I'm basically making a web site using VS2008 and SQL Server 2005 which initiates with a login page. Now I want to authenticate the LoginID
and the Password
entered by the user. This authentication will take place once the system has found the ID and Password from the database table. Once found, I want to check whether what kind of user it is i.e. Admin
or Customer
. If the user is admin, then the page should be redirected to abc.aspx
otherwise cde.aspx
.
My front-end for LoginPage is:
<tr>
<td class="style11"> Login </td>
<td>
<asp:TextBox ID="txtUserName" runat="server" Width="300px" CssClass="Textbox1"></asp:TextBox>
</td>
</tr>
<tr>
<td class="style11"> Password </td>
<td>
<asp:TextBox ID="txtPassword" runat="server" TextMode="Password" Width="300px" CssClass="Textbox1"></asp:TextBox>
</td>
</tr>
<tr>
<td colspan="2">
<asp:Button ID="btnSubmit" runat="server" OnClick="btnSubmit_Click" CssClass="btn1"
Text="Submit" />
<asp:Button ID="btnCancel" runat="server" OnClick="btnCancel_Click" CssClass="btn1"
Text="Cancel" />
</td>
</tr>
And my backend code is:
//CODE 1
SqlDataSource sds = new SqlDataSource();
sds.ConnectionString = ConfigurationManager.ConnectionStrings["Gen_LicConnectionString3"].ToString();
sds.SelectParameters.Add("LoginID", TypeCode.String, this.txtUserName.Text);
sds.SelectParameters.Add("Password", TypeCode.String, this.txtPassword.Text);
sds.SelectCommand = "SELECT User_Type FROM [User_Details] WHERE [LoginID]=@LoginID AND [Password]=@Password";
if (//Some Condition) //<-- Here I want to check the condition whether the User_Type is 'Admin' or 'Customer'
{
Response.Redirect("Lic_Gen.aspx"); //<-- If Admin
}
else
{
Response.Redirect("Cust_Page.aspx"); //<-- If Customer
}
//CODE 2
//string connectionString = WebConfigurationManager.ConnectionStrings["Gen_LicConnectionString3"].ConnectionString;
//string selectSQL = "SELECT User_Type FROM User_Details WHERE [LoginID]=@LoginID AND [Password] = @Password";
//SqlConnection con = new SqlConnection(connectionString);
//SqlCommand cmd = new SqlCommand(selectSQL, con);
//SqlDataAdapter adapter = new SqlDataAdapter(cmd);
//DataSet ds = new DataSet();
//if (cmd.Equals(1))
//{
// Response.Redirect("Lic_Gen.aspx");
//}
//else
//{
// Response.Redirect("Cust_Page.aspx");
//}