autentication and authorization

Question

1.00/5 (1 vote)

See more:

, +

Dear Experts,

I have following files
Display.aspx- Main File to display
Workingsheet.Aspx- Working sheet which navigate from display.aspx

Now whenever i submit button in Display.aspx, it will redirected to workingsheets.aspx.BUT

But i want to ask user credential from user with form or window propmt window, and userID must be verfied from sql table otherwise no one can access the workingsheet.aspx

Can you please help me, i m getting stuck in this work.

Regards
Tahir

Posted 14-Jun-14 0:34am

tahirgr8_2000

Add a Solution

Comments

[no name] 14-Jun-14 6:45am

Okay so what have you tried? What is the problem with what you have tried?

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ) 14-Jun-14 14:35pm

Where are you stuck?

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

ziad imad · Accepted Answer · 2014-06-14T06:20:00

Hi,
there is a simple way I used:

1- create users table which contain:
user_id,user_name,password,role_id,......

2- create login sp

create procedure login
@user_name nvarchar(50),@password nvarchar(50)
as
select * from users
where user_id=@user_id
and password=@password

3- in C# use DataTable to get the result then check the values from DataTable like this:

string msg=string.Empty
if(table.rows.count>0)
{
if(table.Rows[0]["password"].ToString()!=textboxpassword)
{
msg="Wrong Password";
}
else
{
if(table.Rows[0]["role_id"].ToString()!="1"
{
msg="You Don't have permissoin";
}
else
{
//go the page you want
}
}
}
else
{
msg="user name doesn't exist";
}

tahirgr8_2000 · Accepted Answer · 2014-06-24T22:25:00

Dear Freinds

i have used someone else code and modified according to my need. It works and run smoothly. here login name and password authenticate with window domain as we used our login id and password for login.

Now after successful running of this code, I have one issue that How to get the value for of username in order to store in my database table

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Runtime.InteropServices;

using System.Collections.Specialized;
using System.Data.SqlClient;
using System.Net;



public partial class Login : System.Web.UI.Page
{
    private DateTime currenttimedate;
    
    private string usernameID;
    private string serverID;

     private string stored;
    private SqlCommand SqlLogin;
    private SqlConnection hookUp;

    [DllImport("ADVAPI32.dll", EntryPoint = "LogonUserW", SetLastError = true, CharSet = CharSet.Auto)]
    public static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

   
    
    public static string GetDomainName(string usernameDomain)
    {
        if (string.IsNullOrEmpty(usernameDomain))
        {
            throw (new ArgumentException("Argument can't be null.", "usernameDomain"));
        }
        if (usernameDomain.Contains("\\"))
        {
            int index = usernameDomain.IndexOf("\\");
            return usernameDomain.Substring(0, index);
        }
        else if (usernameDomain.Contains("@"))
        {
            int index = usernameDomain.IndexOf("@");
            return usernameDomain.Substring(index + 1);
        }
        else
        {
            return "";
        }
    }

      public static string GetUsername(string usernameDomain)
    {
        if (string.IsNullOrEmpty(usernameDomain))
        {
            throw (new ArgumentException("Argument can't be null.", "usernameDomain"));
        }
        if (usernameDomain.Contains("\\"))
        {
            int index = usernameDomain.IndexOf("\\");
            return usernameDomain.Substring(index + 1);
        }
        else if (usernameDomain.Contains("@"))
        {
            int index = usernameDomain.IndexOf("@");
            return usernameDomain.Substring(0, index);
        }
        else
        {
            return usernameDomain;
        }
    }

   
       public string GetIP4Address()
    {
        string IP4Address = String.Empty;
 
       
        foreach (IPAddress IPA in Dns.GetHostAddresses(System.Net.Dns.GetHostName()))
        {
            if (IPA.AddressFamily.ToString() == "InterNetwork")
            {
                IP4Address = IPA.ToString();     
                break;
            }           
        }
        return IP4Address;
    }
      
   

    


    protected void btnLogin_Click(object sender, EventArgs e)
    {

        string domainName = GetDomainName(txtUserName.Text); 
        string userName = GetUsername(txtUserName.Text);  
     
       

          IntPtr token = IntPtr.Zero;

           bool result = LogonUser(userName, domainName, txtPassword.Text, 2, 0, ref token);
        if (result)
        {
          

                  if (string.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
            {
                FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);
            }
                else
            {
                FormsAuthentication.SetAuthCookie(txtUserName.Text, false);
                Response.Redirect("Default.aspx");


