| Author |
Topic |
|
Noureldin
Starting Member
14 Posts |
 Posted - 2005-08-03 : 18:21:10
|
| HelloI have a database which carries usernames and passwords for users.I want to develope a verification control for my application. That is for example, normal users can view pages 1,2,3, admin can view pages 4,5,6. normal and admin users both can view page 7, but with different links/data in themFirst, the login page should be no problem, just ask for the username & password and check in the database, but what follows? How do I know which user is logged? From knowing which user is logged I can easily know if he is normal or admin. But all I need is how to make something like a login session, where, upon the user loging on, the application remembers his usernamePS: I readf about Session state, but still don't get how to use itThanks |
|
|
timmy
Master Smack Fu Yak Hacker
1242 Posts |
Posted - 2005-08-03 : 19:02:04
|
| Session is one way to go about it. Basically a Session object is created when a new user logs into the system. You can use it to store all sorts of data, but it's particularly good for user ID's and the like. When the user logs in for the first time, you assign their user ID (probably a PK from the users table) to a session parameter, then on subsequent hits you can check and match it back to the user. Have a read up on Session objects on some of the recognised .NET sites (www.codeproject.com, www.dotnet247.com)HTH,Tim |
 |
|
|
Noureldin
Starting Member
14 Posts |
Posted - 2005-08-03 : 19:12:25
|
| Would you just quickly tell me how I make a new object of a session? |
|
|
|
timmy
Master Smack Fu Yak Hacker
1242 Posts |
Posted - 2005-08-03 : 20:45:32
|
| You don't need to create an object. Just use:Session["MyParameterName"].Value = 123;Then:Console.WriteLine(Session["MyParameterName"].Value);Can't guarantee that the syntax is correct; it might pay you to check the .NET documentation.Be aware that you'll probably have to explicitly enable session parameters on your app. Again, check out the doco for more info.Cheers,Tim |
|
|
|
Noureldin
Starting Member
14 Posts |
Posted - 2005-08-03 : 21:35:24
|
| Ok, here is what I did before reading your post..On the login page, after succesfully loggin in:this.Session["user_id"] = rdr["user_id"];And on the following pages, I just use:string userID = Session["user_id"].ToString();And its working fineDo I still have to do th things you said above or thats enough? |
|
|
|
timmy
Master Smack Fu Yak Hacker
1242 Posts |
Posted - 2005-08-03 : 21:37:35
|
| No - I must have been thinking about web services in which you need to specify it. If it's working then you shouldn't need to do anything else....Tim |
|
|
|
Noureldin
Starting Member
14 Posts |
Posted - 2005-08-03 : 21:48:04
|
| Ok, thanks anywayIf I'm not irritating you, what do you mean exactly by web services, maybe give an example :) |
|
|
|
timmy
Master Smack Fu Yak Hacker
1242 Posts |
Posted - 2005-08-03 : 21:58:06
|
| I'm talking about the .NET web services that are available under ASP.NET. They're basically used to enable a client and a server to communicate using SOAP/XML. You're probably not using them for a standard web page, but have a surf around because there's some good info/samples out there if you're interested. |
|
|
|
Noureldin
Starting Member
14 Posts |
Posted - 2005-08-03 : 22:03:15
|
| Ok, will have a look tomorrow or after and maybe com eback to you here :) |
|
|
|
Sirchrisak
Starting Member
19 Posts |
Posted - 2005-08-05 : 08:45:39
|
| i had similar chalenge some few days ago. how i solve the problem, i used to main forms to show hyperlink to what admin or mormal user can see.for instance,In Admin Main page,I had links to page 4,5,6 and 7 also in Mornal Main Page i had links to pages 1,2,3 and 7.In my table in database, i had a field call status.Users status can be say 1 for Admin and 0 for mormal users. so when i check for ur username and password in the database, if they Exis I will return the status value.In my logIn page ,I will test for the value of status ,if it is 1 i will redirect to Admin main page .aspx else if it is 0 i will redirect to mornal main page.It worked for me .try and let seeChris |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2005-08-05 : 09:36:05
|
We allocate a user to multiple "Groups", and a page (or any other "resource") has a "Group" that is permitted to access it [and a URL to redirect to if that is not satisfied - i.e. a Login Page or a "Sorry you can't do that" page]We don't use session objects for this (although we could). We allocate a "Session" record in the database, which gives us an IDENTITY number, to which we add some random data (to prevent hacking) and store that in a [non-persistent client-side session] cookie.So each page the user arrives on they present their cookie.We pass that to all SQL stored procedures that that page calls. (its the first parameter to every single SProc)We then have a table of "User Session Data" - using the session number, and a Key, as the PK.So for example my Session = 1234 and I may have session data of:Session Key Data------- ------- ----------1234 ROLE MEMBER,EVERYONE,SYSADMIN1234 USERID KRISTEN... so the same sort of thing as the Session data in ASP ...Except that our Stored Procedures can look up the data in the database if they need to (whereas they cannot "see" the Session data in IIS) ... so I can get to a particular point in a SQL Sproc and say "Only continue if SYSADMIN" and then doIF NOT EXISTS (SELECT * FROM UserSessionData WHERE SessionID = '1234' AND Key = 'ROLE' AND ',' + Data + ',' LIKE '%,SYSADMIN,%')... raise error ...So now I can have a table "PagePermissions"[PageName] - "FooBar.aspx" or whatever[Roles] - "MEMBER"so I can call an SProc usp_CheckPagePermission, 1234, 'FooBar.aspx'from my page, and it will validate that the current user has enough permissions for the page, or return a "redirect to" URL.AND I can have a maintenance routine which allows editing the PagePermissions table - so I can easily change the required permissions for the page in the database table (no change to ASP code)Might be a bit OTT for your current needs, but jsut thought I'd mention it in case it is of interestKristen |
|
|
|
MarkGG
Yak Posting Veteran
53 Posts |
Posted - 2005-08-10 : 09:24:05
|
I would add a column to your logins table that has a value for access level, either 1, 2, or 3. When a user logs in pull the access level from the database. On the pages you want only certain people to see use a code to verify the session access level such as: <%if Session("ALevel")="0" or Session("ALevel")="" then%> <td align="center"> <a href ="login.asp" target ="showframe"><font size="2" color=#CCFFCC><b>[-LOGIN-]</b></font></a> <%else%> <td align="center"> <a href ="logout.asp" target ="showframe"><font size="2" color=#FFCCCC><b>[-LOGOUT-]</b></font></a> <%end if%> |
|
|
|
|
User Verification