Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: ASP.NET
Dear All,
In my web project
i hv three type of user in my database 1.user,2.super user 3. admin.(my user database field is like this: ID,Name,User_Name,Password,User_Type).
 
Now, when any user login in the system then how can i check "what type of user he is?? becoz
if i check the user type then i can enable the EDIT/Delete option for admin user. & the user cant edit or delete any thing..
 
will u help me to provide idea,,or how can i do this???
Posted 24-Apr-13 3:44am
Comments
ThePhantomUpvoter at 24-Apr-13 8:53am
   
"Now, when any user login in the system then how can i check "what type of user he is", you would query the database for the User_Type....
prodipjsr at 24-Apr-13 9:15am
   
wil u please give one example..please
ThePhantomUpvoter at 24-Apr-13 12:26pm
   
Why? Are you unable to write a SELECT query for whatever database you are using?
PRAKASH9 at 24-Apr-13 9:52am
   
store the User_Type in session and check in every page for edit/delete permission

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Here's an example from a quick app I built. So here you go I created a class:
 
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
 
/// <summary>
/// Verify if User IsBaseUser
/// </summary>
/// 
public class IsBaseUser
{
    SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["GridAutoConnectionString"].ToString());
 
    public bool VerifyBaseUser(string uName)
	{
        using (cn)
        {
            cn.Open();
            
            using(SqlCommand cmd = new SqlCommand("SELECT * FROM tblGridAutoUsers WHERE username = '" + uName + "' AND rolename = 'Base'", cn))
            {
                SqlDataReader reader = cmd.ExecuteReader();
                if (reader.HasRows)
                {
                    cn.Close();
                    return true;
                }
                else
                    cn.Close();
                    return false;
            }
        }
    }
}
 
Then I used that class in my program:
 
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
 

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
 
    }
 

    protected void Button1_Click(object sender, EventArgs e)
    {
        IsBaseUser b = new IsBaseUser();
        if (b.VerifyBaseUser(TextBox1.Text) == true)
        {
            Label1.Text = "This is a base user";
        }
        else
        {
            Label1.Text = "Check your spelling.";
        }
    }
}
 
I simply used a button, a textbox, and a label. This works just fine and should get you going in the right direction:
<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" %>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
 
        <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
        <br />
        <br />
        <asp:Button ID="Button1" runat="server" onclick="Button1_Click" Text="Button" />
        <br />
        <br />
        <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
 
    </div>
    <asp:SqlDataSource ID="SqlDataSource1" runat="server"
        ConnectionString="<%$ ConnectionStrings:GridAutoConnectionString %>"
        SelectCommand="SELECT * FROM [tblGridAutoUsers]"></asp:SqlDataSource>
    </form>
</body>
</html>
  Permalink  
v3
Comments
ProgramFOX at 30-Apr-13 11:45am
   
Hi,
 
I see that you use string concatenation to build your SQL query:
using(SqlCommand cmd = new SqlCommand("SELECT * FROM tblGridAutoUsers WHERE username = '" + uName + "' AND rolename = 'Base'", cn))
Never, ever use string concatenation to build SQL queries! If you use it, SQL injection is possible!
Use a SqlParameter to build queries:
http://www.dotnetperls.com/sqlparameter
http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx
JasonMacD at 30-Apr-13 11:53am
   
I realize that, and never use string concatenation. But for the purposes of just getting something to work for a new up and coming developer I wrote it this way. Also I didn't want to clutter my DB with a SP that won't be used. Baby steps for some people. Some of you top commenters here on CodeProject & Stack Overflow are more into correcting people than helping people.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 505
1 Maciej Los 325
2 Richard MacCutchan 265
3 Mathew Soji 220
4 BillWoodruff 210
0 OriginalGriff 8,804
1 Sergey Alexandrovich Kryukov 7,457
2 DamithSL 5,689
3 Maciej Los 5,279
4 Manas Bhardwaj 4,986


Advertise | Privacy | Mobile
Web02 | 2.8.1411028.1 | Last Updated 30 Apr 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100