Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C# .NET security
In my sql db I have permissions to allow users access to different web pages in my app. I have a page where i can dynamically change the permissions of the users during runtime. Can I allow/deny user access without using web.config?
Here's my code so far in a class:
public static int AllowUserAccess(int agentID, string formName)
        {
            SqlDataReader reader;
            int userid = 0;
            try
            {
                conn = OpenConnection();
                comm = new SqlCommand();
                comm.Connection = conn;
                comm.CommandType = CommandType.Text;
                comm.CommandText = "Select a.pkAgentID, PERM.FormName, AGP.fkAgentGroupID, agp.AllowAccess from Agents A inner join AgentGroupPermissions AGP on a.fkAgentGroupID = agp.fkAgentGroupID inner join Permission Perm ON AGP.fkPermissionID = PERM.pkPermissionID WHERE A.pkAgentID = @AgentID AND PERM.FormName = @FormName";
                comm.Parameters.Add("@AgentID", SqlDbType.Int).Value = agentID;
                comm.Parameters.Add("@FormName", SqlDbType.VarChar).Value = formName;
 

                reader = comm.ExecuteReader();
 
                if (reader.IsClosed == false)
                {
                    reader.Close();
                }
 
                return userid;
            }
            catch (Exception ex)
            {
                ex.Message.ToString();
                return userid;
            }
        }
 
In my site.master i wish to get this function and use it to authorize certain permissions once the user logs in. This is what I have so far:
protected void AllowAccess()
       {
           SqlCommand comm = new SqlCommand();
           string id = Request.Params["AgentID"];
           int agentID = Convert.ToInt32(id);
           string form = "";
 
           int access = DataFunctions.AllowUserAccess(agentID, form);
           bool allow = false;
 
           if (allow == true)
           {
 
           }
           else
           {
               Response.Redirect("Login.aspx");
           }
       }
I'm stuck and I do not know what else to do in regards of getting the AllowAccess value and then getting a path or to show the specific web pages for each particular user.
Posted 26-Nov-12 1:15am
Edited 26-Nov-12 1:20am
v2
Comments
ryanb31 at 26-Nov-12 8:49am
   
What's the issue? It looks like you have code to validate whether or not they can access a page. What's wrong?

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

change your permissions with Ajax ; first make a page that can change permissions when you send a quarry string then send id in client side to that page ...
hope help full
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 278
1 Nguyen.H.H.Dang 230
2 Maciej Los 205
3 Peter Leow 195
4 arvind mepani 187


Advertise | Privacy | Mobile
Web01 | 2.8.140709.1 | Last Updated 26 Nov 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid