Hi friends, am working on asp.net C# SqlServer 2005.
here, i want to avoid SQL Injections during users login..So i wrote stored procedure for this. its works perfect.
But my requirement is I have 2 UserTypes while login
1)User
2)Admin
I have created only User access. But am unable to understand, how to use 2 usertypes based on if condition.
This is my SQL Stored Procedure
--------------------------------
set ANSI_NULLS ON
set QUOTED_IDENTIFIER ON
go
ALTER PROCEDURE [dbo].[CHECK_UserInfo_Proc]
@USERNAME VARCHAR(50),
@PASSWORD VARCHAR(50)
AS
BEGIN
SELECT * FROM UserInformation WHERE USERNAME COLLATE Latin1_general_CS_AS =@USERNAME AND [PASSWORD] COLLATE Latin1_general_CS_AS=@PASSWORD
END
In Sql table I have fields as Id,UserName,Password,UserType,MobileNo.
and this is my ASP.net Login page code(Login button Click)
protected void BtnLogin_Click(object sender, ImageClickEventArgs e)
{
DataTable dt = new DataTable();
try
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["CollegeDBConnectionString"].ConnectionString);
SqlDataAdapter adp = new SqlDataAdapter("CHECK_UserInfo_Proc", con);
adp.SelectCommand.CommandType = CommandType.StoredProcedure;
adp.SelectCommand.Parameters.Add("@USERNAME", SqlDbType.VarChar, 50).Value = TxtUserName.Text.Trim();
adp.SelectCommand.Parameters.Add("@PASSWORD", SqlDbType.VarChar, 50).Value = TxtPassword.Text.Trim();
adp.Fill(dt);
if (dt.Rows.Count > 0)
{
Response.Redirect("~/User/Home.aspx");
}
else
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "RunCode", "javascript:alert('Invalid UserName or Password');", true);
}
}
catch (Exception ex)
{
Response.Write("Error occured : " + ex.ToString());
}
finally
{
dt.Clear();
dt.Dispose();
}
}
Please can you help me, how to create multiple usertypes based on condition.
If it is admin --- the pages must redirect to admin pages
if it is user --- the pages must redirect to User pages
help is required Thanks in advance.