Add some more validation controls in login page

This will help you get started

www.dotnetfunda.com/articles/article1250-permission-module-or-security-module-in-aspnet-or-silverlight.aspx

Thank you for posting at Dotnetfunda
[Administrator]

Sri88ktm, if this helps please login to Mark As Answer. | Alert Moderator

aspx.cs file coding

in my coding three role are there that is employee,admin,manager

protected void btnSubmit_Click(object sender, EventArgs e)
{
string str1 = null;
//string[] UserName = null;
try
{
// //if (txtUserName.Text.Contains("@"))
// //{
// // string str = txtUserName.Text;
// // UserName = str.Split('@');
// clsLogin.UserName = UserName[0].ToString();
// str1 = UserName[0].ToString();
// }
// else
//{
clsLogin.UserName = txtUserName.Text.Trim();
str1 = txtUserName.Text.Trim();
//}
clsLogin.Password = txtPassword.Text.Trim();
string Role = objLogin.GetUserLogin();

if (Role == "NoUser")
lblMsg.Text = "User Name and password mismatch. Try again.";
else
if (Role == "Admin")
{
Session["UserName"] = str1;
Response.Redirect("~/Admin/AdminHome.aspx");
}
else if (Role == "Manager")
{
Session["UserName"] = str1;
Response.Redirect("~/HRManager/ManagerHome.aspx");
}
else if (Role == "Employee")
{
Session["UserName"] = str1;
Response.Redirect("~/Employee/EmployeeHome.aspx");

}

}

catch (Exception ex)
{
lblMsg.Text = ex.Message;

}
}

.cs file

public static string UserName { get; set; }
public static string Password { get; set; }
public static string Role { get; set; }
DataSet ds = null;

public string GetUserLogin()
{
try
{
SqlParameter[] p = new SqlParameter[3];

p[0] = new SqlParameter("@UserName", UserName);
p[1] = new SqlParameter("@Password", Password );
p[2] = new SqlParameter("@Role", SqlDbType.VarChar, 50);
p[2].Direction = ParameterDirection.Output;


SqlHelper.ExecuteNonQuery(con, CommandType.StoredProcedure, "spLoginChecking", p);
Role = Convert.ToString(p[2].Value);
return Role;
}
catch (Exception ex)
{
throw new ArgumentException(ex.Message);
}
}

stored procedure

ALTER proc [dbo].[spLoginChecking]
(@UserName varchar(50),@Password varchar(50),@Role varchar(50)output)
--AS
--
--BEGIN
--
--If Exists (Select * From tbl_Login where LoginName=@UserName And Password=@Password)
--
--begin
--
--select @Role = Role from tbl_Login where LoginName=@UserName And Password=@Password
--
--end
--
--end

AS
BEGIN

Declare @EmpId int

if exists (select * from tbl_Login where LoginName=@UserName And Password=@Password)
begin
select @EmpId=EmpId from tbl_Login where LoginName=@UserName And Password=@Password
select @Role=Role from tbl_Login where EmpId=@EmpId
Select @Role AS Role
end
else
begin
Select 'NoUser' AS Role
end
end

sankarreddy

Sri88ktm, if this helps please login to Mark As Answer. | Alert Moderator

if its useful make it mark

sankarreddy

Sri88ktm, if this helps please login to Mark As Answer. | Alert Moderator

Hi, while registering user itself.. maintain a column from the code behind with userstatus set as "User".
While validating the user credentials to login, Check whether a user is a normal User or Admin from the column value. If he is admin then redirect him to the required admin pages, if not to the user level pages.
Roles based authentication can serve as a demo for the above question. Refer the following article: http://www.dotnetfunda.com/articles/article141.aspx

Awesome Coding !! :)

Sri88ktm, if this helps please login to Mark As Answer. | Alert Moderator