1

I have a login page in my project which is working correctly. My database (sql server) has 4 fields in which the last one is 'permission', which has 2 values: Admin, User.

I dont know how I should configure my code so that after login, if you are admin, transfer you to the admin page, otherwise go to user page. It means if 'permission' field of a user in data base is 'admin', transfer to admin panel or page.

my C# code behind is:

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;

public partial class content_btn1 : System.Web.UI.Page
{
    protected void btnlogin_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["myconectionstring"].ConnectionString);
        con.Open();
        SqlCommand cmd = new SqlCommand("select * from users_table where Name =@username and Password=@password", con);
        cmd.Parameters.AddWithValue("@username", txtuser.Text);
        cmd.Parameters.AddWithValue("@password", txtpassword.Text);
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        DataTable dt = new DataTable();

        da.Fill(dt);
        if (dt.Rows.Count > 0)
        {  
            Response.Redirect("btn2.aspx");
        }
        else
        {
            lbllogindetails.Text = "Invalid User or Password !!";
        }
    }
}
Improve this question
4
  • Why not just loop through the data table rows and determine which permission access they have? Commented Jun 25, 2014 at 14:37
  • 1
    what if you have 2 rows? what if you get something other than "user"|"admin" . I would change that field to be a bit and then select it. The login control though for aspx projects is fairly robust. You can set what pages are visible and what happens on login for various groups. msdn.microsoft.com/en-us/library/vstudio/… Commented Jun 25, 2014 at 14:38
  • Is this school project? Otherwise, you might want to look at FormAuthentication, ASP.NET Universal Providers, Simple Membership Provider and ASP.Net Identity. They are a lot more solid and secure than hand rolling the authentication by yourself. Commented Jun 25, 2014 at 14:45
  • FWIW the answers still fail to address what happens if there is more than one row? For example can I be in the database with both? Is there a constraint on [username] + [password] that guarantees 1 row will be returned? A simple change of if(dt.Rows.Count == 1) will solve that particular problem... /js Commented Jun 25, 2014 at 14:55

2 Answers 2

Reset to default
3

you can write this code inside your if condition 

 if (dt.Rows.Count > 0)
        { 
       if(dt.Rows[0]["permission"] == "Admin")
        {
         Response.Redirect("admin.aspx");
        }
        else
        {
         Response.Redirect("normal.aspx");
        }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This part of code doesnt work : if(dt.Rows[0]["permission"] == "Admin")
3 
if (dt.Rows.Count > 0)
{  
     if (dt.Rows[0]["permission"] == "Admin")
           Response.Redirect("adminpage.aspx");
     else
        Response.Redirect("userpage.aspx");

}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.