|
-
May 11th, 2005, 04:13 PM
#1
Thread Starter
New Member
Help with Login - RESOLVED
Hey everyone. I am finishing up on a project I have for school and the last thing that remains is getting my webform to differentiate between and admin and an employee. Basically I have a login and password box that checks against a database and redirects you to either the admin page or the employee page. It works great so far.
The only problem though is that I have no idea how to stop someone from just having to type the webform name and bypassing the login? Can anybody give me some advice on the easiest simplest method to do this?
Last edited by Hristaki82; May 11th, 2005 at 06:18 PM.
-
May 11th, 2005, 04:26 PM
#2
Addicted Member
Re: Help with Login
why dont u have a username and password ( login form) and check if the user and pass exist in ur database or not and if the user name is admin go to admin form else go to employee form
-
May 11th, 2005, 05:02 PM
#3
Thread Starter
New Member
Re: Help with Login
thats exactly how i got it so far and it works. Problem is that if someone wanted to they could just load their browser up and type http://www.whatever.com/admin.aspx without even having to log in
-
May 11th, 2005, 05:07 PM
#4
Tips:
- Google is your friend! Search before posting!
- Name your thread appropriately... "I Need Help" doesn't cut it!
- Always post your code!!!! We can't read your mind!!! (well, at least most of us!)
- Allways Include the Name and Line of the Exception (if one is occuring!)
- If it is relevant state the version of Visual Studio/.Net Framwork you are using (2002/2003/2005)
If you think I was helpful, rate my post 
-
May 11th, 2005, 05:23 PM
#5
Thread Starter
New Member
Re: Help with Login
yeap just realized that. So far I've been using cookies but i ran across a few more problems.
This is part of my code from the button. Basically A means admin and B means employee.
If str1 = txt1 And str2 = txt2 And txt3 = "A" Then
Response.Cookies("ckusername").Value = 1
Response.Cookies("ckusername").Expires=DateTime.Now.AddDays(1)
Response.Redirect("admin.aspx")
ElseIf str1 = txt1 And str2 = txt2 And txt3 = "B" Then
Response.Cookies("ckusername").Value = 2
Response.Redirect("employee.aspx")
End If
I'm trying to get it so that it will only an admin to access a certain page or vise versa only if they got the correct value. On the admin page that I want employees to stay out I've added this code to the form load.
Dim objckusername As HttpCookie
objckusername = Request.Cookies("ckusername")
If objckusername.Value = 1 Then
//continue loading page
ElseIf objckusername.Value = 2 or objckusername.Value = NOTHING Then
Response.Redirect("main.aspx") //back to login page
End If
This code seems to be working fine after I log in as the employee and try to get into the admin page cause it kicks me back to the main page as it should cause i don't have the correct value in my cookie.
The problem right now is that say I choose to skip login and type the direct web address to say the admin page without logging in, instead of getting redirected back to main I get an error.
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.
Source Error:
Line 42: Dim objckusername As HttpCookie
Line 43: objckusername = Request.Cookies("ckusername")
Line 44: If objckusername.Value = 1 Then
Line 45:
Line 46:
-
May 11th, 2005, 05:58 PM
#6
Re: Help with Login
VB Code:
'Assigning the value can be done in one line
Dim objckusername As HttpCookie = Request.Cookies("ckusername")
'Assume that if objckUserName is nothing the cookie has not been set, so we redirect to the login page.
If Not IsNothing(objckuUserName) AndAlso objckusername.Value = 1 Then
'//continue loading page (Why are you using C# style comments?)
Else ' shouldn't require the else if...
Response.Redirect("main.aspx") '//back to login page
End If
Must use AndAlso because the And Operator compares both statements even if the first is false.
Tips:
- Google is your friend! Search before posting!
- Name your thread appropriately... "I Need Help" doesn't cut it!
- Always post your code!!!! We can't read your mind!!! (well, at least most of us!)
- Allways Include the Name and Line of the Exception (if one is occuring!)
- If it is relevant state the version of Visual Studio/.Net Framwork you are using (2002/2003/2005)
If you think I was helpful, rate my post
-
May 11th, 2005, 06:17 PM
#7
Thread Starter
New Member
Re: Help with Login
Everything is working great now. I did some more reading on how cookies work and started to understand them more. Once i realized what an idiot i was I started working on repairing the code. This is how it works now.
Button Code after checking database:
If str1 = txt1 And str2 = txt2 And txt3 = "A" Then
Response.Cookies("ckuseradmin").Value = Request.Form("txtLogin")
Response.Cookies("ckuseradmin").Expires = DateTime.Now.AddDays(1)
Response.Redirect("admin.aspx")
ElseIf str1 = txt1 And str2 = txt2 And txt3 = "B" Then
Response.Cookies("ckuseremployee").Value = Request.Form("txtLogin")
Response.Cookies("ckuseremployee").Expires = DateTime.Now.AddDays(1)
Response.Redirect("employee.aspx")
End If
Page Validator to see if person is authorized on Admin Page:
Dim objckusername As HttpCookie
objckusername = Request.Cookies("ckuseradmin")
If objckusername Is Nothing Then
Response.Redirect("main.aspx")
Else
............
End If
Figured I'd also kill 2 birds with one stone and store the username in there just in case I design another page that needs to check that username with other info.
Thanks a lot everyone for taking the time to help.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote