c# - How to determine the user role that received from database if admin or not -
i want to take user name , password database , user role according inserted user name , password code not work
public bool login(out string msg) { bool b = true; msg = ""; sqlconnection con = new sqlconnection(connection.connectstr); try { con.open(); sqlcommand com = new sqlcommand("user_proc", con); com.commandtype = commandtype.storedprocedure; com.parameters.add("@u_name", sqldbtype.nvarchar).value = this.u_name; com.parameters.add("@u_password", sqldbtype.nvarchar).value = this.u_password; com.executenonquery(); con.close(); b = true; } catch (exception ex) { con.close(); msg = ex.message; b = false; } return b; } and c# code should check role database , redirect me server page if admin , client page if not:-
protected void btn_login_click(object sender, eventargs e) { my_user u = new my_user(); u.u_name = textbox1.text; u.u_password = textbox2.text; string m=""; if (!u.login(out m)) { lbl_role.text = "error"; } else { if (u.u_role == "admin") { response.redirect("testclient.aspx"); } else response.redirect("testserver.aspx"); } } and database procedure performs task is:
create procedure user_proc (@u_name nvarchar(50) , @u_password nvarchar(50), @u_role nvarchar(50)) begin begin try begin transaction if exists (select u_role user_sys u_name=@u_name , u_password= @u_password) commit end try begin catch rollback declare @msg varchar(200) set @msg = error_message() raiserror(@msg , 16 , 1) end catch end
hehe , look, there's no need complicated
in db have user table name,pass , role
so, role admin or not
then, suggest in app check sqlexecutescalar
public bool isadmin(string u_name, string u_password) { string role=""; string sql = "select u_role user_sys u_name=@u_name , u_password= @u_password"; using (sqlconnection conn = new sqlconnection(connection.connectstr)) { sqlcommand cmd = new sqlcommand(sql, conn); cmd.parameters.add(new sqlparameter("@u_name", u_name)); cmd.parameters.add(new sqlparameter("@u_password", u_password)); try { conn.open(); role = cmd.executescalar().tostring(); } catch (exception ex) { //handle error } } return role == "admin"; } finally call it
string u_name = textbox1.text; string u_password = textbox2.text; if (isadmin(u_username,u_password)) //it admin else //it not admin bye bye , have fun !
Comments
Post a Comment