Manage role is this correct?
-
Hi, I failed to manage roles by code and web confg. so I used the code easily I have a table Security of my database (login,password,profil) and a login.aspx page and I need to open pages in each service to the people of this service .is this correct? can I combine the files into folders? I must change the file wb.config? my code:
protected void Button7_Click(object sender, EventArgs e) { SqlConnection aCon = new SqlConnection(@"Data Source=.\SQLEXPRESS;UID=sa;Password=******;Initial Catalog=xxxxx"); aCon.Open(); String rqtr3 = " SELECT * FROM SECURITE WHERE LOGIN = '" + Textbox3.Text + "' AND PASSWORD='" + TextBox12.Text + "'"; SqlCommand cmr3 = new SqlCommand(rqtr3, aCon); SqlDataReader drr3 = cmr3.ExecuteReader(); while (drr3.Read() == true) { TextBox2.Text = drr3["PROFIL"].ToString(); if (TextBox2.Text == "service1") { Response.Redirect("default1.aspx"); } else { if (TextBox2.Text == "service2") { Response.Redirect("default2.aspx"); } else { if (TextBox2.Text == "service3") { Response.Redirect("default3.aspx"); } else......... } } } }Thanks. -
Hi, I failed to manage roles by code and web confg. so I used the code easily I have a table Security of my database (login,password,profil) and a login.aspx page and I need to open pages in each service to the people of this service .is this correct? can I combine the files into folders? I must change the file wb.config? my code:
protected void Button7_Click(object sender, EventArgs e) { SqlConnection aCon = new SqlConnection(@"Data Source=.\SQLEXPRESS;UID=sa;Password=******;Initial Catalog=xxxxx"); aCon.Open(); String rqtr3 = " SELECT * FROM SECURITE WHERE LOGIN = '" + Textbox3.Text + "' AND PASSWORD='" + TextBox12.Text + "'"; SqlCommand cmr3 = new SqlCommand(rqtr3, aCon); SqlDataReader drr3 = cmr3.ExecuteReader(); while (drr3.Read() == true) { TextBox2.Text = drr3["PROFIL"].ToString(); if (TextBox2.Text == "service1") { Response.Redirect("default1.aspx"); } else { if (TextBox2.Text == "service2") { Response.Redirect("default2.aspx"); } else { if (TextBox2.Text == "service3") { Response.Redirect("default3.aspx"); } else......... } } } }Thanks.First, absolutely NEVER, EVER use unvalidated user input in your SQL statements. This is even more hanous because you are querying the security database. Lookup a term called 'SQL Injection attack'.
I know the language. I've read a book. - _Madmatt
-
First, absolutely NEVER, EVER use unvalidated user input in your SQL statements. This is even more hanous because you are querying the security database. Lookup a term called 'SQL Injection attack'.
I know the language. I've read a book. - _Madmatt
-
Even more so, most attacks occur from the inside
I know the language. I've read a book. - _Madmatt
-
Hi, I failed to manage roles by code and web confg. so I used the code easily I have a table Security of my database (login,password,profil) and a login.aspx page and I need to open pages in each service to the people of this service .is this correct? can I combine the files into folders? I must change the file wb.config? my code:
protected void Button7_Click(object sender, EventArgs e) { SqlConnection aCon = new SqlConnection(@"Data Source=.\SQLEXPRESS;UID=sa;Password=******;Initial Catalog=xxxxx"); aCon.Open(); String rqtr3 = " SELECT * FROM SECURITE WHERE LOGIN = '" + Textbox3.Text + "' AND PASSWORD='" + TextBox12.Text + "'"; SqlCommand cmr3 = new SqlCommand(rqtr3, aCon); SqlDataReader drr3 = cmr3.ExecuteReader(); while (drr3.Read() == true) { TextBox2.Text = drr3["PROFIL"].ToString(); if (TextBox2.Text == "service1") { Response.Redirect("default1.aspx"); } else { if (TextBox2.Text == "service2") { Response.Redirect("default2.aspx"); } else { if (TextBox2.Text == "service3") { Response.Redirect("default3.aspx"); } else......... } } } }Thanks. -
What you are trying to achieve is Role-based security using forms authentication. I found very good example for the same. Role-based Security with Forms Authentication[^] HTH
Jinal Desai - LIVE Experience is mother of sage....
Role based security is also available out of the box with ASP.NET
I know the language. I've read a book. - _Madmatt
-
Role based security is also available out of the box with ASP.NET
I know the language. I've read a book. - _Madmatt
Thanks a lot Mark Nischalke and Jinal Desai - LIVE, I used the link but when I login I have this message: Username / password incorrect. Please try again.(password and database connection are just) I think that I have a problem with the web config. Mark Nischalke I do not understand:Role based security is also available out of the box with ASP.NET. thanks
modified on Monday, July 12, 2010 11:20 AM
-
Thanks a lot Mark Nischalke and Jinal Desai - LIVE, I used the link but when I login I have this message: Username / password incorrect. Please try again.(password and database connection are just) I think that I have a problem with the web config. Mark Nischalke I do not understand:Role based security is also available out of the box with ASP.NET. thanks
modified on Monday, July 12, 2010 11:20 AM
-
Thanks Mark Nischalke, I still have the same problem(with the previous link)and even using visual studio 2008 menu web site / asp.net configuration...Username / password incorrect. Please try again. i dont know if i have a problem in visual studio or what? thanks (sorry i dont speak english well)