I want to retrieve session value(username) from the login page.
I have to verify the user by their username to make the access right control for certain page. In my application, i want to control the access right to "ViewAllProject.aspx" page.
I have save the username in session in login page.
Here is my login code that save username in session:
protected void btnEnter_Click(object sender, EventArgs e)
{
String username = txtUsername.Text;
String password = txtPassword.Text;
if (rdoUser.SelectedItem.Value == "BDE")
{
SqlConnection SQLConn = new SqlConnection(@"Data Source=sawapp501;Initial Catalog=BDAS;Integrated Security=SSPI");
string selectString = "SELECT * FROM BDE WHERE username=@username AND password=@password";
SqlCommand cmd = new SqlCommand(selectString, SQLConn);
//Prevent SQL Injection.
cmd.Parameters.AddWithValue("@username", username);
cmd.Parameters.AddWithValue("@password", password);
SQLConn.Open();
SqlDataReader sdr = cmd.ExecuteReader();
bool found = false;
if (sdr.Read()) found=true;
sdr.Close();
SQLConn.Close();
if (found)
{
Session["user1"] = username;
Response.Redirect("MainPage.aspx");
}
else
{
Response.Write("<script>alert('Invalid Username or Password!!!')</script>");
}
}
In my main page, i have try to retrieve the session value when user click the button that will redirect to "ViewAllProject.aspx" page to control the access to that page.
Below is my coding to control the access right:
protected void btnViewProject_Click(object sender, EventArgs e)
{
if (Session["user1"] == "maria")
{
Response.Redirect("ViewAllProject.aspx");
}
else if (Session["user1"] == "sally")
{
Response.Redirect("ViewAllProject.aspx");
}
else
{
Response.Write("<script>alert('You not permitted to access the page...')</script>");
}
}
When i execute the code, there is no error. But, when i click the button to redirect to the "ViewAllProject.aspx" , it keep respond the message "You not permitted to access the page..." even though i have login as "maria" or "sally" that is the person who have permission to access the page.
I don't know what's wrong because there is no error occur.
Please someone help me...