locked
Security authorization RRS feed

  • Question

  • User966545989 posted

    I am writing a code for my website to have a security login so that when you login if you are admin or super admin the appropriate options would become available. However I am getting an error (picture of it will be below). I was wondering if you can look at my error and code and tell me if I did something wrong or where I can improve as I only just started learning Sessions, so I could have made a mistake somewhere.

    ----------part 1----------
    DAL dal = new DAL("Data Source=localhost;Initial Catalog=dbMagazine;Integrated Security=SSPI");
    
            protected void Page_Load(object sender, EventArgs e)
            {
    
            }
    
            protected void btnLogin_Click(object sender, EventArgs e)
            {
                dal.AddParam("@Username", txtUsername.Text);
                dal.AddParam("@Passwords", txtPassword.Text);
                DataSet ds = dal.ExecuteProcedure("spLogin");
                if(ds.Tables[0].Rows.Count > 0)
                {
                    txtUsername.Text = ds.Tables[0].Rows[0]["Username"].ToString();
                    txtPassword.Text = ds.Tables[0].Rows[0]["Passwords"].ToString();
                    Response.Write("Login Successful.");
    
                    Session["LoginID"] = ds.Tables[0].Rows[0]["LoginID"].ToString(); ;
                    Session["SecurityLVL"] = ds.Tables[0].Rows[0]["SecurityLVL"].ToString(); ;
                    Session["Username"] = ds.Tables[0].Rows[0]["Username"].ToString();
                    Session["Passwords"] = ds.Tables[0].Rows[0]["Passwords"].ToString();
                    Response.Redirect("HomePage.aspx");
                }
    
    
    ----------part 2----------
     DAL dal = new DAL("Data Source=localhost;Initial Catalog=dbMagazine;Integrated Security=SSPI");
    
            protected void Page_Load(object sender, EventArgs e)
            {
                if ((int)Session["SecurityLVL"] == 1)
                {
                    Response.Write("I am watching YOU :|");
                }
                else if ((int)Session["SecurityLVL"] == 2)
                {
                    btnAdd.Visible = true;
                    FUpload.Visible = true;
                    DDLoad.Visible = true;
                    Image1.Visible = true;
                    Response.Write("Editor has final say on everything remember.");
                }
    
                else if ((int)Session["SecurityLVL"] == 3)
                {
                    btnAdd.Visible = true;
                    FUpload.Visible = true;
                    DDLoad.Visible = true;
                    Image1.Visible = true;
                    btnEdit.Visible = true;
                    btnDelete.Visible = true;
                    btnArticle.Visible = true;
                    txtInput.Visible = true;
                    Response.Write("Welcome back Boss");
                }
    
                else
                {
                    Response.Write("ACCESS DENIED");
                }
    

    One more note that those 2 codes are from different pages.

    Here is the error

    http://s952.photobucket.com/user/athrun5/media/Untitled.jpg.html

    Tuesday, August 26, 2014 12:27 PM

Answers

  • User753101303 posted

    Hi,

    You used :

    Session["SecurityLVL"] = ds.Tables[0].Rows[0]["SecurityLVL"].ToString(); so it is a string rather than an int.

    You likely want it to be an int so try :

    Session["SecurityLVL"] = ds.Tables[0].Rows[0]["SecurityLVL"]; instead

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, August 26, 2014 12:34 PM

All replies

  • User753101303 posted

    Hi,

    You used :

    Session["SecurityLVL"] = ds.Tables[0].Rows[0]["SecurityLVL"].ToString(); so it is a string rather than an int.

    You likely want it to be an int so try :

    Session["SecurityLVL"] = ds.Tables[0].Rows[0]["SecurityLVL"]; instead

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, August 26, 2014 12:34 PM
  • User966545989 posted

    Thanks a bunch, also if you could, can you tell me how I may make a message box come up and say something to the user. In windows form I was able to do that with messagebox.show(); but now I can't and I tried using response.write but that didn't achieve what I was looking for.

    Tuesday, August 26, 2014 12:44 PM