Member Avatar for ans2007kumar

I created my custom login module for that in login page i write this code

protected void Button1_Click(object sender, EventArgs e)
    {
        string user = TextBox1.Text.Trim(), pass = TextBox2.Text.Trim();
        SqlConnection con = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\my.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
        SqlCommand cmd = new SqlCommand("Select * from Login", con);
        con.Open();
        SqlDataReader dr = cmd.ExecuteReader();
        while (dr.Read())
        {
            if (dr["User_Name"].ToString().Trim() == user)
            {
                if (dr["User_Pass"].ToString().Trim()== pass)
                {
                    if (dr["User_Role"].ToString().Trim() == "Admin")
                    {
                        Session["User"] = dr["User_ID"].ToString();
                        con.Close();
                        FormsAuthenticationTicket ticket1 = new FormsAuthenticationTicket(1, this.TextBox1.Text.Trim(), DateTime.Now, DateTime.Now.AddMinutes(1000), false, "Admin", FormsAuthentication.FormsCookiePath);
                        Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,FormsAuthentication.Encrypt(ticket1)));
                        Response.Redirect("Admin/Map.aspx");
                    }
                    else
                        if (dr["User_Role"].ToString().Trim() == "client")
                        {
                            Session["User"] = dr["User_ID"].ToString();
                            con.Close();
                            FormsAuthenticationTicket ticket1 = new FormsAuthenticationTicket(1, this.TextBox1.Text.Trim(), DateTime.Now, DateTime.Now.AddMinutes(1000), false, "client", FormsAuthentication.FormsCookiePath);
                            Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,FormsAuthentication.Encrypt(ticket1)));
                            Response.Redirect("client/Map.aspx");
                        }
                }                
            }         
        }
        Label3.Visible = true;
        con.Close();
    }

and in Web.config and 1 web .config for each user type
Main Config

<authentication mode="Forms">
      <forms loginUrl="Login.aspx"  timeout="90"  defaultUrl="Login.aspx"/>
    </authentication>
    <authorization>
      <allow roles="Admin"/>
      <allow roles="client"/>
      <deny users="*"/>
    </authorization>

Sub Config

<configuration>
    <appSettings/>
    <connectionStrings/>
    <system.web>
      <authorization>
        <allow roles="Admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
</configuration>

Problem is i am not able to go to my respective hame page ended by redirecting back to ogin page. Please help me with the problem.
Second is when i logout i can go back to previous page using backspace(before applying the authentication)
Third also i can view various page just writting like http:/Localhost:1192/map/Admin it show all the files in that folder even i am not loggin.

  • 3 Contributors
  • 2 Replies
  • 105 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by jasikamarshel
Member Avatar for jasikamarshel

Authorisation menace we assign a role and a authentication menace a user-name and password this way you describe and here a program for that is you use.

Edited by jasikamarshel because: n/a
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.