In my sql db I have permissions to allow users access to different web pages in my app. I have a page where i can dynamically change the permissions of the users during runtime. Can I allow/deny user access without using web.config?
Here's my code so far in a class:
public static int AllowUserAccess(int agentID, string formName)
{
SqlDataReader reader;
int userid = 0;
try
{
conn = OpenConnection();
comm = new SqlCommand();
comm.Connection = conn;
comm.CommandType = CommandType.Text;
comm.CommandText = "Select a.pkAgentID, PERM.FormName, AGP.fkAgentGroupID, agp.AllowAccess from Agents A inner join AgentGroupPermissions AGP on a.fkAgentGroupID = agp.fkAgentGroupID inner join Permission Perm ON AGP.fkPermissionID = PERM.pkPermissionID WHERE A.pkAgentID = @AgentID AND PERM.FormName = @FormName";
comm.Parameters.Add("@AgentID", SqlDbType.Int).Value = agentID;
comm.Parameters.Add("@FormName", SqlDbType.VarChar).Value = formName;
reader = comm.ExecuteReader();
if (reader.IsClosed == false)
{
reader.Close();
}
return userid;
}
catch (Exception ex)
{
ex.Message.ToString();
return userid;
}
}
In my site.master i wish to get this function and use it to authorize certain permissions once the user logs in. This is what I have so far:
protected void AllowAccess()
{
SqlCommand comm = new SqlCommand();
string id = Request.Params["AgentID"];
int agentID = Convert.ToInt32(id);
string form = "";
int access = DataFunctions.AllowUserAccess(agentID, form);
bool allow = false;
if (allow == true)
{
}
else
{
Response.Redirect("Login.aspx");
}
}
I'm stuck and I do not know what else to do in regards of getting the AllowAccess value and then getting a path or to show the specific web pages for each particular user.