Click here to Skip to main content
15,891,864 members
Search within:


Hi, can I ask help? What I am going to do? I want a login form based on there usertype or role in Microsoft C# using Microsoft access database
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
C#
I dont know how to Code it.i dont know how to login based on users Roles

What I have tried:

try
{
connection.ConnectionString = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\dhdum\Documents\Ediwow.mdb;Persist Security Info= False";
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "SELECT UserType FROM Table1 WHERE User ='" + textBox1.Text.Trim() + "' AND Password = '" + textBox2.Text + "'" ; ;

OleDbDataReader reader = command.ExecuteReader();





int Count = 0;
while (reader.Read())
{
Count = Count + 1;
}
if(dt.Rows.Count > 0)
UserType = dt.Rows[0]["UserType"].ToString().Trim();
if (textBox1.Text == "Admin" && textBox2.Text =="Admin")
{
MessageBox.Show("Welcome Admin");
connection.Close();
this.Hide();
ADMIN_PAGE ADMIN_PAGE = new ADMIN_PAGE();
ADMIN_PAGE.ShowDialog();
}


if (UserType == "Admin")
{

MessageBox.Show("Welcome Teahcer");

connection.Close();
this.Hide();
TEACHER_START_UP TEACHER_START_UP = new TEACHER_START_UP();
TEACHER_START_UP.ShowDialog();



}
else
MessageBox.Show("Username or Password do not match");
textBox1.Text = "";
textBox2.Text = "";
textBox1.Focus();
connection.Close();


}
catch (Exception ex)
{
MessageBox.Show("Error" + ex);
connection.Close();



}
}
Posted
Updated 7-Dec-18 6:31am
Add a Solution

2 solutions

Not like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
SQL
DROP TABLE MyTable;
A perfectly valid "delete the table" command
SQL
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

And while we're at it, never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
 
Share this answer
 
Posted
You have set yourself up an essentially irreconcilable task.

  • You want to log-on a user based upon their identity.
  • You don't know who the user is until they log-on.

These two concepts cannot both be satisfied concurrently. You need to decide where to cut your requirements. The obvious place is a straight and very simple log-on sufficient to identify the user. That gives you the key to their role so you may customize the rest of the procedure.

Unless you just want to ask them . . . !
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Get Server Date in Microsoft Access BD
Login in java show all user and all usertype
Windows forms - adding local users to localhost/security/logins in Microsoft SQL server management studio
Role Based Security
Forms Authentication & Role base Access
How do I access a database
How do I redirect to different page after login based on user's role using form authentication?
I need help I am new to creating websites and need help in coding a website that will store user logins in a database when they sign up.
Login using Access Database
How can I authentication a user login with username, password and usertype

Advertise
Privacy
Cookies
Terms of Use
Last Updated 7 Dec 2018
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900