There are 2 user roles :- Student, Teacher.
There are 3 type of users :- admin, Students, Teachers.
Admin's username and password is not store in the database so it is directly check with actual username and password.
Student's and Teacher's username and password is stored in the database so during login username and password is check and redirect to their specific page based on their role.
I used form authentication so that only legitimate user can access their page. But I am getting error(below) when I am running LoginPage.
error:-
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /default.aspx
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.1069.1
What I have tried:
LoginPage.aspx.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;
using System.Configuration;
using System.Web.Security;
public partial class Registration_LoginPage : System.Web.UI.Page
{
Code code = new Code();
SqlConnection con;
SqlCommand cmd;
bool flag = true;
public Registration_LoginPage()
{
con = new SqlConnection();
con.ConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
cmd = new SqlCommand();
}
protected void Page_Load(object sender, EventArgs e)
{
if(!IsPostBack)
{
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now);
Response.Cache.SetNoServerCaching();
Response.Cache.SetNoStore();
}
if(User.Identity.Name !=String.Empty)
{
FormsAuthentication.RedirectFromLoginPage(User.Identity.Name, false);
}
}
protected void btnLogIn_Click(object sender, EventArgs e)
{
try
{
con.Open();
cmd.CommandText = "select * from [Users]";
cmd.Connection = con;
SqlDataReader rd = cmd.ExecuteReader();
if (Request.Form["username"] == "admin" && Request.Form["password"] == "admin")
{
Session["Username"] = Request.Form["username"];
Response.Redirect("/AdminHome/AdminMPage.aspx");
}
else
{
while (rd.Read())
{
if (rd["UserName"].ToString() == Request.Form["username"] && rd["Password"].ToString() == Request.Form["password"])
{
Session["Username"] = rd["UserName"];
flag = false;
break;
}
}
if (flag == true)
lblMsg.Text = "Username and password invalid";
else
{
string roles = rd["Role"].ToString();
if (rd["Role"].ToString() == "Student")
FormsAuthentication.RedirectFromLoginPage(roles, false);
else if (rd["Role"].ToString() == "Teacher")
FormsAuthentication.RedirectFromLoginPage(roles, false);
}
}
}
catch (Exception ex)
{
lblMsg.Text = ex.Message;
}
}
}
web.config
="1.0"
<configuration>
<connectionStrings>
<add name="ConnectionString" connectionString="Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<authentication mode="Forms">
<forms loginUrl="/Registration/LoginPage.aspx">
</forms>
</authentication>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
</system.web>
<location path="FIRST PAGE">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Registration">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="AdminHome">
<system.web>
<authorization>
<allow users="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Student">
<system.web>
<authorization>
<allow roles="Student"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Teacher">
<system.web>
<authorization>
<allow roles="Teacher"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None"/>
</appSettings>
</configuration>