0

I want to retrieve session value(username) from the login page.
I have to verify the user by their username to make the access right control for certain page. In my application, i want to control the access right to "ViewAllProject.aspx" page.

I have save the username in session in login page.
Here is my login code that save username in session:

protected void btnEnter_Click(object sender, EventArgs e)
        {
            String username = txtUsername.Text;
            String password = txtPassword.Text;

            if (rdoUser.SelectedItem.Value == "BDE")
            {
                    SqlConnection SQLConn = new SqlConnection(@"Data Source=sawapp501;Initial Catalog=BDAS;Integrated Security=SSPI");
                    string selectString = "SELECT * FROM BDE WHERE username=@username AND password=@password";

                    SqlCommand cmd = new SqlCommand(selectString, SQLConn);

                    //Prevent SQL Injection.
                    cmd.Parameters.AddWithValue("@username", username);
                    cmd.Parameters.AddWithValue("@password", password);

                    SQLConn.Open();
                    SqlDataReader sdr = cmd.ExecuteReader();

                    bool found = false;
                    
                    if (sdr.Read()) found=true;

                    sdr.Close();
                    SQLConn.Close();

                    if (found)
                    {
                        Session["user1"] = username;
                        Response.Redirect("MainPage.aspx");
                    }

                    else
                    {
                        Response.Write("<script>alert('Invalid Username or Password!!!')</script>");
                      
                    }
            }

In my main page, i have try to retrieve the session value when user click the button that will redirect to "ViewAllProject.aspx" page to control the access to that page.

Below is my coding to control the access right:

protected void btnViewProject_Click(object sender, EventArgs e)
        {
            if (Session["user1"] == "maria")
            {
                Response.Redirect("ViewAllProject.aspx");
            }

            else if (Session["user1"] == "sally")
            {
                Response.Redirect("ViewAllProject.aspx");
            }

            else
            {
                Response.Write("<script>alert('You not permitted to access the page...')</script>");            
            }
        }

When i execute the code, there is no error. But, when i click the button to redirect to the "ViewAllProject.aspx" , it keep respond the message "You not permitted to access the page..." even though i have login as "maria" or "sally" that is the person who have permission to access the page.

I don't know what's wrong because there is no error occur.
Please someone help me...

4
Contributors
5
Replies
8
Views
7 Years
Discussion Span
Last Post by maria_mj
-1

I want to retrieve session value(username) from the login page.
I have to verify the user by their username to make the access right control for certain page. In my application, i want to control the access right to "ViewAllProject.aspx" page.

I have save the username in session in login page.
Here is my login code that save username in session:

protected void btnEnter_Click(object sender, EventArgs e)
        {
            String username = txtUsername.Text;
            String password = txtPassword.Text;

            if (rdoUser.SelectedItem.Value == "BDE")
            {
                    SqlConnection SQLConn = new SqlConnection(@"Data Source=sawapp501;Initial Catalog=BDAS;Integrated Security=SSPI");
                    string selectString = "SELECT * FROM BDE WHERE username=@username AND password=@password";

                    SqlCommand cmd = new SqlCommand(selectString, SQLConn);

                    //Prevent SQL Injection.
                    cmd.Parameters.AddWithValue("@username", username);
                    cmd.Parameters.AddWithValue("@password", password);

                    SQLConn.Open();
                    SqlDataReader sdr = cmd.ExecuteReader();

                    bool found = false;
                    
                    if (sdr.Read()) found=true;

                    sdr.Close();
                    SQLConn.Close();

                    if (found)
                    {
                        Session["user1"] = username;
                        Response.Redirect("MainPage.aspx");
                    }

                    else
                    {
                        Response.Write("<script>alert('Invalid Username or Password!!!')</script>");
                      
                    }
            }

In my main page, i have try to retrieve the session value when user click the button that will redirect to "ViewAllProject.aspx" page to control the access to that page.

Below is my coding to control the access right:

protected void btnViewProject_Click(object sender, EventArgs e)
        {
            if (Session["user1"] == "maria")
            {
                Response.Redirect("ViewAllProject.aspx");
            }

            else if (Session["user1"] == "sally")
            {
                Response.Redirect("ViewAllProject.aspx");
            }

            else
            {
                Response.Write("<script>alert('You not permitted to access the page...')</script>");            
            }
        }

When i execute the code, there is no error. But, when i click the button to redirect to the "ViewAllProject.aspx" , it keep respond the message "You not permitted to access the page..." even though i have login as "maria" or "sally" that is the person who have permission to access the page.

I don't know what's wrong because there is no error occur.
Please someone help me...

Hi

it's as Simple as this ...
username = Session["user1"]

Mark as solved if it helps you!!!

0

i have try the code. But i get error.
following is the code:

protected void btnViewProject_Click(object sender, EventArgs e)
        {
            [B]string username = Session["user1"];[/B]

            if (username == "yati")
            {
                Response.Redirect("ViewAllProject.aspx");
            }

            else if (username == "shah")
            {
                Response.Redirect("ViewAllProject.aspx");
            }

            else
            {
                Response.Write("<script>alert('You not permitted to access the page...')</script>");            
            }
        }

the error is:
Cannot implicitly convert type 'object' to 'string'. An explicit conversion exists (are you missing a cast?)

where to fix it??

0

You need to use Convert.ToString().it should be like this

string username = Convert.ToString(Session["user1"]);


i have try the code. But i get error.
following is the code:

protected void btnViewProject_Click(object sender, EventArgs e)
        {
            [B]string username = Session["user1"];[/B]

            if (username == "yati")
            {
                Response.Redirect("ViewAllProject.aspx");
            }

            else if (username == "shah")
            {
                Response.Redirect("ViewAllProject.aspx");
            }

            else
            {
                Response.Write("<script>alert('You not permitted to access the page...')</script>");            
            }
        }

the error is:
Cannot implicitly convert type 'object' to 'string'. An explicit conversion exists (are you missing a cast?)

where to fix it??

0

Session is dictionary object where the data type of Key and Value is object.

protected void btnViewProject_Click(object sender, EventArgs e)
        {
         if(Session["user1"]!=null) 
         {   
            string username = Session["user1"].ToString();

            if (username == "yati")
            {
                Response.Redirect("ViewAllProject.aspx");
            }

            else if (username == "shah")
            {
                Response.Redirect("ViewAllProject.aspx");
            }

            else
            {
                Response.Write("<script>alert('You not permitted to access the page...')</script>");            
            }
           }
        }
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.