ASP.NET: Custom Login, USE SQL Role manager, Roles stored in SQL Table

Web.config

  
    <add name="SqlRoleManagerConnection" 
         connectionString="Data Source=sqlinstance;
                          Initial Catalog=dbname;Integrated Security=SSPI;">
 <!--
    
    -->

    <add name="MyDbConnectionString" connectionString="Server=svrcis; Database=WebRegister; User Id=WebRegister; Password=poker; Trusted_Connection=false;" 
         providerName="System.Data.SqlClient"/>

  



  
    <add name="SqlRoleManager" 
         type="System.Web.Security.SqlRoleProvider"
         connectionStringName="SqlRoleManagerConnection"
         applicationName="MyApplication" />
  
Login.ascx.cs
 
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class UserControls_Login: System.Web.UI.UserControl
{
    protected voidPage_Load(object sender, EventArgs e)
    {
    }
    protected voidcreateNewUserButton_Click(object sender, EventArgs e)
    {
        stringuserName, password, email, securityQuestoin, securityAnswer, country, gender;
        userName = userNameTextBox.Text.ToString();
        password = passwordTextBox.Text.ToString();
        email = emailTextBox.Text.ToString();
        securityQuestoin = questionDropDownBox.Text.ToString();
        securityAnswer = answerDropDownBox.Text.ToString();
        country = countryDropDownBox.Text.ToString();
        gender = genderDropDownBox.Text.ToString();
        int age = Int16.Parse( ageTextBox.Text.ToString());
        UserDetailsAccess.UserAdd(userName, password, email, securityQuestoin, securityAnswer, country, gender, age);
    }
    protected voidLogin1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        Boolean bauthenticated = false;
        bauthenticated = UserDetailsAccess.IsValidUser(Login1.UserName, Login1.Password);
        if (bauthenticated)
        {
            e.Authenticated = true;
            //save the productId into session variable to use it later on
            Session[“loggedInUserName”] = Login1.UserName;
        }
        else
        {
            e.Authenticated = false;
        }
    }
}
 
UserDetailsAccess.cs
 
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.Common;
///
/// Summary description for CreateCustomerWizard
///

 

public class UserDetailsAccess
{
    public UserDetailsAccess()
       {
              //
              // TODO: Add constructor logic here
              //
       }
    //get all user
    public staticDataTable GetAllUser()
    {
        DbCommand comm = GenericDataAccess.CreateCommand();//create command
        comm.CommandText = “GetUsers”; //set stored procedure
        return GenericDataAccess.ExecuteSelectCommand(comm);
    }
    // Remove a shopping cart item
    public static bool DeleteUser(intuserID)
    {
        // get a configured DbCommand object
        DbCommand comm = GenericDataAccess.CreateCommand();
        // set the stored procedure name
        comm.CommandText = “UserDelete”;
        // create a new parameter
        DbParameter param = comm.CreateParameter();
        param.ParameterName = “@UserID”;
        param.Value = userID;
        param.DbType = DbType.Int32;
        comm.Parameters.Add(param);
        // returns true in case of success or false in case of an error
        try
        {
            // execute the stored procedure and return true if it executes
            // successfully, or false otherwise
            return (GenericDataAccess.ExecuteNonQuery(comm) != -1);
        }
        catch
        {
            // prevent the exception from propagating, but return false to
            // signal the error
            return false;
        }
    }
    // Add a new customer
    public static bool UserAdd(stringuserName, string password, string email, stringsecurityQuestion, string securityAnswer, string country, stringGender, int Age)
    {
        // get a configured DbCommand object
        DbCommand comm = GenericDataAccess.CreateCommand();
        // set the stored procedure name
        comm.CommandText = “UserAdd”;
        // create a new parameter
        DbParameter param = comm.CreateParameter();
        param.ParameterName = “@UserName”;
        param.Value = userName;
        param.DbType = DbType.String;
        param.Size = 36;
        comm.Parameters.Add(param);
        // create a new parameter
        param = comm.CreateParameter();
        param.ParameterName = “@Password”;
        param.Value = password;
        param.DbType = DbType.String;
        comm.Parameters.Add(param);
        // create a new parameter
        param = comm.CreateParameter();
        param.ParameterName = “@Email”;
        param.Value = email;
        param.DbType = DbType.String;
        comm.Parameters.Add(param);
        // create a new parameter
        param = comm.CreateParameter();
        param.ParameterName = “@SecurityQuestion”;
        param.Value = securityQuestion;
        param.DbType = DbType.String;
        comm.Parameters.Add(param);
        // create a new parameter
        param = comm.CreateParameter();
        param.ParameterName = “@SecurityAnswer”;
        param.Value = securityAnswer;
        param.DbType = DbType.String;
        comm.Parameters.Add(param);
        // create a new parameter
        param = comm.CreateParameter();
        param.ParameterName = “@Country”;
        param.Value = country;
        param.DbType = DbType.String;
        comm.Parameters.Add(param);
        // create a new parameter
        param = comm.CreateParameter();
        param.ParameterName = “@Gender”;
        param.Value = Gender;
        param.DbType = DbType.String;
        comm.Parameters.Add(param);
        // create a new parameter
        param = comm.CreateParameter();
        param.ParameterName = “@Age”;
        param.Value = Age;
        param.DbType = DbType.Int32;
        comm.Parameters.Add(param);
    
        // returns true in case of success or false in case of an error
        try
        {
            // execute the stored procedure and return true if it executes
            // successfully, or false otherwise
            return (GenericDataAccess.ExecuteNonQuery(comm) != -1);
        }
        catch
        {
            // prevent the exception from propagating, but return false to
            // signal the error
            return false;
        }
    }
    // verify users against existing database
    public static bool IsValidUser(stringuserName, string password)
    {
        // get a configured DbCommand object
        DbCommand comm = GenericDataAccess.CreateCommand();
        // set the stored procedure name
        comm.CommandText = “UserIsExist”;
        // create a new parameter
        DbParameter param = comm.CreateParameter();
        param.ParameterName = “@UserName”;
        param.Value = userName;
        param.DbType = DbType.String;
        param.Size = 36;
        comm.Parameters.Add(param);
        // create a new parameter
        param = comm.CreateParameter();
        param.ParameterName = “@Password”;
        param.Value = password;
        param.DbType = DbType.String;
        comm.Parameters.Add(param);
        // return the result table
        DataTable table = GenericDataAccess.ExecuteSelectCommand(comm);
        if (table.Rows.Count > 0)
        {
            return true;
        }
        else
        {
            return false;
        }
    }
}

Creating the Admin Panel

Show/Hide The Menu Items to The Users Depending on Roles
if (Roles.IsUserInRole("Admin"))
{
    Menu1.Items[0].Text = "Admin";
}
else
{
    Menu1.Items[0].Text = "";
}
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s