How Can I Authorized User As Admin And Sub In Mvc 4?

Question

0.00/5 (No votes)

See more:

this is my login codde...plese plese help me,,,,,

XML

//login.aspx//login view//

<%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage<demomvc.Models.login>" %>

<!DOCTYPE html>
<script runat="server">


</script>
<html>
<head runat="server">
<meta name="viewport" content="width=device-width" />
<title>login</title>
</head>
<body>
<div>
<% using (Html.BeginForm()) { %>
<%: Html.ValidationSummary(true, "password or user name was not found.") %>
<div>
<fieldset>
<legend>Account Information</legend>

<div class="editor-label">
<%: Html.LabelFor(m => m.name) %>
</div>
<div class="editor-field">
<%: Html.TextBoxFor(m => m.name) %>
<%: Html.ValidationMessageFor(m => m.name) %>
</div>

<div class="editor-label">
<%: Html.LabelFor(m => m.password) %>
</div>
<div class="editor-field">
<%: Html.TextBoxFor(m => m.password) %>
<%: Html.ValidationMessageFor(m => m.password) %>
</div>

<div class="editor-label">
<%: Html.LabelFor(m => m.type) %>
</div>
<div>
<%: Html.TextBoxFor(m =>m.type) %>
<%: Html.ValidationMessageFor(m => m.type) %>
</div>

<input type="submit" value="Log In" />
</fieldset>
</div>
<% } %>
<%= Html.ActionLink("NOT SUB USER PLESE CLICK", "adminloginpanal")%>

<div><%= Html.ActionLink("New users register here", "registration")%></div>

</body>
</html>


//login.cs// login model

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.SqlClient;
using System.ComponentModel.DataAnnotations;
using System.Web.Security;

namespace demomvc.Models
{


public class login
{



[Required]
[Display(Name = "User name")]
public string name { get; set; }

[Required]
[Display(Name = "Password")]
public string password { get; set; }

[Required]
[Display(Name = "Type")]
public string type { get; set; }




public bool IsValid(string _username, string _pwd,string _typ)
{
string _sql = "Select name From dbo.[login] Where name='" + _username + "' And password='" + _pwd + "'And type='"+_typ+"'";
SqlConnection con = new SqlConnection(@"Data Source=HARI\SQLEXPRESS;Initial Catalog=demo;Integrated Security=True");
con.Open();
SqlCommand cmd = new SqlCommand(_sql, con);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
return true;
else
return false;

}

}

this is.....home controller
[HttpGet]
        public ActionResult Login()
        {
            return View();
        }
        [HttpPost]
        public ActionResult Login(demomvc.Models.login lgn, string username, string password,string type)
        {

            FormsAuthentication.Authenticate(username, password);
            if (ModelState.IsValid)
            {
                    
                    if (lgn.IsValid(lgn.name, lgn.password, lgn.type))
                    {
                        
                       //TempData["type"] = lgn.type.ToString();

                  
                        //ViewBag.type = lgn.type.ToString();


                        return RedirectToAction("details", "Home");

                    }
                    else
                    {
                        ModelState.AddModelError("","The user name or password provided is incorrect.");
                    }
            }


            return View(lgn);
        }
        public ActionResult Logout()
        {
            FormsAuthentication.SignOut();
            return RedirectToAction("Index", "Home");
        }



        [HttpGet]
        public ActionResult delete(int id,demomvc.Models.DeleteModel deletemodel,string type)
        {
            if (deletemodel.type == "admin")
            {

                int d_record = deletemodel.delete(id, type);
                if (d_record > 0)
                {
                    return RedirectToAction("details", "home");

                }
                else
                {
                    ModelState.AddModelError("", "can not delete");
                }
            }
            else
            {
                Response.Write("you can not delete this record");
                Response.Redirect("http://localhost:1194/Home/details");
            }

            return View("Index");
        }
 
}}

Posted 5-Jun-14 19:55pm

Member 10866073

Updated 5-Jun-14 20:00pm

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

sankarsan parida · Answer 1 · 2014-06-05T21:33:00

Implementing this logic is pretty easy. All we need to-do is to add an [Authorize] filter attribute to our Create action methods like so:

//
// GET: /Dinners/Create
 
[Authorize]
public ActionResult Create() {
...
}
 
//
// POST: /Dinners/Create
 
[AcceptVerbs(HttpVerbs.Post), Authorize]
public ActionResult Create(Dinner dinnerToCreate) {
...
}

The [Authorize] filter optionally supports the ability to specify a "Users" or "Roles" property that can be used to require that the user is both logged in and within a list of allowed users or a member of an allowed security role. For example, the code below only allows two specific users, "scottgu" and "billg", to access the /Dinners/Create URL:

[Authorize(Users="scottgu,billg")]
public ActionResult Create() {
...
}

We could then update the code to only allow users within a specific "admin" role

[Authorize(Roles="admin")]
public ActionResult Create() {
...
}

Get more details from followings link
Custom-Authentication-and-Authorization-in-ASP.NET-MVC.html[^]
Authentication role basis[^]