Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: ASP.NET
Dear All,
In my web project
i hv three type of user in my database 1.user,2.super user 3. admin.(my user database field is like this: ID,Name,User_Name,Password,User_Type).
 
Now, when any user login in the system then how can i check "what type of user he is?? becoz
if i check the user type then i can enable the EDIT/Delete option for admin user. & the user cant edit or delete any thing..
 
will u help me to provide idea,,or how can i do this???
Posted 24-Apr-13 3:44am
Comments
ThePhantomUpvoter at 24-Apr-13 8:53am
   
"Now, when any user login in the system then how can i check "what type of user he is", you would query the database for the User_Type....
prodipjsr at 24-Apr-13 9:15am
   
wil u please give one example..please
ThePhantomUpvoter at 24-Apr-13 12:26pm
   
Why? Are you unable to write a SELECT query for whatever database you are using?
PRAKASH9 at 24-Apr-13 9:52am
   
store the User_Type in session and check in every page for edit/delete permission

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Here's an example from a quick app I built. So here you go I created a class:
 
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
 
/// <summary>
/// Verify if User IsBaseUser
/// </summary>
/// 
public class IsBaseUser
{
    SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["GridAutoConnectionString"].ToString());
 
    public bool VerifyBaseUser(string uName)
	{
        using (cn)
        {
            cn.Open();
            
            using(SqlCommand cmd = new SqlCommand("SELECT * FROM tblGridAutoUsers WHERE username = '" + uName + "' AND rolename = 'Base'", cn))
            {
                SqlDataReader reader = cmd.ExecuteReader();
                if (reader.HasRows)
                {
                    cn.Close();
                    return true;
                }
                else
                    cn.Close();
                    return false;
            }
        }
    }
}
 
Then I used that class in my program:
 
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
 

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
 
    }
 

    protected void Button1_Click(object sender, EventArgs e)
    {
        IsBaseUser b = new IsBaseUser();
        if (b.VerifyBaseUser(TextBox1.Text) == true)
        {
            Label1.Text = "This is a base user";
        }
        else
        {
            Label1.Text = "Check your spelling.";
        }
    }
}
 
I simply used a button, a textbox, and a label. This works just fine and should get you going in the right direction:
<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" %>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
 
        <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
        <br />
        <br />
        <asp:Button ID="Button1" runat="server" onclick="Button1_Click" Text="Button" />
        <br />
        <br />
        <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
 
    </div>
    <asp:SqlDataSource ID="SqlDataSource1" runat="server"
        ConnectionString="<%$ ConnectionStrings:GridAutoConnectionString %>"
        SelectCommand="SELECT * FROM [tblGridAutoUsers]"></asp:SqlDataSource>
    </form>
</body>
</html>
  Permalink  
v3
Comments
ProgramFOX at 30-Apr-13 11:45am
   
Hi,
 
I see that you use string concatenation to build your SQL query:
using(SqlCommand cmd = new SqlCommand("SELECT * FROM tblGridAutoUsers WHERE username = '" + uName + "' AND rolename = 'Base'", cn))
Never, ever use string concatenation to build SQL queries! If you use it, SQL injection is possible!
Use a SqlParameter to build queries:
http://www.dotnetperls.com/sqlparameter
http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx
JasonMacD at 30-Apr-13 11:53am
   
I realize that, and never use string concatenation. But for the purposes of just getting something to work for a new up and coming developer I wrote it this way. Also I didn't want to clutter my DB with a SP that won't be used. Baby steps for some people. Some of you top commenters here on CodeProject & Stack Overflow are more into correcting people than helping people.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web04 | 2.8.1411022.1 | Last Updated 30 Apr 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100