How can I achieve restricting content pages to USER and ADMIN in C#

Question

0.00/5 (No votes)

See more:

Hi How can I achieve Restricting content pages to USER and ADMIN in C#.I have made all the Contents inside Admin folder and The needed pages inside User folder,Is this the right way to do,if not help me with your ideas

What I have tried:

C#

<pre>using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Web.Security;
namespace Webapp25
{
    public partial class Loginpage : System.Web.UI.Page
    {
        SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["sqlconnection"].ConnectionString);
        protected void Page_Load(object sender, EventArgs e)
        {
            Session["username"] = txtUserName.Text;
            HttpCookie _infoCookie = new HttpCookie("InfoCookie");
            _infoCookie["LoginDate"] = DateTime.Now.ToString();
            Response.Cookies.Add(_infoCookie);
        }
        public void CleartextBoxes(Control parent)
        {

            foreach (Control c in parent.Controls)
            {
                if ((c.GetType() == typeof(TextBox)))
                {

                    ((TextBox)(c)).Text = "";

                }

                if (c.HasControls())
                {
                    CleartextBoxes(c);
                }
            }
        }

        protected void txtusername_TextChanged(object sender, EventArgs e)
        {

        }

        protected void btlogin_Click(object sender, EventArgs e)
        {
            cn.Open();
            SqlCommand cmd = new SqlCommand("Select * from Adduser where Username =@username and Password=@password", cn);
            cmd.Parameters.AddWithValue("@username", txtUserName.Text);
            cmd.Parameters.AddWithValue("@password", txtPwd.Text);
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            da.Fill(dt);
            if (dt.Rows.Count > 0)
            {

                Response.Redirect("Default.aspx");
            }
            else
            {
                ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Invalid Username and Password')</script>");

            }
            CleartextBoxes(this);
            if (System.Web.Security.Roles.IsUserInRole(txtUserName.Text, "ADMIN"))
    {
              Response.Redirect("~/ADMIN/");
    }    
            
            else
            {
                Response.Redirect("");
            }
        }

        protected void btnsp_Click(object sender, EventArgs e)
        {
            Response.Redirect("Signup.aspx");
        }
       
        }

Posted 31-Jan-17 22:46pm

Member 12605293

Updated 31-Jan-17 23:01pm

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Vincent Maverick Durano · Answer 1 · 2017-01-31T23:01:00

Solution 1

There are plenty of examples that demonstrate this in the web. Just google the term "asp.net role-based authorization". Here's one example that I found: Role-Based Authorization (C#) | The ASP.NET Site[^]

Posted 31-Jan-17 23:01pm

Vincent Maverick Durano

Comments

Member 12605293 1-Feb-17 5:09am

Hi Vincent
Thanks for your quick reply,Yes I have found many solutions as you said but I want this do be done in C# coding(which was been followed in olden days) inside button event of the login page

Vincent Maverick Durano 1-Feb-17 5:22am

redirecting to Admin pages based on "admin" role should work. But think about this, how do you prevent unauthorize access when someone types the url directly to the browser? Well you could probably make a checking on every page load of each page to check for roles, but it's a pain in the ass. You could however make a base class that does the role checking and then make your page inherit to that base class.

Member 12605293 1-Feb-17 5:27am

Hey bro
Getting your point.I have to make this in C# and can you share a piece of code based on your view.Thanks for your time.

Vincent Maverick Durano 1-Feb-17 5:49am

Just like what yo did in your login: For example at page_load of your admin pages you can do:

    if (!System.Web.Security.Roles.IsUserInRole(userName, "ADMIN"))
    {
              Response.Redirect("~/UnAthorizeAccess.aspx");
    }