HI, I am trying to redirect users to the appropriate page based on the company role stored in the database. I have written the following code, but it doesn't seem to work. If the role is anything other than 'Admin', companyuser.asp x should load. Also, I am trying to append the user ID and username to the URL. At the moment it is hardcoded. Does anyone know how to obtain this from the db? Thanks in advance for your help!
Code:
protected void btnLogin_Authenticate(object sender, EventArgs e)
{
SqlDataSource sds = new SqlDataSource();
sds.ConnectionString = ConfigurationManager.ConnectionStrings["MyConnection"].ToString();
sds.SelectParameters.Add("Email", TypeCode.String, this.login_username.Text);
sds.SelectParameters.Add("Password", TypeCode.String, this.login_password.Text);
sds.SelectCommand = "SELECT * FROM Member WHERE [Email] = @Email AND [Password] = @Password";
DataView dv = (DataView)sds.Select(DataSourceSelectArguments.Empty);
SqlConnection myConnection;
SqlCommand myCommand;
SqlDataReader myDataReader;
myConnection = new SqlConnection(GetConnectionString());
myConnection.Open();
//prepare sql statements
myCommand = new SqlCommand("SELECT * FROM Member", myConnection);
myDataReader = myCommand.ExecuteReader();
if (dv.Count == 0)
{
Response.Redirect("~/loginattempt.aspx");
}
else
{
while (myDataReader.Read())
{
string companyrole = myDataReader["CompanyRole"].ToString();
if (companyrole.Equals("Admin"))
{
int ID = 10;
string name = "Admin";
Response.Redirect("~/companyadmin.aspx?id=" + ID + "&name=" + name);
}
else
{
int ID = 10;
string name = "Developer";
Response.Redirect("~/companyuser.aspx?id=" + ID + "&name=" + name);
}
}
}
//cleanup objects
myDataReader.Close();
myConnection.Close();
}
Comment