = "@username";
prm.Value = txtUserName.Text;
cmd.Parameters.Add( prm );

prm = cmd.CreateParameter();
prm.ParameterName = "@password";
prm.Value = txtPassword.Text;
cmd.Parameters.Add( prm );

prm = cmd.CreateParameter();
prm.ParameterName = "@newpassword";
prm.Value = txtNewPassword.Text;
cmd.Parameters.Add( prm );

prm = cmd.CreateParameter();
prm.Direction = ParameterDirection.ReturnValue;
cmd.Parameters.Add( prm );

cn.Open();
cmd.ExecuteNonQuery();
int result = (int) prm.Value;

switch (result)
{
  case 0:
    //Everything OK
    break;
  case 1:
    //Username wrong
    break;
  case 2:
    //Current pwd wrong
    break;
}

I suggest you use the latest Microsoft Data Access Application block instead of manually doing all this: http://msdn.microsoft.com/library/en-us/dnbda/html/daab-rm.asp.

Actually, you should take a look at all application blocks, as they usually solve frequent problems you will find in a consistent, well-documented and best-practices-based way.

Modifying a password through stored procedure in ASP.NET

Dig Deeper on ASP.NET development best practices

How to attach databases to custom SQL Server containers

A Red Hat Satellite tutorial to install an update server

VMware vSphere Command Line Interface: Using vCLI for ESXi management

Customizing VMware Site Recovery Manager recovery plans with VMware PowerCLI scripts

Related Q&A from Chris Sells

Moving from non-secure to secure pages without losing valid session

Difficulty with Response.redirect method

Where is the IIS Manager?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudComputing

Don't miss these multi-cloud management tools and tips

Compare web and mobile testing tools from AWS, Microsoft and Google

Cloud conferences to watch out for in 2020

SearchSoftwareQuality

How to use Selenium IDE for record and playback testing

New tool fixes app accessibility glitches

Synopsys Code Sight combines SAST, SCA testing in the IDE

TheServerSide.com

Why the 8 Java primitive data types are not objects

A brief history of Java: How it forever changed programming

How to properly perform Java String comparisons

SearchCloudApplications

SOASTA’s Lounibos talks iOS6, mobile predictions