How do I redirect to different page after login based on user's role using form authentication?

Question

0.00/5 (No votes)

See more:

There are 2 user roles :- Student, Teacher.

There are 3 type of users :- admin, Students, Teachers.

Admin's username and password is not store in the database so it is directly check with actual username and password.

Student's and Teacher's username and password is stored in the database so during login username and password is check and redirect to their specific page based on their role.

I used form authentication so that only legitimate user can access their page. But I am getting error(below) when I am running LoginPage.

error:-

C#

Server Error in '/' Application.

The resource cannot be found.

Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly. 

Requested URL: /default.aspx

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.1069.1

What I have tried:

LoginPage.aspx.cs

C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;
using System.Configuration;
using System.Web.Security;


public partial class Registration_LoginPage : System.Web.UI.Page
{
    Code code = new Code();
    SqlConnection con;
    SqlCommand cmd;
    bool flag = true;

    public Registration_LoginPage()
    {
        con = new SqlConnection();
        con.ConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
        cmd = new SqlCommand();
    }


    protected void Page_Load(object sender, EventArgs e)
    {
        if(!IsPostBack)
        { 

        Response.Cache.SetCacheability(HttpCacheability.NoCache);
        Response.Cache.SetExpires(DateTime.Now);
        Response.Cache.SetNoServerCaching();
        Response.Cache.SetNoStore();
        }

        if(User.Identity.Name !=String.Empty)
        {
            FormsAuthentication.RedirectFromLoginPage(User.Identity.Name, false);
        }

    }

    protected void btnLogIn_Click(object sender, EventArgs e)
    {
       // String encryptedPassword = code.encrypt(Request.Form["password"]);

        try
        { 
            con.Open();
            cmd.CommandText = "select * from [Users]";
            cmd.Connection = con;
            SqlDataReader rd = cmd.ExecuteReader();
            

            if (Request.Form["username"] == "admin" && Request.Form["password"] == "admin")
            {
                Session["Username"] = Request.Form["username"];
                Response.Redirect("/AdminHome/AdminMPage.aspx");
            }
            else
            {

                while (rd.Read())
                {

                if (rd["UserName"].ToString() == Request.Form["username"] && rd["Password"].ToString() == Request.Form["password"])
                    {
                        Session["Username"] = rd["UserName"];
                        flag = false;
                        break;
                    }
                }
                if (flag == true)
                    lblMsg.Text = "Username and password invalid";
                else
                {
                string roles = rd["Role"].ToString();
                if (rd["Role"].ToString() == "Student")
                        //  Response.Redirect("Student.aspx");
                        FormsAuthentication.RedirectFromLoginPage(roles, false);

                    /* else
                         Response.Redirect("Teacher.aspx");  */

                  else  if (rd["Role"].ToString() == "Teacher")
                        FormsAuthentication.RedirectFromLoginPage(roles, false);
                }
            }
      } 
        catch (Exception ex)
        {
            lblMsg.Text = ex.Message;

        } 
    }
    
}

web.config

XML

<?xml version="1.0"?>

<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->

<configuration>

  <connectionStrings>
    <add name="ConnectionString" connectionString="Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True"
        providerName="System.Data.SqlClient" />
  </connectionStrings>

    <system.web>
      
      <authentication mode="Forms">
        <forms loginUrl="/Registration/LoginPage.aspx">
        </forms>
      </authentication>

      <compilation debug="true" targetFramework="4.5.2" />
      <httpRuntime targetFramework="4.5.2" />
    </system.web>
  
  <location path="FIRST PAGE">
      <system.web>
        <authorization>
          <allow users="*"/>
          
        </authorization>
      </system.web>
    </location>
  
  <location path="Registration">
      <system.web>
        <authorization>
          <allow users="*"/>
          
        </authorization>
      </system.web>
    </location>
  
  
    <location path="AdminHome">
      <system.web>
        <authorization>
          <allow users="admin"/>
          <deny users="*"/>
        </authorization>
      </system.web>
    </location>
  
  <location path="Student">
      <system.web>
        <authorization>
          <allow roles="Student"/>
          <deny users="*"/>
        </authorization>
      </system.web>
    </location>
  
<location path="Teacher">
      <system.web>
        <authorization>
          <allow roles="Teacher"/>
          <deny users="*"/>
        </authorization>
      </system.web>
    </location>

  <appSettings>

    <add key="ValidationSettings:UnobtrusiveValidationMode" value="None"/>
    
  </appSettings>
  

</configuration>

Posted 5-May-16 4:11am

Member 12170781

Updated 5-May-16 11:55am

Add a Solution

Comments

F-ES Sitecore 5-May-16 12:08pm

You need to work out which redirect is giving the error, it's probably this one which makes no sense

if(User.Identity.Name !=String.Empty)
{
FormsAuthentication.RedirectFromLoginPage(User.Identity.Name, false);
}

I don't think you understand what RedirectFromLogin does so remove that "if" and see what happens.

https://msdn.microsoft.com/en-us/library/ka5ffkce(v=vs.110).aspx

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

ZurdoDev · Answer 1 · 2016-05-05T04:28:00

Solution 1

Use the ~ in your url. That means the root of your site.

C#

Response.Redirect("~/AdminHome/AdminMPage.aspx");

Posted 5-May-16 4:28am

ZurdoDev

Comments

Sergey Alexandrovich Kryukov 5-May-16 11:09am

:-) :-)
A 5. :-)

Member 12170781 5-May-16 11:14am

didn't work..same error

ZurdoDev 5-May-16 11:15am

The error says it can't find the resource. Meaning your url is not correct.

AndreaFerro · Answer 2 · 2016-05-05T11:55:00

This is an example

XML

<authentication mode="Forms">
  <forms loginUrl="Login.aspx" name="adAuthCookie" timeout="120" path="/"/>
</authentication>

C#

protected void Page_Load(object sender, EventArgs e)
{
    if (!Page.IsPostBack)
    {
        if ((bool)Session["CambiarContraseña"] == true)
        {
            Response.RedirectPermanent("CambiarContrasena.aspx?c=1");
        }
        else
        {
            if (User.Identity.IsAuthenticated)
            {
                txtFecha.Text = DateTime.Now.ToShortDateString();

            }
            else
            {
                Server.Transfer("Login.aspx");

            }
        }

    }
}