Got question regarding access restriction for specific users to pages. I know i can do that inside web.config but is it proper way in my case when i am using database authentication or it should be another way? How i can achieve that? Waiting your feedback.
protected void btnLogin_Click(object sender, EventArgs e)
{
//Authenticate against the list stored in db
if (AuthenticateUser(txtLogin.Text, txtPassword.Text))
{
//Create the authentication cookie and redirect the user to welcome page
FormsAuthentication.RedirectFromLoginPage(txtLogin.Text, chkBoxRememberMe.Checked);
}
else
{
lblMsg.Text = "Invalid Username and/or password";
}
}
// TODO : zaimplementuj blokade konta po x blednych probach logowania: ASP.NET part 93
private bool AuthenticateUser(string username, string password)
{
var cs = ConfigurationManager.ConnectionStrings["StorminDB"].ConnectionString;
using (var con = new SqlConnection(cs))
{
var cmd = new SqlCommand("spAuthenticateUser", con) {CommandType = CommandType.StoredProcedure};
var paramUsername = new SqlParameter("@UserName", username);
var paramPassword = new SqlParameter("@Password", password);
cmd.Parameters.Add(paramUsername);
cmd.Parameters.Add(paramPassword);
con.Open();
var returnCode = (int) cmd.ExecuteScalar();
return returnCode == 1;
}
}
I think Form authentication can resolve your problem. In the sense if you are moving database authentication itself, it will help you role wise authentication http://www.codeproject.com/Articles/13872/Form-authentication-and-authorization-in-ASP-NET
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.