Hello forum,
Currently the login code is for Roles that were created by manually inserting the RolesId and Role Names into the Roles Table.
Now what if after publishing a website, I decide to create and add another Role by inserting the Role Name into Roles Table and give the newly created role some limited authority to perform activities on the website, How will the user with such role be able to navigate to the page where he or she has authority?
Is it going to be that I add code to the page load event of the page that I want the new role to access?
This question just crossed my mind and I thought I should ask, at least for learning purpose. Or could it be that default roles are used for login and navigate to homepage?
If Roles are dynamically added from a web page (client side), How will the below login code look like, please?
protected void ValidateUser(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(txtUsername.Text) & !string.IsNullOrEmpty(txtPassword.Text))
{
string connectionString = ConfigurationManager.ConnectionStrings["constr"].ConnectionString;
using (SqlConnection con = new SqlConnection(connectionString))
{
using (SqlCommand cmd = new SqlCommand("SELECT UserId FROM User_Login WHERE Email = @Email AND Password = @Password", con))
{
con.Open();
cmd.Parameters.AddWithValue("@Email", txtUsername.Text.Trim());
cmd.Parameters.AddWithValue("@Password", txtPassword.Text.Trim());
string Id = Convert.ToString(cmd.ExecuteScalar());
con.Close();
if (!string.IsNullOrEmpty(Id))
{
string User_Login = "";
using (SqlCommand cmd1 = new SqlCommand("SELECT UserId FROM User_Login WHERE UserId = @UserId"))
{
cmd1.CommandType = CommandType.Text;
cmd1.Parameters.AddWithValue("@UserId", Id);
cmd1.Connection = con;
con.Open();
User_Login = Convert.ToString(cmd1.ExecuteScalar());
con.Close();
}
if (!string.IsNullOrEmpty(User_Login))
{
int user = 0;
using (SqlCommand cmd2 = new SqlCommand("SELECT UserId FROM User_Login WHERE Password = @Password AND Email = @Email AND Password = @Password"))
{
cmd2.CommandType = CommandType.Text;
cmd2.Parameters.AddWithValue("@Email", txtUsername.Text.Trim());
cmd2.Parameters.AddWithValue("@Password", txtPassword.Text.Trim());
cmd2.Connection = con;
con.Open();
user = Convert.ToInt32(cmd2.ExecuteScalar());
con.Close();
}
if (user > 0)
{
Session["user"] = Id;
con.Open();
string query = "SELECT LastLogin, IsActive from User_Login WHERE UserId = @UserId";
using (SqlCommand cmd3 = new SqlCommand(query, con))
{
cmd3.Parameters.AddWithValue("@UserId", Session["user"]);
Session["LastLogin"] = Convert.ToDateTime(cmd3.ExecuteScalar());
}
string UpdateLog = @"UPDATE User_Login SET LastLogin=@dateandtime, IsActive=@IsActive WHERE UserId = @UserId";
using (SqlCommand cmd4 = new SqlCommand(UpdateLog, con))
{
cmd4.Parameters.AddWithValue("@dateandtime", DateTime.UtcNow);
cmd4.Parameters.AddWithValue("@IsActive", "1");
cmd4.Parameters.AddWithValue("@UserId", Session["user"]);
cmd4.ExecuteNonQuery();
}
con.Close();
}
SqlCommand cmd5 = new SqlCommand("SELECT RoleName From [RoleTable] WHERE RoleId = @RoleId",con);
cmd5.Parameters.AddWithValue("@RoleId", Id);
DataTable dt = new DataTable();
SqlDataAdapter sda = new SqlDataAdapter(cmd5);
sda.Fill(dt);
if (dt.Rows.Count > 0)
{
string role = dt.Rows[0]["RoleName"].ToString().Trim().ToLower();
if (role == "superadmin")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("~/AdminFolder/AdminPage.aspx");
}
else if (role == "admin")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("~/AdminFolder/AdminPage.aspx");
}
else if (role == "superuser")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("~/Home.aspx");
}
else if (role == "user")
{
Session["user"] = Id;
FormsAuthentication.RedirectFromLoginPage(Id, true);
Response.Redirect("~/Home.aspx");
}
else
{
Response.Redirect("~/Login.aspx");
}
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Account has not been activated";
txtPassword.Text = "";
txtPassword.Focus();
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "Invalid Login Details";
txtPassword.Text = "";
txtPassword.Focus();
}
}
}
}
else
{
dvMessage.Visible = true;
lblMessage.Visible = true;
lblMessage.ForeColor = System.Drawing.Color.Red;
lblMessage.Text = "All Fields are Required";
}
}
I just want to know. Thank you
