|
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using System.Web.Security;
namespace Swat
{
/// <summary>
/// Summary description for WebForm1.
/// </summary>
public enum AccessPrivilege
{
Developer = 1,
Administrator = 2,
Manager = 4
}
public class SwatLogon : System.Web.UI.Page
{
protected System.Web.UI.WebControls.TextBox txtUserName;
protected System.Web.UI.WebControls.TextBox txtPassword;
protected System.Web.UI.WebControls.Button btnConnect;
protected System.Web.UI.WebControls.Label lblError;
private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.btnConnect.Click += new System.EventHandler(this.btnConnect_Click);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
private void btnConnect_Click(object sender, System.EventArgs e)
{
SqlConnection cnn;
SqlDataReader dr;
string strRedirect = "";
int nUserID = 0;
int nRoles = 0;
//Empty database check. If there are no users defined it
//means it's a new installation.
//We allow 'Admin' as the user only if the database is empty
string ConnectionString = "user id=ASPNET;password=;initial catalog=swatbugs;data source=localhost;Integrated Security=false;connect timeout=30;";
cnn = new SqlConnection(ConnectionString);
cnn.Open();
SqlCommand cmd = cnn.CreateCommand();
if (txtUserName.Text == "admin")
{
//Check to see if the db is empty
cmd.CommandText = "SWATGetAllUsers";
cmd.CommandType = CommandType.StoredProcedure;
dr = cmd.ExecuteReader();
if(dr.Read() == false)
{
nUserID = 0; //It doesn't matter only admin page
//will be available
nRoles = (int)AccessPrivilege.Administrator;
strRedirect = "SwatMain.aspx";
}
dr.Close();
}
if (strRedirect.Length == 0)
{
cmd.CommandText = "SWATGetUser";
cmd.CommandType = CommandType.StoredProcedure;
// Fill our parameters
cmd.Parameters.Add("@username", SqlDbType.NVarChar, 64).Value = txtUserName.Text;
cmd.Parameters.Add("@password", SqlDbType.NVarChar, 128).Value = txtPassword.Text;
dr = cmd.ExecuteReader();
if(dr.Read())
{
nUserID = (int)dr["id"];
if (dr["roles"] != System.DBNull.Value)
{
nRoles = System.Convert.ToInt16(dr["roles"]);
strRedirect = "SwatMain.aspx";
}
}
}
cnn.Close();
if (strRedirect.Length != 0)
{
FormsAuthenticationTicket tkt = new FormsAuthenticationTicket(
1, //Ticket version
txtUserName.Text, //User name associated with ticket
DateTime.Now, //When ticket was issued
DateTime.Now.AddMinutes(30), //When ticket expires
true, //A persistent ticket
nRoles.ToString(), //The user's role
FormsAuthentication.FormsCookiePath); //Path cookie valid for
//Hash the cookie
string hash = FormsAuthentication.Encrypt(tkt);
HttpCookie ck = new HttpCookie(FormsAuthentication.FormsCookieName, hash);
//Add cookie to the response
Response.Cookies.Add(ck);
Response.Cookies["UserID"].Value = nUserID.ToString();
Response.Cookies["UserID"].Expires = DateTime.MaxValue;
Response.Cookies["Roles"].Value = nRoles.ToString();
Response.Cookies["Roles"].Expires = DateTime.MaxValue;
Response.Redirect(strRedirect, true);
}
else
{
lblError.Text = "Invalid logon credentials";
}
}
}
}
|
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.