Login , User, administrators on a web site

Question

0.00/5 (No votes)

See more:

Hi guys,

In my web site I'm working on login for simple users who wants just to buy products and the administartors which they have other abilities .

I setup the account for administrator at ASP.NET configuration and the rules.

I create a folder Adminpages which contains the Admin.aspx and a web.config file which it have

XML

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.web>
        <authorization>
            <allow users="Administrator" />
          <deny users="?"/>
        </authorization>
    </system.web>
</configuration>

In login page I create the following code:

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        string adm = "admin";
        string auth=Convert.ToString(Login1.UserName.ToUpper());
       
        if (auth == adm)
        {
            Response.Redirect("~/AdminPages/Admin.aspx");
        }
        else
        {
            //authentication code
            SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ToString());

            string aSQL = "select ID_USER, NAME_USER, PASSWORD from [User] where UPPER(NAME_USER)= @USER and UPPER(PASSWORD)=@PASS";
            try
            {
                SqlCommand cmd = new SqlCommand(aSQL, con);
                cmd.Parameters.Add("@User", SqlDbType.Char, 10, "UserName").Value = Login1.UserName.ToUpper();
                cmd.Parameters.Add("@Pass", SqlDbType.Char, 10, "PASSWORD").Value = Login1.Password.ToUpper();
                con.Open();
                SqlDataReader dr = cmd.ExecuteReader();
                //check database for names
                dr.Read();
                if (dr.HasRows)
                {
                    Session["user"] = dr["ID_USER"];
                    Response.Redirect("cart.aspx?ID=" + Request.QueryString["ID"] + "&quant=" + Request.QueryString["quant"]);
                }
                else
                    Response.Write("User or password invalid");

            }
            finally
            {
                con.Close();
            }
        }

When I try to enter in shopping cart everything is ok but when i try to login as administrator
nothing happens.

Any idea what i must change in order to work the login in administrator page?

Thnx in advance!
Jason

Posted 15-Oct-13 9:11am

JasonTsoum77

Updated 15-Oct-13 9:17am

Richard C Bishop

v3

Add a Solution

Comments

Richard C Bishop 15-Oct-13 15:18pm

Have you set up membership and roles in the WSAT?

JasonTsoum77 15-Oct-13 15:28pm

Yes I have set,

thnx for your response

Richard C Bishop 15-Oct-13 15:36pm

Well, you have "Administrator" as your user in the web.config, but in the code-behind you call it "admin". They need to be the same I believe.

JasonTsoum77 15-Oct-13 15:38pm

How i should modify the web.config?

Richard C Bishop 15-Oct-13 15:38pm

I am not sure which one you need to change. Whatever the WSAT says is the users name is what both need to say.

JasonTsoum77 15-Oct-13 15:41pm

I have try with many senarions like
1)
<allow users="Admin">
<deny users="?">
2)
<deny users="?">
3)
<allow users="Administrator">
<deny users="*">

and many many others but it didn't worked I don't know what else i should try.

Richard C Bishop 15-Oct-13 15:49pm

Well, a reason the redirect is not working is because you are calling .ToUpper() on the string value, so it won't ever match the lower case "admin".

JasonTsoum77 15-Oct-13 15:56pm

I remove ToUpper() but still nothing
it seems that it makes a refresh but still remains in login page without redirect to admin.aspx

Richard C Bishop 15-Oct-13 16:04pm

So if you type "admin" as your user name in the login, it will match the other hard-coded string. But, if there is security around the Admin.aspx page, then you can't get to it unless your membership allows it.

JasonTsoum77 15-Oct-13 16:13pm

Exactly.

Richard C Bishop 15-Oct-13 16:20pm

I posted a link to a previous CP question, go through it and see if that helps any.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard C Bishop · Answer 1 · 2013-10-15T10:19:00

Solution 1

See this article for examples on how to set up your code:

ccilk[^]

Posted 15-Oct-13 10:19am

Richard C Bishop