I am new in .net technology.
I have developed a web based application using asp.net, c# and sql server 2008 R2.
Following is my requirement in software.
I will give client to one Super admin user(which is created using microsoft CreateUserWizard control).
Super admin can create different roles with add/edit/delete permission of different pages.
e.g :
Role Name : XYZ_Admin
Form Name Add Delete Edit
Inquiry Yes No Yes
Account Yes Yes No
Order No No No
Super admin can create different Franchises(branch) and user accounts for those franchises with role(which are created by Super Admin).
Now Franchises will login with its credential and create roles for own franchise. Same as above example.
Now Franchises create different user accounts with role (which are created by franchise) for own franchise.
-----------------------------------------------------------------------------------------------
Now User(which are created by franchise) login with its credntial and he/she can perform operation according to assign role permission.
One user can't see records(e.g: Inquiry records) of other users record(e.g: Inquiry records).
------------------------------------------------------------------------------------------------
Each franchise can see all records of its own franchise's all users records. but each franchises can't see records of other franchises.
------------------------------------------------------------------------------------------------
Super Admin can see all records of each franchises records.
------------------------------------------------------------------------------------------------
I am using microsoft CreateUserWizard control to create account and login control for login.
Following way I have implement this requirement:
When User Login.First of all I am getting login user's role permission(given in above e.g), it's role type(super admin/Franchise/Franchise's User) and user's fracnchise's ID by calling a function (which I have implemented in C# class file). In this function I am calling a store procedure with login user's ID as parameter and this store procedure returns all role permission, role type and franchises ID.
Store all these user's role permission, role type and franchise's id in different variables in c# class's private variables.
e.g:
private static int nRoleType1;
private static Guid nBranchId1;
private static bool bInqAdd1 = false;
private static bool bInqMod1 = false;
private static bool bInqDel1 = false;
public void GetRolePermission()
{
SqlTransaction trans = CreateTransaction();
try
{
MembershipUser newUser = Membership.GetUser();
command = new SqlCommand("GetRolePermissionByLoginUserIDForAdmin", con, trans);
command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add("UserId", SqlDbType.UniqueIdentifier).Value = (Guid)newUser.ProviderUserKey;
command.Connection = con;
DataTable dt = new DataTable();
da = new SqlDataAdapter(command);
da.Fill(dt);
nRoleType = Convert.ToInt32(dt.Rows[0]["snRoleType"].ToString());
bInqAdd = Convert.ToBoolean(dt.Rows[0]["bInqAdd"].ToString());
bInqMod = Convert.ToBoolean(dt.Rows[0]["bInqModify"].ToString());
bInqDel = Convert.ToBoolean(dt.Rows[0]["bInqDelete"].ToString());
if (nRoleType == 2)
{nBranchId = (Guid)newUser.ProviderUserKey;}
else if (nRoleType == 3)
{nBranchId = (Guid)dt.Rows[0]["nGeneratedBy"];}
trans.Commit();
}
catch (SqlException err)
{
trans.Rollback();
throw err;
}
catch (Exception ex)
{
trans.Rollback();
throw ex;
}
finally
{
EndTransaction();
}
Accessing these private variables by it's properties.
e.g:
public int nRoleType {
get{return nRoleType1;}
set{nRoleType1 = value;}
}
public Guid nBranchId{
get{return nBranchId1;}
set{nBranchId1 = value;}}
}
public bool bInqAdd {
get{return bInqAdd1;}
set{bInqAdd1 = value;} }
public bool bInqMod {
get{return bInqMod1;}
set{bInqMod1 = value;} }
public bool bInqDel{
get{return bInqDel1;}
set{bInqDel1 = value;}}
------------------------------------------------------------------------------------------------Problem:
When I am login with Franchise and other user login with franchise's user credntial(This user is created by franchise. User user can be of any franchises) in other system after few second/milli second.
Now Franchise permissions are over right by last users and last users treated as franchise and last user see all record of franchises and franchise can't see its own users records in grid(which i used in page) and also change franchise permission by last user.
---------------------------------------------------------------------------------------------
I hope you understand my requirement and problems.
Please help me how to solve this issues ASAP.
Submit an article or tip