I think that you are faced with the fact that the label is on the main page.
protected void Page_Load(object sender, EventArgs e) { if(!Page.IsPostBack) { var welcomeLabel = Page.Master.FindControl("lblWelcome") as Label; SetName(welcomeLabel); } }
Here's a handwritten login template:
protected void SetName(Label welcomeLabel) { //this is the type of thing you'd probably wanna do in the Global.asax on session start if (Session["userName"] == null || !Login()) return; //session variable is empty and the login attempt failed, give up var usersName = Session["userName"].ToString(); welcomeLabel.Text = usersName; } protected bool Login() { const string query = "SELECT Name FROM Users WHERE Password = @Password AND UserName = @UserName"; using (var conn = new SqlConnection(connectionString)) { using (var comm = new SqlCommand(query, conn)) { comm.CommandType = CommandType.Text; comm.Parameters.Add(new SqlParameter("@Password", password)); //or get this from a control or wherever comm.Parameters.Add(new SqlParameter("@UserName", userName)); //or get this from a control or wherever conn.Open(); var name = (string)comm.ExecuteScalar(); if (!string.IsNullOrEmpty(name)) { Session["userName"] = name; return true; } //"Login information is wrong or user doesn't exist. return false; } } }
So, all we do is search our database for a match between username and password. The username must be unique, so it seems like your primary key, the AND filter just ensures that the passwords match the username. Plain.
Generally speaking, I think you should keep a little more user information in the session to make it worthwhile. Usually I create some form of user object so that I can hit it whenever I need it, and then all of it is fully accessible through the user object. I think the Windows Membership classes are trying to help, but I do not like to use them if I do not authenticate with Windows. But that is just preference.