Login Session ASP.NET [closed]protected void UserLogin_Authenticate(object sen

1. Login Session ASP.NET [closed]
2. protected void UserLogin_Authenticate(object sender, AuthenticateEventArgs e)
3. {
4. string roles;
5. string UserName = UserLogin.UserName.Trim();
6. string Password = UserLogin.Password.Trim();
7. string Verify = "Yes";
8. if (AccountChecking.CheckUser(UserName,Password,Verify) == true)
9. {
10. //These session values are just for demo purpose to show the user details on master page
11. Session["User"] = UserName;
12. roles = AccountChecking.GetUserRoles(UserName);
13. Session["Roles"] = roles;
14. //Let us now set the authentication cookie so that we can use that later.
15. FormsAuthentication.SetAuthCookie(UserName, false);
16. //Login successful lets put him to requested page
17. string returnUrl = Request.QueryString["ReturnUrl"] as string;
18.  
19. if (returnUrl != null)
20. {
21. Response.Redirect("Default.aspx");
22. }
23. else
24. {
25. //no return URL specified so lets kick him to home page
26. Response.Redirect("Default.aspx");
27. }
28. }
29. else
30. {
31. UserLogin.FailureText = "Incorrect UserName or Password";
32. }
33. }
34.  
35. public static bool CheckUser(string UserName, string Password, string Verify)
36. {
37. DataTable result = null;
38. try
39. {
40. using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["userDbConnectionString"].ConnectionString))
41. {
42. using (SqlCommand cmd = new SqlCommand("LoginCheck", con))
43. {
44. cmd.CommandType = CommandType.StoredProcedure;
45. cmd.Parameters.Add(new SqlParameter("@UserName", UserName));
46. using (SqlDataAdapter da = new SqlDataAdapter(cmd))
47. {
48. result = new DataTable();
49. da.Fill(result);
50. }
51.  
52. if (Password.Trim() == result.Rows[0]["Password"].ToString().Trim())
53. {
54. if (Verify.Trim() == result.Rows[0]["Verify"].ToString().Trim())
55. {
56. //user id found and Password is matched too so lets do soemthing now
57. return true;
58. }
59. }
60. }
61. }
62. }
63. catch (Exception ex)
64. {
65. //Pokemon exception handling
66. }
67.  
68. //user id not found, lets treat him as a guest
69. return false;
70. }
71.  
72. //Get the Roles for this particular user
73. public static string GetUserRoles(string UserName)
74. {
75. DataTable result = null;
76. try
77. {
78. using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["userDbConnectionString"].ConnectionString))
79. {
80. using (SqlCommand cmd = new SqlCommand("GetUserRole", con))
81. {
82. cmd.CommandType = CommandType.StoredProcedure;
83. cmd.Parameters.Add(new SqlParameter("@UserName", UserName));
84. using (SqlDataAdapter da = new SqlDataAdapter(cmd))
85. {
86. result = new DataTable();
87. da.Fill(result);
88. }
89.  
90. if (result.Rows.Count == 1)
91. {
92.  
93. return result.Rows[0]["roles"].ToString().Trim();
94. }
95. }
96. }
97. }
98. catch (Exception ex)
99. {
100. //Pokemon exception handling
101. }
102.  
103. //user id not found, lets treat him as a guest
104. return "guest";
105. }