Home
ASP.NET Forums » General ASP.NET » Security » need some advice with user roles

need some advice with user roles

Last post 05-23-2007 10:35 AM by daviper. 4 replies.

Sort Posts:

  • need some advice with user roles

    05-23-2007, 5:10 AM
    • Member
      point Member
    • daviper
    • Member since 05-23-2007, 5:04 AM
    • Posts 6

    hellow

    because this is my first ASP.NET project, i need some advice, this is my problem:

     my website starts with a login page, after correct login you see the home page, that all.

     but now i want 2 kinds of users: normal users that only see the home page, and ADMIN users that will see another page (admin page) + the home page.

     what techniques does i have to use here? any examples?

     grtz

  • Re: need some advice with user roles

    05-23-2007, 8:28 AM
    • Contributor
      2,214 point Contributor
    • mosessaur
    • Member since 07-11-2002, 6:40 PM
    • Cairo
    • Posts 353

    I would recommend to read this articles.
    Examining ASP.NET 2.0's Membership, Roles, and Profile this is a multipart article the covers most of your needs.
    Implementing Role-Based Security with ASP.NET
    Role-Based Authorization With Forms Authentication
    How To Implement Role-Based Security with Forms-Based Authentication in Your ASP.NET Application by Using Visual C# .NET

    Hope this would cover your needs

    Muhammad M. Mosa Soliman
    Software Engineer

  • Re: need some advice with user roles

    05-23-2007, 8:42 AM
    • Member
      point Member
    • daviper
    • Member since 05-23-2007, 5:04 AM
    • Posts 6

    ty for your help!

     what i did was using the ASP.NET  Website Administration Tool

     but now i have some other problems.. the password is hashed in the database, and when i try to login i have to put the "hashed password" and not the "normal password" to login succesfully.

    I also wonder what login code i can use for this, because now i use this:

    private bool Auth(string UserName, string Password)

    {

    bool boolReturnValue = false;

    string strConnection = "server=localhost;database=db;Integrated Security=SSPI;";

    SqlConnection Connection = new SqlConnection(strConnection);

    String strSQL = "Select * From aspnet_Membership";

    SqlCommand command = new SqlCommand(strSQL, Connection);SqlDataReader Dr;

    Connection.Open();

    Dr = command.ExecuteReader();

    while (Dr.Read())

    {

    if ((UserName == Dr["Email"].ToString()) & (Password == Dr["Password"].ToString()))

    {

    boolReturnValue =     true;

    }

     

    }

    return boolReturnValue;

    Dr.Close();

    return false;

    }

  • Re: need some advice with user roles

    05-23-2007, 9:05 AM
    • Contributor
      2,214 point Contributor
    • mosessaur
    • Member since 07-11-2002, 6:40 PM
    • Cairo
    • Posts 353

    Configure your application to use SQL Membership Provider and use login control, this would save time for you.
    Here how you can configure your application for Membership:
    <connectionStrings>
      <add name="MyLocalSQLServer"
           connectionString="server=localhost;database=db;Integrated Security=SSPI;" />
    </connectionStrings>
    and withing <system.web> add this:
    <membership defaultProvider="MySqlMembershipProvider" >
      <providers>
        <clear/>
        <add name="MySqlMembershipProvider"
             connectionStringName="MyLocalSQLServer"
             applicationName="MyAppName"
             type="System.Web.Security.SqlMembershipProvider, System.Web" />
      </providers>
    </membership>

    Then add your login control into your login page and use it. this will achive your target.

    Also refer to this topic at MSDN How To: Use Forms Authentication with SQL Server in ASP.NET 2.0

    Muhammad M. Mosa Soliman
    Software Engineer

  • Re: need some advice with user roles

    05-23-2007, 10:35 AM
    • Member
      point Member
    • daviper
    • Member since 05-23-2007, 5:04 AM
    • Posts 6

    ty !!

     i use your code now, but i have one problem: everyone can login :s

    i make users @ the admin website, but when i typ something random as username and password, it works also :(
Page 1 of 1 (5 items)
RSS Available

Contact | Advertise | Issue Management by Axosoft's OnTime | Running IIS7
All Rights Reserved. | Terms of Use | Trademarks | Privacy Statement
© 2009 Microsoft Corporation.