How can I use id to differentiate user and admin page RRS feed

  • Question

  • User2144323856 posted

    Let's say i got a data of employee id, employee name and department id, and the IT department id is 10. Only department id which is 10 can goes to admin page, other department id goes to user page. Can anyone help me thanks.

    What I have tried:

    string strCom = "SELECT * FROM EmployeeView";
    SqlCommand comm = new SqlCommand(strCom, dbITAsset);

    SqlDataAdapter sda = new SqlDataAdapter("select * from EmployeeView where EMPLOYEEID='" + txtIDNO.Text + "'", cons);
    DataTable dt = new DataTable();

    if (dt.Rows.Count > 0)
    Session["UserID"] = dt.Rows[0][0];
    Session["Username"] = dt.Rows[0][1];
    Session["DepartmentID"] = dt.Rows[0][2];
    string username = Session["Username"].ToString();
    string dpid = Session["DepartmentID"].ToString(); // get department id from database

    Response.Write("alert('You are logged in as " + dt.Rows[0][1] + "')");

    if (dpid == "10")
    Server.Transfer("Admin.aspx ? dpid=" + dpid);
    else {
    Server.Transfer("User.aspx ? dpid=" + dpid);
    Response.Write("alert('Invalid ID No')");

    Wednesday, March 10, 2021 8:22 AM

All replies

  • User753101303 posted


    When showing code, please always tell what happens when it runs. As here, when reading code it's not uncommon to not see any abvious error but 5 or 6 possible issues without one being really more likely.

    - though you have a learning curve it is likely better to learn about what ASP.NET offers out of the box to handle authentication and authorization. For example tou can tell ony admin users can access admin.aspx while here a non admin user will be likely able to access this page by entering its name in the browser address bar
    - also Web Forms is on the way out. You may want to learn https://docs.microsoft.com/en-us/aspnet/core/razor-pages/?view=aspnetcore-5.0&tabs=visual-studio instead if not already familar Web Forms

    Wednesday, March 10, 2021 10:33 AM
  • User379720387 posted

    I agree with PatriceSc, better to go with one of the out of the box authentication/authorization solutions.

    Although you probably should not use SimpleMembershipProvider, it is worth reading up on it, as it is a bare bones implementation.

    Users have Roles

    Roles are used to allow or disallow access to a page.

    Wednesday, March 10, 2021 6:47 PM