So I have made a Page called AdminPanel.aspx which I am trying to protect in a way that Only A Specific Usergroup can access it .

My user Table in SQL has a Column for the Usergroup Where Normal users Usergroup = 1 and Admins usergroup = 2 , that is how the users are categorized.

I can setup the page, but i have no idea how i can protect it from a specific Usergroup # From Accessing it , And as a matter of fact how do i prevent Not logged in users from accessing it?

Once a user does login , I have made sure a session is created .

Im using a 3 Layer Architecture as follows :

Entity Layer , Business Layer and Data Access Layer ,

The Login Function i've done so far is as follows :

string mail = Request["EmailAddress"].ToString();
            string password = Request["PassWord"].ToString();
                User newuser = new User(mail, password);


                if (UserBClass.verifyUser(newuser))
                {
                    newuser = UserBClass.login(newuser);

                    Session["User_Session"] = newuser;
                    var my = (User)Session["User_Session"];

                    if (my.Usergroup == "1")
                    {
                        Page.ClientScript.RegisterStartupScript(this.GetType(), "redirect member",
                                                        "alert('You Are Now Successfully Logged In!'); location.href='Default.aspx';",
                                                        true);
                    }
                    else if (my.Usergroup == "2")
                    {
                        Page.ClientScript.RegisterStartupScript(this.GetType(), "redirect administrator",
                                                         "alert('Welcome Admin!'); location.href='AdminPanel.aspx';",
                                                         true);
                    }

                }
                else {

                   Page.ClientScript.RegisterStartupScript(this.GetType(), "redirect wrong credentials",
                 "alert('Incorrect Username Or Password'); location.href='Login.aspx';",
                 true);

                }
            } 

I check the Usergroup using a if condition to differentiate from the type of user(Normal , Admin .. etc) ..

Any Ideas?

Related posts

Recent Viewed