I am trying to implement a Login validation using C# 2005 in ASP.net 2.0 web application. The SQL Server database contains a table named "UserList" with columns LoginId, Password and Role. The Login webform should authenticate the LoginId and password and depending upon the Role assigned to that user/visitor should redirect to a specific webform with a pre-defined
menu options. The role might be Admin, DEO, Accounts or Member. How should I implement it? I have tried the following:
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
try
{
string uname = Login1.UserName.Trim();
string password = Login1.Password.Trim();
int flag = AuthenticateUser(uname, password);
if (flag == 1)
{
e.Authenticated = true;
Login1.DestinationPageUrl = "~/MenuAdmin.aspx";
}
else if (flag == 2)
{
e.Authenticated = true;
Login1.DestinationPageUrl = "~/MenuDEO.aspx";
}
else if (flag == 3)
{
e.Authenticated = true;
Login1.DestinationPageUrl = "~/MenuAccts.aspx";
}
else if (flag == 4)
{
e.Authenticated = true;
Login1.DestinationPageUrl = "~/MenuMember.aspx";
}
else
{
e.Authenticated = false;
}
}
catch (Exception)
{
e.Authenticated = false;
}
}
private int AuthenticateUser(string uname, string password)
{
int bflag = 0;
string connString = ConfigurationManager.ConnectionStrings["LoginDemoConnString"].ConnectionString;
string strSQL = "Select * FROM UserList where ULoginId ='" + uname + "' AND UPassword ='" + password + "'";
DataTable dt = new DataTable();
SqlConnection m_conn;
SqlDataAdapter m_dataAdapter;
try
{
m_conn = new SqlConnection(connString);
m_conn.Open();
m_dataAdapter = new SqlDataAdapter(strSQL, m_conn);
m_dataAdapter.Fill(dt);
m_conn.Close();
}
catch (Exception ex)
{
dt = null;
}
finally
{
//m_conn.Close();
}
if (dt.Rows.Count > 0)
{
if (dt.Rows[0][3].ToString() == "Administrator")
bflag = 1;
else if (dt.Rows[0][3].ToString() == "DEO")
bflag = 2;
else if (dt.Rows[0][3].ToString() == "Accts")
bflag = 3;
else
bflag = 4;
}
return bflag;
}