Click here to Skip to main content
15,867,305 members
Please Sign up or sign in to vote.
2.50/5 (2 votes)
See more: , +
Hi friends, am working on asp.net C# SqlServer 2005.

here, i want to avoid SQL Injections during users login..So i wrote stored procedure for this. its works perfect.

But my requirement is I have 2 UserTypes while login
1)User
2)Admin

I have created only User access. But am unable to understand, how to use 2 usertypes based on if condition.

This is my SQL Stored Procedure
--------------------------------
SQL
set ANSI_NULLS ON
set QUOTED_IDENTIFIER ON
go

ALTER PROCEDURE [dbo].[CHECK_UserInfo_Proc]
                        @USERNAME VARCHAR(50),
                        @PASSWORD VARCHAR(50)
AS
BEGIN
 SELECT * FROM UserInformation WHERE USERNAME COLLATE Latin1_general_CS_AS =@USERNAME AND [PASSWORD] COLLATE Latin1_general_CS_AS=@PASSWORD
END



In Sql table I have fields as Id,UserName,Password,UserType,MobileNo.


and this is my ASP.net Login page code(Login button Click)

C#
protected void BtnLogin_Click(object sender, ImageClickEventArgs e)
   {
       DataTable dt = new DataTable();
       try
       {
           SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["CollegeDBConnectionString"].ConnectionString);
           SqlDataAdapter adp = new SqlDataAdapter("CHECK_UserInfo_Proc", con);
           adp.SelectCommand.CommandType = CommandType.StoredProcedure;
           adp.SelectCommand.Parameters.Add("@USERNAME", SqlDbType.VarChar, 50).Value = TxtUserName.Text.Trim();
           adp.SelectCommand.Parameters.Add("@PASSWORD", SqlDbType.VarChar, 50).Value = TxtPassword.Text.Trim();
           adp.Fill(dt);


           if (dt.Rows.Count > 0)
           {

               Response.Redirect("~/User/Home.aspx");

           }
           else
           {

               ScriptManager.RegisterStartupScript(this, this.GetType(), "RunCode", "javascript:alert('Invalid UserName or Password');", true);
           }
       }
       catch (Exception ex)
       {
           Response.Write("Error occured : " + ex.ToString());
       }
       finally
       {
           dt.Clear();
           dt.Dispose();
       }
   }


Please can you help me, how to create multiple usertypes based on condition.
If it is admin --- the pages must redirect to admin pages
if it is user --- the pages must redirect to User pages

help is required Thanks in advance.
Posted
Updated 8-Mar-14 23:59pm
v2

First of all - your query must return 0 or 1 records exactly, so check for it and not for large than 0...
After got your record ask about you user type, like
C#
if(dt.Rows[0]["user_type"] == "admin")
{
  // goto admin page
}
else
{
  // goto user page
}
 
Share this answer
 
Comments
Software Engineer 892 9-Mar-14 7:26am    
Sir, I need like this...

if UserType is admin -----> redirect to admin pages
if UserType is User ---> redirect to UserPages

If UserName and Password is wrong then display message as ...Invalid UserName or Password.

Please help its urgent.
Kornfeld Eliyahu Peter 9-Mar-14 7:29am    
If you put together what you had and what I added you have all the answers...
Use output parameter for condition checking for user and admin in the stored procedure.
 
Share this answer
 
Hi,
In your stored prodeure you are fetching the values of username and password.So you can check like type of user is entering to your application.If its admin then redirect to admin page or if normal user then redirect to user page. Like
C#
SqlDataAdapter da = new SqlDataAdapter();
        DataSet ds = new DataSet();
        da.Fill(ds);
        string username = ds.Tables[0].Rows[0]["username"].ToString();
        string password = ds.Tables[0].Rows[0]["password"].ToString();
        if (username == "admin")
        {
            if (username == txtUsername.Text && password == txtPassword.Text)
            {
                Response.Redirect("admin.aspx");
            }
        }
        else
        {
            if (username != "admin")
            {
                if (username == txtUsername.Text && password == txtPassword.Text)
                {
                    Response.Redirect("home.aspx");
                }
                else
                {
                    ScriptManager.RegisterStartupScript(this, this.GetType(), "RunCode", "javascript:alert('Invalid UserName or Password');", true);
                }
            }            
        }
 
Share this answer
 
Hai
In ur user UserInformation table u need to capture UserType field like if it Admin capture Admin and if it ordinary user capture Normal in UserType field in database and then try like this

C#
protected void BtnLogin_Click(object sender, ImageClickEventArgs e)
    {
        DataTable dt = new DataTable();
        try
        {
            SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["CollegeDBConnectionString"].ConnectionString);
            SqlDataAdapter adp = new SqlDataAdapter("CHECK_UserInfo_Proc", con);
            adp.SelectCommand.CommandType = CommandType.StoredProcedure;
            adp.SelectCommand.Parameters.Add("@USERNAME", SqlDbType.VarChar, 50).Value = TxtUserName.Text.Trim();
            adp.SelectCommand.Parameters.Add("@PASSWORD", SqlDbType.VarChar, 50).Value = TxtPassword.Text.Trim();
            adp.Fill(dt);
 

            if (dt.Rows.(0)("UserType")="Admin")
            {
             
                Response.Redirect("~/Admin/Home.aspx");//Here redirect to Admin page
                
            }
elseif(dt.Rows.(0)("UserType")="Normal")
{

 Response.Redirect("~/User/Home.aspx");//Here redirect to User page
}
            else
            {
               
                ScriptManager.RegisterStartupScript(this, this.GetType(), "RunCode", "javascript:alert('Invalid UserName or Password');", true);
            }


        }
        catch (Exception ex)
        {
            Response.Write("Error occured : " + ex.ToString());
        }
        finally
        {
            dt.Clear();
            dt.Dispose();
        }
    }


Regards
Aravind
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900