Hi guys,
In my web site I'm working on login for simple users who wants just to buy products and the administartors which they have other abilities .
I setup the account for administrator at ASP.NET configuration and the rules.
I create a folder Adminpages which contains the Admin.aspx and a web.config file which it have
="1.0"="utf-8"
<configuration>
<system.web>
<authorization>
<allow users="Administrator" />
<deny users="?"/>
</authorization>
</system.web>
</configuration>
In login page I create the following code:
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
string adm = "admin";
string auth=Convert.ToString(Login1.UserName.ToUpper());
if (auth == adm)
{
Response.Redirect("~/AdminPages/Admin.aspx");
}
else
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ToString());
string aSQL = "select ID_USER, NAME_USER, PASSWORD from [User] where UPPER(NAME_USER)= @USER and UPPER(PASSWORD)=@PASS";
try
{
SqlCommand cmd = new SqlCommand(aSQL, con);
cmd.Parameters.Add("@User", SqlDbType.Char, 10, "UserName").Value = Login1.UserName.ToUpper();
cmd.Parameters.Add("@Pass", SqlDbType.Char, 10, "PASSWORD").Value = Login1.Password.ToUpper();
con.Open();
SqlDataReader dr = cmd.ExecuteReader();
dr.Read();
if (dr.HasRows)
{
Session["user"] = dr["ID_USER"];
Response.Redirect("cart.aspx?ID=" + Request.QueryString["ID"] + "&quant=" + Request.QueryString["quant"]);
}
else
Response.Write("User or password invalid");
}
finally
{
con.Close();
}
}
When I try to enter in shopping cart everything is ok but when i try to login as administrator
nothing happens.
Any idea what i must change in order to work the login in administrator page?
Thnx in advance!
Jason