DaniWeb IT Discussion Community - Help with Roles Stored in SQL database

Hi,

I really need some help I've been banging my head again wall with this one.

I have created login page, username and password stored in sql database but now I need to add roles to webpage. Need them to be stored in database because the high amout of users that will be using this webpage.

Just about every example is in C-sharp and I dont have clue how to program in that language, so I had to piece it together with my own code so I need someone's help to look over my code.

I know this post is long.

thanks

Global.asax

Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
If Not (HttpContext.Current.User Is Nothing) Then
If HttpContext.Current.User.Identity.IsAuthenticated Then
If TypeOf HttpContext.Current.User.Identity Is FormsIdentity Then
Dim id As FormsIdentity = CType(HttpContext.Current.User.Identity, FormsIdentity)
Dim ticket As FormsAuthenticationTicket = id.Ticket
Dim userData As String = ticket.UserData
Dim roles As String() = userData.Split("admin")
HttpContext.Current.User = New GenericPrincipal(id, roles)
End If
End If
End If
End Sub

Web.Config

<authentication mode="Forms">
<forms name="MYWEBAPP.ASPXAUTH"
loginUrl="login.aspx"
protection="All"
path="/"/>
</authentication>
<authorization>
<allow users="*"/>
<allow roles="admin" />
</authorization>

Login.aspx.vb

Imports System.Web.Security
Imports System.Web
Imports System.Data
Imports System.Data.SqlClient

Public Class WebForm1
Inherits System.Web.UI.Page
Protected username As TextBox
Protected Password As TextBox
Protected ErrorLabel As Label
#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()

End Sub

'NOTE: The following placeholder declaration is required by the Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub

#End Region

Sub btnLogin_Click(ByVal sender As Object, ByVal e As EventArgs)
FormsAuthentication.Initialize()
Dim conn As SqlConnection = New SqlConnection("Server=(x);UID=x;Password=x;Database=x") Dim cmd As SqlCommand = conn.CreateCommand
cmd.CommandText = "SELECT roles FROM users WHERE username=@username " + "AND password=@password"

cmd.Parameters.Add("@username", username.Text)

cmd.Parameters.Add("@password", Password.Text)

conn.Open()

Dim reader As SqlDataReader = cmd.ExecuteReader

If reader.Read Then
Dim ticket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, username.Text, DateTime.Now, DateTime.Now.AddMinutes(30), True, reader.GetString(0), FormsAuthentication.FormsCookiePath)
Dim hash As String = FormsAuthentication.Encrypt(ticket)
Dim cookie As HttpCookie = New HttpCookie("MYWEBAPP.ASPXAUTH")
If ticket.IsPersistent Then
cookie.Expires = ticket.Expiration
End If
Response.Cookies.Add(cookie)
Dim returnUrl As String = Request.QueryString("ReturnUrl")
If returnUrl Is Nothing Then
returnUrl = "default.aspx"
End If
Response.Redirect(returnUrl)
Else
ErrorLabel.Text = "Username / password incorrect. Please try again."
ErrorLabel.Visible = True
End If
reader.Close()
conn.Close()
End Sub

End Class

Login.aspx

<html>
<head>
<title>Welcome</title>
<script runat="server">
sub Page_Load(Object sender, EventArgs e)

if (User.IsInRole("Admin"))
AdminLink.Visible = true;

end sub
</script>
</head>
<body>
<h2>Welcome</h2>
<p>Welcome, anonymous user, to our web site.</p>
<asp:HyperLink id="AdminLink" runat="server"
Text="Administrators, click here." NavigateUrl="administrators/"/>
</body>
</html>