Click here to Skip to main content
15,893,668 members
Search within:


How to write stored procedure for login insert and authentication as well as how assign permission to particuar user
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
SQL
i have company name,company code ,username,password in my login table.but once i create one company and its username,password that company can access only its data which is in other table.like that i can create many companies.and each company can access its own data from other table. how to write stored procedure for that.

What I have tried:

this is my insert and authentication procedure
it is working fine.(showing output as 'successfully logged in')

SQL
set ANSI_NULLS ON
set QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[sp_AuthLogin]
@Comapny_Name varchar(50) =null, 
@Company_Code varchar(50)=null,
@Usercode varchar(50) = NULL,
@Password varchar(50) = NULL,


@abc varchar(50)=null

As
BEGIN
IF	@abc='insert'
begin
set nocount on;
DECLARE @company_Id int





insert into login(Comapny_Name,Usercode,Password)
values(@Comapny_Name,@Usercode,@Password)
set @company_Id = SCOPE_IDENTITY();


end


if  @abc='select'
begin

if exists (select * from login  where Usercode=@Usercode and Password=@Password and Company_Code=@Company_Code)
begin
print 'login successful';
grant insert,update,select,delete on Company_Name where Company_Code=@Company_Code
end
else
print 'successfully logged in'
--select * from login_User
end
--DECLARE @MSG varchar(500)
end
Posted
Updated 23-Mar-16 3:51am
v2
Add a Solution
Comments
Richard Deeming 23-Mar-16 9:36am    
Don't store passwords in plain text! You should only ever store a salted hash of the password, using a unique salt per record.

Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

1 solution

Make sure your company table has an ID in it, so

SQL
ID | Name | Password
----------------------
1  | John | password
2  | Dave | 12345


You need to get the ID for the customer that is logged in, how you get that depends on your code. The easiest (but not the best) way is to store their ID in the Session when they login. You need to associate that company ID with any data relating to it, so your Employee table might be like

SQL
ID | CompanyID | Name
------------------
1  | 2 | Pete
2  | 1 | Ian
3  | 2 | Simon


This means that Pete and Simon work for company "Dave" and Ian works for "John". So when you want to list all employees your Employee_List stored proc needs to accept a @CompanyID parameter that your code will pass, and it will pass the ID of the currently logged in user.
 
Share this answer
 
Posted
v2
Comments
Member 12385326 25-Mar-16 1:22am    
can you provide example of login? and what is better way to do this? trigger,cursor or stored procedure?
F-ES Sitecore 25-Mar-16 9:35am    
Your login will just be something simple like

select userid from users where [username]=@username and [password]=@password

If you get null back the login failed, otherwise you get their userid
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Login user authentication
How to give the user sa permission to backup or restore only if the login password is correct
How do I write a stored procedure that get table name and a record anf insert record into the table
Stored procedure for Login
Execute permission denied for stored procedure
Execute store procedure from one database to another login permission
stored procedure ,triggers
Random questions assigned to each PHP user. Working with sessions
write single stored procedure for select and insert
Authentication of user and login

Advertise
Privacy
Cookies
Terms of Use
Last Updated 23 Mar 2016
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900