Hide controls and redirecting with Forms Authentication in ASP.Net

Hello Forum,

I recently used an idea from an existing code that selects user Id and Roles from Users database table. I used this and wrote a code to hide some controls based on these Roles and also used the same idea to redirect an admin if the admin tries to enter a page meant for SuperAdmin, and it’s all working, but bearing in mind that all these is done with and inside Forms Authentication.

But my greatest concern is, if I will not have issues as time passes. So, I ask that you please take a look at the code to see if I will not have issues later on?

PLEASE JUST HELP ME CHECK IF I DID THE RIGHT THING.

Thank you

Here is the code that hides controls

protected void Page_Load(object sender, EventArgs e)
{
    if (this.Page.User.Identity.IsAuthenticated && Session["user"] != null)
    {
        lblMessage.Text = Session["user"].ToString();
        Showdata();
        Showdata2();
 
    }
    else
    {
        Response.Redirect("Login.aspx");
    }
    Response.Cache.SetCacheability(HttpCacheability.NoCache);
    Response.Cache.SetExpires(DateTime.Now.AddSeconds(-1));
    Response.Cache.SetNoStore();
    Response.AppendHeader("Pragma", "no-cache");
}
public void Showdata()
{
    string connectionString = ConfigurationManager.ConnectionStrings["ConString"].ConnectionString;
    using (SqlConnection con = new SqlConnection(connectionString))
    {
        cmd.CommandText = "SELECT RoleId FROM Users WHERE Id= '" + Session["user"] + "'";
        {
            con.Open();
            cmd.Connection = con;
            SqlDataReader sdr = cmd.ExecuteReader();
            string RoleId = string.Empty;
            if (sdr.Read())
            {
                RoleId = Convert.ToString(sdr["RoleId"]);
                con.Close();
            }
            SqlCommand cmd2 = new SqlCommand("SELECT RoleName From [RoleTable] WHERE RoleId = @RoleId", con);
            con.Open();
            cmd2.Parameters.AddWithValue("@RoleId", RoleId);
            DataTable dt = new DataTable();
            SqlDataAdapter sda = new SqlDataAdapter(cmd2);
            sda.Fill(dt);
            if (dt.Rows.Count > 0)
            {
                string roles = dt.Rows[0]["RoleName"].ToString().Trim().ToLower();
                if (roles == "superadmin")
                {
                    LinkButton2.Visible = true;
                }
                else if (roles == "admin")
                {
                    LinkButton2.Visible = false;
                }
            }
        }
    }
}

Code that redirects if user is NOT a SuperAdmin

public void Showdata2()
{
    string connectionString = ConfigurationManager.ConnectionStrings["ConString"].ConnectionString;
    using (SqlConnection con = new SqlConnection(connectionString))
    {
        cmd.CommandText = "SELECT RoleId FROM Users WHERE Id= '" + Session["user"] + "'";
        {
            con.Open();
            cmd.Connection = con;
            SqlDataReader sdr = cmd.ExecuteReader();
            string RoleId = string.Empty;
            if (sdr.Read())
            {
                RoleId = Convert.ToString(sdr["RoleId"]);
                con.Close();
            }
            SqlCommand cmd2 = new SqlCommand("SELECT RoleName From [RoleTable] WHERE RoleId = @RoleId", con);
            con.Open();
            cmd2.Parameters.AddWithValue("@RoleId", RoleId);
            DataTable dt = new DataTable();
            SqlDataAdapter sda = new SqlDataAdapter(cmd2);
            sda.Fill(dt);
            if (dt.Rows.Count > 0)
            {
                string roles = dt.Rows[0]["RoleName"].ToString().Trim().ToLower();
                if (roles == "SuperAdmin")
                {
 
                }
                else if (roles == "admin")
                {
                    Response.Redirect("Login.aspx");
                }
            }                  
        }
    }
}

Web.config

<configuration>
  <connectionStrings>
    <add name="ConString" connectionString="Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\user\source\repos\MyNewLoginTest\MyNewLoginTest\App_Data\MyNewLogin.mdf;Integrated Security=True;" />
  </connectionStrings>
  <appSettings>
    <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
  </appSettings>
  <system.web>
    <sessionState timeout="60"></sessionState>
    <authentication mode="Forms">
      <forms name="login" timeout="60" cookieless="UseCookies" loginUrl="Login.aspx" slidingExpiration="true" />
    </authentication>
    <authorization>
      <deny users="?"/>
    </authorization>
    <compilation debug="true" targetFramework="4.7.2" />
    <httpRuntime targetFramework="4.7.2" />
  </system.web>
  <location path="Signup.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Default.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701" />
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
    </compilers>
  </system.codedom>
</configuration>