populate listbox based on user credentials

  • Thread starter Thread starter Victor
  • Start date Start date
V

Victor

Hello there,

I have a problem but i don't know how to solve it. I have a Login page
where i use Form based authentication and i use sql server. When the
user is logged in he is redirected to the correct page. I have users
that work in different shops. I want to populate datagrids, listboxex
etc based on the user credentials. How can i do this, do i have to
make sql queries for that or is there another way? Are ther good
examples on the net to do this?

Please help!

Thnx,

Victor
 
Victor,

As soon as you use the Authenticate, RedirectFromLoginPage, or
SetAuthencationCookie methods from the FormsAuthentication class you
authenticate a user. But the first argument from these methods is very
important for your needs.

For example let's say one of your guys logs in and the SQL Server database
returns the primary key record from the employee table denoting this user.
Let's assume this is your stored procedure content:
"Select email From tbl_Employee Where email=@email And password=@password".
If this query returns one value, an email from the database then we know
this guy supplied the two critical parameters (@Email & @Password), thus he
gave enough information to prove he knows his stuff.

Continuing on I use the ExecuteScalar method from the SqlCommand object to
return either an email address or nothing.

returnValue = cmd.ExecuteScalar();
if(returnValue.Length > 0)
FormsAuthentication.RedirectFromLoginPage(returnValue, false);

So what just happened here is using the RedirectFromLoginPage method I
passed the value returned from the Database which should be that employees
primary key field and in this case his pk is an email address which is
perfectly OK.

Now the guy is redirected to the page he was trying to access or you can use
a reponse.Redirect to move him where ever you want. Once he's at this secure
page and he's an authenticated user you will now add some logic to your
page.load event checking who this guy is. How you do this is as such:

if (Context.User.Identity.Name == "(e-mail address removed)")
// do this
else if (Context.User.Identity.Name == "(e-mail address removed)")
// do this


I admit the above segment of code is pretty weak & not scalable but you'd
really have to look at what you're trying to accomplish then apply these
techniques. There's another idea which is using roles instead of unique
individuals to filter your pages, this saves you from a lot of maintenance
as people are hired, fired, move,... I recommend you read this two-part
article if you want to use roles authorization.
www.ondotnet.com/pub/a/dotnet/2004/02/02/effectiveformsauth.html
 
I'm doing the same thing. What I did, in my SQL DB, I created a Creds
table, and setup a AccessLevel system. It's 3 digit, so I have a whole l,ot
of flexibility, but after the user authenticates with ASP.NET, it grabs this
info and I do a select on the AccessLevel, and then just add the logic for
what you need each access level to do. You could apply it in a departmental
way as well.

HTH
JLW
 
Back
Top