How to tie in a VB.net login page with a sql user and Web.config in vb.net

Question

rjDeveloper 0 Newbie Poster

1 Year Ago

Hello,
I have a typical login page in vb.net (Asp.net). It checks a sql table for a user/pw. If admin1 user they get directed to admin page. if not, they go to basic users page. I put this below code in my web.config page in the testlogin folder. (which I want to be secure, only admins can get to this page)
I don't want someone to be able to go to ww.mywebpage.com/testlogin/securepage1.aspx and view page.

How do I get the user "Admin1" from my login page that is validated in sql and pass that on and have the web.config grant admin1 access to securepage1.aspx
I am not using roles from MS SQL

<?xml version="1.0"?>
<location path="/testlogin/securepage1.aspx">
<system.web>
<authorization>
<allow users="Admin1"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

asp.net login sql

1 Contributor
1 Reply
68 Views
1 Day Discussion Span
Latest Post 1 Year Ago Latest Post by rjDeveloper

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

rjDeveloper 0 Newbie Poster · Answer 1 · 2022-11-22T03:31:56+00:00

This is my code that is working. It transfers the users to securepage1.aspx if they are Admin1 user and enter correct pw.
What I am not sure how to do is only let admin1 user to this securpage1.aspx.
I am afraid if someone browses to this page at the moment, they can view it
http://companywebpage.com/testlogin/securepage1.aspx"
that is why I put in "allow users=Admin1 in webconfig, I just dont' know how the Webconfig files checks for this user.
thanks

    Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
     Using con As New SqlConnection(constr)
        con.Open()
    Dim sql As String = "select * from TBLLogin where loginID=@loginID and Loginpw=@loginpw"
    cmd = New SqlCommand(sql, con)
    cmd.Parameters.AddWithValue("loginid", TxtboxLoginID.Text)
    cmd.Parameters.AddWithValue("loginpw", TxtBoxPW.Text)
    adapter = New SqlDataAdapter(cmd)
    Dim ds As New DataSet
    adapter.Fill(ds)
      If (ds.Tables(0).Rows.Count > 0) Then
       Session(pvloginid) = TxtboxLoginID.Text
      If TxtboxLoginID.Text = "Admin1" Then
        Response.Redirect("/testlogin/securepage1.aspx")
      Else
        Response.Redirect("/Companydatapage/CompanyData1.aspx")
      End If
       Else
         LblErrormsg.Text = ("Invalid ID or Password")
          End If
    End Using
    End Sub