I have to create a role based application in which i have three roles admin,manager and user. In my application i have three different folder in which i have to check those role. What i want is when i enter credential in my login page first it will check whether user is authorized or not and if not then redirect to the error page. If authorized then check its roles and give access to the specified folder.
this is my login page code:
protected void btnSubmit_Click(object sender, EventArgs e)
{
String queryread = @"Select * from Login where UserName = '" + tbUserName.Text.ToLower() + "' and Password='"+ tbPassword.Text.ToLower() +"'";
SqlConnection con = new SqlConnection();
SqlDataReader read;
con.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["BartConnectionString"].ConnectionString;
SqlCommand readdata = new SqlCommand(queryread, con);
try
{
con.Open();
read = readdata.ExecuteReader();
Boolean flag = false;
while (read.Read())
{
String UserName = read["UserName"].ToString().ToLower();
String password = read["Password"].ToString();
if (tbUserName.Text.ToLower() == UserName)
{
if (tbPassword.Text.Trim() == password)
{
Session["UserID"] = UserName.ToString();
flag = true;
}
}
}
if (flag)
{
Response.Redirect("~/Supervisor/Form.aspx", false);
}
else
{
Response.Redirect("~/Error.aspx",false);
}
}
catch (Exception ex2)
{
Response.Write("Error");
}
finally
{
if (con.State == System.Data.ConnectionState.Open)
con.Close();
}
}
in this i check the authorization for the user now i also want to check which role this user have what changes i have to make in this code to check roles also
In my sql i have table login which have
- UserID
- UserName
- Password
- RoleID
what changes i have to make in my web.config file. what change i have to make in my login page to check role. I guess my question is clear to you guys.
Thanks in advance
