Click here to Skip to main content
12,072,809 members (72,602 online)
Rate this:
 
Please Sign up or sign in to vote.
See more: ASP.NET
Dear All,
In my web project
i hv three type of user in my database 1.user,2.super user 3. admin.(my user database field is like this: ID,Name,User_Name,Password,User_Type).

Now, when any user login in the system then how can i check "what type of user he is?? becoz
if i check the user type then i can enable the EDIT/Delete option for admin user. & the user cant edit or delete any thing..

will u help me to provide idea,,or how can i do this???
Posted 24-Apr-13 3:44am
Comments
ThePhantomUpvoter 24-Apr-13 8:53am
   
"Now, when any user login in the system then how can i check "what type of user he is", you would query the database for the User_Type....
prodipjsr 24-Apr-13 9:15am
   
wil u please give one example..please
ThePhantomUpvoter 24-Apr-13 12:26pm
   
Why? Are you unable to write a SELECT query for whatever database you are using?
PRAKASH9 24-Apr-13 9:52am
   
store the User_Type in session and check in every page for edit/delete permission

1 solution

Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

Here's an example from a quick app I built. So here you go I created a class:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
 
/// <summary>
/// Verify if User IsBaseUser
/// </summary>
/// 
public class IsBaseUser
{
    SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["GridAutoConnectionString"].ToString());
 
    public bool VerifyBaseUser(string uName)
	{
        using (cn)
        {
            cn.Open();
            
            using(SqlCommand cmd = new SqlCommand("SELECT * FROM tblGridAutoUsers WHERE username = '" + uName + "' AND rolename = 'Base'", cn))
            {
                SqlDataReader reader = cmd.ExecuteReader();
                if (reader.HasRows)
                {
                    cn.Close();
                    return true;
                }
                else
                    cn.Close();
                    return false;
            }
        }
    }
}

Then I used that class in my program:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
 

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
 
    }
 

    protected void Button1_Click(object sender, EventArgs e)
    {
        IsBaseUser b = new IsBaseUser();
        if (b.VerifyBaseUser(TextBox1.Text) == true)
        {
            Label1.Text = "This is a base user";
        }
        else
        {
            Label1.Text = "Check your spelling.";
        }
    }
}

I simply used a button, a textbox, and a label. This works just fine and should get you going in the right direction:
<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" %>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
 
        <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
        <br />
        <br />
        <asp:Button ID="Button1" runat="server" onclick="Button1_Click" Text="Button" />
        <br />
        <br />
        <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
 
    </div>
    <asp:SqlDataSource ID="SqlDataSource1" runat="server"
        ConnectionString="<%$ ConnectionStrings:GridAutoConnectionString %>"
        SelectCommand="SELECT * FROM [tblGridAutoUsers]"></asp:SqlDataSource>
    </form>
</body>
</html>
  Permalink  
v3
Comments
ProgramFOX 30-Apr-13 11:45am
   
Hi,

I see that you use string concatenation to build your SQL query:
using(SqlCommand cmd = new SqlCommand("SELECT * FROM tblGridAutoUsers WHERE username = '" + uName + "' AND rolename = 'Base'", cn))
Never, ever use string concatenation to build SQL queries! If you use it, SQL injection is possible!
Use a SqlParameter to build queries:
http://www.dotnetperls.com/sqlparameter
http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx
JasonMacD 30-Apr-13 11:53am
   
I realize that, and never use string concatenation. But for the purposes of just getting something to work for a new up and coming developer I wrote it this way. Also I didn't want to clutter my DB with a SP that won't be used. Baby steps for some people. Some of you top commenters here on CodeProject & Stack Overflow are more into correcting people than helping people.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Mobile
Web02 | 2.8.160208.1 | Last Updated 30 Apr 2013
Copyright © CodeProject, 1999-2016
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100