Question : Redirect to page based on credentials

Greetings experts,

I am newbie to .net and I managed to google up this code and modified it as a working login code.

Right now, there is some items I am having issues getting started with.

First off, we have 3 different groups and each group has 2 permission levels.

Members belonging to a group can only see what is in his/her group ONLY.

One permission level allows anyone in any of these 3 groups to be able to enter data and that's it. This permissionLevel is called Staff.

The other Permission Level administrator. Anyone with this administrator permission level can modify, delete, add, view any page within his/her group.

Let's say, for instance, that I have the 3 groups on the db as GroupA, GroupB, GroupC, GroupD, and I have indicated that user's of each group have either Administrators or Staff permission Levels.

So, I need something like:

If groupID ="GroupA"  then
redirect "GroupA" page
elseif...

Can you please see my code below and see if you can assist?

Thanks very much.

Code Snippet:

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102:

using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.Data.SqlClient; public partial class Login : System.Web.UI.Page { protected void Page_Load(object sender, System.EventArgs e) { if (!this.IsPostBack) { ViewState["LoginErrors"] = 0; } } protected void Login1_Authenticate(object sender, AuthenticateEventArgs e) { if (validateUsers(Login1.UserName, Login1.Password)) { // e.Authenticated = true; Login1.Visible = false; //MessageLabel.Text = "Successfully Logged In"; Response.Redirect("~/main.aspx"); } else { e.Authenticated = false; } } protected void Login1_LoginError(object sender, EventArgs e) { if (ViewState["LoginErrors"] == null) { ViewState["LoginErrors"] = 0; } int ErrorCount = (int)ViewState["LoginErrors"] + 1; ViewState["LoginErrors"] = ErrorCount; if ((ErrorCount > 3) && (Login1.PasswordRecoveryUrl != string.Empty)) { Response.Redirect(Login1.PasswordRecoveryUrl); } } private bool validateUsers(string UserName, string Password) { bool boolReturnValue = false; string strConnection = "data source = 879TYM;initial catalog = WebRpts;Integrated Security=SSPI;"; SqlConnection sqlConnection = new SqlConnection(strConnection); string SQLQuery = "SELECT UserName, GroupID, AccessLevel, UPassword FROM tblAppUser"; SqlCommand command = new SqlCommand(SQLQuery, sqlConnection); SqlDataReader Dr; sqlConnection.Open(); Dr = command.ExecuteReader(); while (Dr.Read()) { if ((UserName == Dr["UserName"].ToString()) & (Password == Dr["UPassword"].ToString())) { boolReturnValue = true; } Dr.Close(); return boolReturnValue; } return boolReturnValue; } }

Open in New Window

Select All

Answer : Redirect to page based on credentials

As I said earlier:
 ---> the example uses asp.net Roles but you can do your check here by getting your groupId
You have to entirely remove what there is inside LoggedIn event handler.

So you need to query your DB like you do to authenticate but with some change:

string Groupid= String.Empty;
string AccessLevel = String.Empty;
string SQLQuery = "SELECT GroupID, AccessLevel FROM tblAppUser where UserName=@username";
SqlCommand command = new SqlCommand(SQLQuery, sqlConnection);
Parameters.AddWithValue("@username", Login1.UserName);

SqlDataReader Dr;
sqlConnection.Open();
 Dr = command.ExecuteReader();
while (Dr.Read()) {
Groupid = Dr["GroupID"].ToString()
AccessLevel = Dr["AccessLevel "].ToString())
 Dr.Close();
}
if(Groupid =="GroupA")
{
Response.Redirect("ToGroupA.aspx);
}
//Now you have groupid and accesslevel so you can redirect as you want.