I am trying to add some user authentication to a web application I have. When the user clicks the loadorder button a prompt should show up and request a password. I am getting the employeeNumber from the load order button and comparing it with Sql database.
Public Shared Function SfGetUserPassword(ByVal UserID As String) As System.Data.DataTable
Dim Database As New ACGCommon.Database(System.Configuration.ConfigurationManager.ConnectionStrings("connectionString").ConnectionString)
Database.AddParameter("@UserID", UserID)
Return Database.GetDataSet("data", "gcshopfloor_SfGetEmployeePassword").Tables(0)
End Function
This calls my stored procedure in SQL
Private Function CheckPassword(employeeNumber As String, password As String) As Boolean
Dim dt As DataTable = Users.SfGetUserPassword(tbEmployeeNumber.Text.Trim)
For Each row As DataRow In dt.Rows
If row("UserId").ToString() = employeeNumber AndAlso row("SfUserPassword").ToString() = password Then
' EmployeeNumber and password match, return true
Return True
End If
Next
' EmployeeNumber and/or password do not match, return false
Return False
End Function
'*********************************************************************************
'
'*********************************************************************************
Private Sub btnSubmitPassword_Click(sender As Object, e As EventArgs) Handles btnSubmitPassword.Click
Dim employeeNumber As String = Request.QueryString("tbemployeeNumber")
Dim password As String = Request.QueryString("SfUserPassword")
Dim isPasswordCorrect As Boolean = CheckPassword(employeeNumber, password) ' implement your password check logic here
Response.Write(isPasswordCorrect.ToString().ToLower()) ' send the password check result back to the client-side code
End Sub
This is my password check and submit password button. This will take the SfUserpassword and employee number checking it in the database and return true or false.
My Javascript is what I need help on. When the btnLoadOrder button is clicked I want the password prompt to appear. Correct password can move on and incorrect, keep trying. If the user leaves the page and comes back, I also want to prompt for the password as well. Currently I can’t get the javascript to get the password value and pass it back to the server side. Any thoughts?
<script type="text/javascript">
const loadOrderButton = document.getElementById("<%= btnLoadOrder.ClientID %>");
loadOrderButton.addEventListener("click", (event) => {
const employeeNumber = document.getElementById("<%= tbEmployeeNumber.ClientID %>").value;
console.log(employeeNumber); // you can do something with the employeeNumber value here
event.preventDefault(); // prevent the default behavior of the button
document.getElementById("passwordPanel").style.display = "block";
const submitPasswordButton = document.getElementById("<%= btnSubmitPassword.ClientID %>");
submitPasswordButton.addEventListener("click", (event) => {
const password = document.getElementById("<%= SfUserPassword.ClientID %>").value;
console.log(SfUserPassword)
const xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function () {
if (this.readyState == 4 && this.status == 200) {
const response = this.responseText;
if (response === "true") {
// password is correct, do something here
console.log("Password is correct!");
} else {
// password is incorrect, show error message
document.getElementById("<%= lblPasswordError.ClientID %>").innerHTML = "Incorrect password";
document.getElementById("<%= lblPasswordError.ClientID %>").style.display = "block";
}
}
};
xmlhttp.open("GET", "ShopFloorEntryNew.aspx.vb?UserID=" + employeeNumber + "&password=" + password, true);
xmlhttp.send();
});
});
</script>