            }

        }


        else
        {
                Response.Write("Invalid username or password.");
        }


        usernameID += txtUserName.Text;

        serverID += Request.ServerVariables["REMOTE_USER"];
        string ipaddress = GetIP4Address();



        currenttimedate= DateTime.Now;
        hookUp = new SqlConnection("Server=localhost\\Sqlexpress; Database=TPM_ThermoformingParco;" + "Integrated Security=True");
       // hookUp = new SqlConnection("Server=dpl-pc-2; Database=DP1_2;" + "uid=; Password=");
       // hookUp = new SqlConnection("Server=khiopc; Database=TPM;" + "uid=; Password=");
       // stored = "insert into PARCO5_USERS values(@username,@servername, @machineip, @authenticationfetchdatetime)";
        stored = "insert into userlogin values(@username,@servername, @machineip, @authenticationfetchdatetime)";

         //hookUp = new SqlConnection("server=localhost\\Sqlexpress; Database=TPM_Thermoforming;uid=fn; Password=);
        //hookUp = new SqlConnection("Server=khiopc; Database=TPM;" + "uid=; Password=");
        // StrInsert = "insert into TPM_Thermoforming_Parco05 values(@Reading1A, @Reading1B, @Reading1D,  @Action1, @Reading2A, @Reading2D, @Action2, @Reading3A, @Reading3B, @Reading3C, @Reading3D, @Action3, @Reading4A, @Reading4B, @Reading4D, @Action4, @Reading5A, @Reading5B, @Reading5C, @Reading5D, @Action5, @Reading6A, @Reading6B, @Reading6C, @Reading6D, @Action6, @Reading7A, @Reading7B, @Reading7D,@Action7, @Reading8A, @Reading8B, @Reading8C, @Reading8D, @Action8, @Reading9A, @Reading9B, @Reading9C, @Reading9D, @Action9, @Reading10A, @Reading10D, @Action10, @Reading11A, @Reading11B, @Reading11C, @Reading11D, @Action11, @Reading12A, @Reading12B, @Reading12D, @Action12, @Reading13A, @Reading13B, @Reading13C, @Reading13D, @Action13, @Reading14A, @Reading14B, @Reading14D,@Action14, @Reading15A, @Reading15B, @Reading15C, @Reading15D, @Action15, @Reading16A, @Reading16B,@Reading16BB, @Reading16D, @Reading16DD, @Action16, @Reading17A, @Reading17B, @Reading17D, @Action17, @Reading18A, @Reading18D, @Action18, @Reading19A, @Reading19B, @Reading19D, @Action19, @Reading20A, @Reading20B, @Reading20D, @Action20, @Reading21A, @Reading21D,@Reading21DD, @Action21, @Reading22A, @Reading22B, @Reading22C, @Reading22D, @Action22, @Reading23A, @Reading23B, @Reading23C, @Reading23D, @Action23, @Reading24A, @Reading24B, @Reading24D, @Action24, @Reading25A, @Reading25B, @Reading25D,@Action25, @Reading26A, @Reading26B, @Reading26D, @Action26, @Reading27A, @Reading27D, @Action27, @Reading28A, @Reading28AA,@Reading28D, @Reading28DD,@Action28, @Reading29A, @Reading29AA, @Reading29D,@Reading29DD, @Action29, @Reading30A, @Reading30D, @Action30, @Reading31A, @Reading31B, @Reading31D, @Action31, @Reading32A, @Reading32B, @Reading32D, @Action32, @Reading33A, @Reading33B, @Reading33C, @Reading33D, @Action33, @Reading34A, @Reading34B, @Reading34C, @Reading34D, @Action34, @Reading35A, @Reading35B, @Reading35D, @Action35, @Reading36A, @Reading36D, @Action36, @Reading37A, @Reading37B, @Reading37D, @Action37, @Reading38A, @Reading38D, @Action38, @Reading39A, @Reading39D, @Action39, @Reading40A, @Reading40AA,@Reading40D, @Reading40DD, @Action40, @Reading41A, @Reading41B, @Reading41D, @Action41, @Reading42A, @Reading42AA,@Reading42B, @Reading42BB, @Reading42D, @Reading42DD, @Action42, @Reading43A,@Reading43B, @Reading43BB, @Reading43D, @Reading43DD, @Action43, @Reading44A, @Reading44B, @Reading44D, @Action44, @Reading45A, @Reading45B, @Reading45C, @Reading45D, @Action45, @Reading46A, @Reading46B, @Reading46D,  @Action46, @Reading47A, @Reading47D, @Action47,@FetchDate)";
        //StrInsert = "insert into TPMTHERMO values(@Reading1A, @Reading1B, @Reading1C,  @Action1, @Reading2A, @Reading2B, @Action2, @Reading3A, @Reading3B, @Reading3C, @Reading3D, @Action3, @Reading4A, @Reading4B, @Reading4C, @Action4, @Reading5A, @Reading5B, @Reading5C, @Reading5D, @Action5, @Reading6A, @Reading6B, @Reading6C, @Reading6D, @Action6, @Reading7A, @Reading7B, @Reading7C,@Action7, @Reading8A, @Reading8B, @Reading8C, @Reading8D, @Action8, @Reading9A, @Reading9B, @Reading9C, @Reading9D, @Action9, @Reading10A, @Reading10B, @Action10, @Reading11A, @Reading11B, @Reading11C, @Reading11D, @Action11, @Reading12A, @Reading12B, @Reading12C, @Action12, @Reading13A, @Reading13B, @Reading13C, @Reading13D, @Action13, @Reading14A, @Reading14B, @Reading14D,@Action14, @Reading15A, @Reading15B, @Reading15C, @Reading15D, @Action15, @Reading16A, @Reading16B,@Reading16BB, @Reading16D, @Reading16DD, @Action16, @Reading17A, @Reading17B, @Reading17D, @Action17, @Reading18A, @Reading18D, @Action18, @Reading19A, @Reading19B, @Reading19D, @Action19, @Reading20A, @Reading20B, @Reading20D, @Action20, @Reading21A, @Reading21D,@Reading21DD, @Action21, @Reading22A, @Reading22B, @Reading22C, @Reading22D, @Action22, @Reading23A, @Reading23B, @Reading23C, @Reading23D, @Action23, @Reading24A, @Reading24B, @Reading24D, @Action24, @Reading25A, @Reading25B, @Reading25D,@Action25, @Reading26A, @Reading26B, @Reading26D, @Action26, @Reading27A, @Reading27D, @Action27, @Reading28A, @Reading28AA,@Reading28D, @Reading28DD,@Action28, @Reading29A, @Reading29AA, @Reading29D,@Reading29DD,@Action29, @Reading30A, @Reading30D, @Action30, @Reading31A, @Reading31B, @Reading31D, @Action31, @Reading32A, @Reading32B, @Reading32D, @Action32, @Reading33A, @Reading33B, @Reading33C, @Reading33D, @Action33, @Reading34A, @Reading34B, @Reading34C, @Reading34D, @Action34, @Reading35A, @Reading35B, @Reading35D, @Action35, @Reading36A, @Reading36D, @Action36, @Reading37A, @Reading37B, @Reading37D, @Action37, @Reading38A, @Reading38D, @Action38, @Reading39A, @Reading39D, @Action39, @Reading40A, @Reading40AA,@Reading40D, @Reading40DD, @Action40, @Reading41A, @Reading41B, @Reading41D, @Action41, @Reading42A, @Reading42AA,@Reading42B, @Reading42BB, @Reading42D, @Reading42DD, @Action42, @Reading43A,@Reading43B, @Reading43BB, @Reading43D, @Reading43DD, @Action43, @Reading44A, @Reading44B, @Reading44D, @Action44, @Reading45A, @Reading45B, @Reading45C, @Reading45D, @Action45, @Reading46A, @Reading46B, @Reading46D,  @Action46, @Reading47A, @Reading47D, @Action47,@@FetchDate)";
  

        SqlLogin = new SqlCommand(stored, hookUp);

        SqlLogin.Parameters.Add(new SqlParameter("@username", SqlDbType.NVarChar, 50));
        SqlLogin.Parameters["@username"].Value = usernameID;


        SqlLogin.Parameters.Add(new SqlParameter("@servername", SqlDbType.NVarChar, 50));
        SqlLogin.Parameters["@servername"].Value = serverID;

        SqlLogin.Parameters.Add(new SqlParameter("@machineip", SqlDbType.NVarChar, 50));
        SqlLogin.Parameters["@machineip"].Value = ipaddress;

        SqlLogin.Parameters.Add("@authenticationfetchdatetime", currenttimedate);

            
        hookUp.Open();
        SqlLogin.ExecuteNonQuery();
        hookUp.Close();
       
    
    }
}

autentication and authorization

2 solutions

Solution 2

Solution 3

Add your solution here

Preview 0