Login Situation

[ietprofessional]

OK. I have a login situation that I might need help with.

I have three SQL Server 2000 tables that have login information for customer, employees, and business owners.

Each one of these user profiles have separate sections in my application, separated by folders.

I want them all to login from the same login in page which is in my public folder.

I want them to try to login and if their user name is found in the customer table then they will be lead to the customer section exclusively, if they login with an employee username then they will be led to the employee section and so on.

Can someone help me on how to do this?

Is there a way of only allowing certain users to be in certain places?

Thanks,
Harold

 

[crazyboybert]

I don't have much experience with this and maybe sending you off on the wrong path here but you may want to look at role-based security for achieving this. Google has heaps to say on the matter ;-)

http://www.google.co.uk/search?q=asp.net+role+based+security&ie=UTF-8&oe=UTF-8&hl=en&meta=

Rob

Go placidly amidst the noise and haste, and remember what peace there may be in silence - Erhmann 1927

 

[jzelhart]

I think you would need to check the Login against all three tables one at a time. Is there a way to make sure that the same login isn't used in more than one? Could you have made one table that had a Type field in it noting if they were a customer, employee or business owner?

Hope everyone is having a great day!

Thanks - Jennifer

 

[yu217171]

Hi, I'm not sure if you have a login table or not but it's probably a good idea to have one. Then you can categorize the users and assign them a "security clearance level" (0 - Customer, 1 - Employees etc). Then you can query this table and prohibit/allow access based on your user levels.

HTH,

Keith

 

[jen89]

I have done something like this:

select 'cust' AS LOGTYPE, name AS USERNAME, pass as PASSWORD
FROM
tblCustomer
UNION
select 'emp' AS LOGTYPE, username as USERNAME, password AS PASSWORD
from tblEmployee
UNION
select 'bus' AS LOGTYPE, username as USERNAME, password AS PASSWORD
from tblBusiness
[code]

The result would be a group of rows that have three fields (of course, use whatever fields you want for your project.)  These fields would be LOGTYPE, USERNAME, and PASSWORD.  Even if the equivalent fields have different names in the different tables, you can give them an alias like I did in this example and refer to them by that.  In this example, all employee records will have a LOGTYPE of 'emp', all business records are 'bus', etc.  Even if there are duplicates, this extra field will make each record distinct as well as flagging its origin.  

Next, make some kind of security check that you can include for each page and/or your menus.  It can use a case statement based on LOGTYPE and allow or disallow users into different pages or menu options.

That is a pretty general overview of how I have handled similar things in the past.  If you like this approach, I can answer additional questions about it if you want.

 

[AtomicChip]

Another thought (take it with a grain of salt...):

I, personally, would set it up so that all users are from the same table named, say... Oh, why not - "Users". That table would have a field called "UserType". The table would look something like this:

tblUsers
--------
UserID     (int -> AutoInc.)
UserName   (varchar(50))
Password   (varchar(50))
UserTypeID (int)

tblUserTypes
------------
UserTypeID  (int)
Description (varchar(255))

To represent this data in code, I would create a user class with the properties stored in the database. Kind of like this:

User (Class)
    .UserID
    .UserName
    .Password
    .UserType

Every time a page loads, I would create an instance of the user (if they're logged in) and then redirect them to wherever they're supposed to be.

Once the groundwork's done, it's easy to use. It might look something like this:

private void Page_Load(object sender, System.EventArgs e)
{
// You'd have to write this function...
if(User.IsAuthenticated())
{
    //Get UserID from stored cookie maybe?
    int _UserID = Convert.ToInt32(Request.Cookies["MySitesUser"]["UserID"]);
    MySite.User _User = new MySite.User(_UserID);

    // Redirect user based on user type
    switch (_User.UserTypeID)
    {
        case 0: // User is a business owner here
            Response.Redirect("/BizOwners.aspx");
            break;
        case 1: // User is an employee
            Response.Redirect("/Employee.aspx");
            break;
        case 2: // User is a customer
            Response.Redirect("/Customers.aspx");
            break;
    }
}
}

In my (personal) codebehind, I'd actually replace the integer value of the UserType with some kind of a UserType enum (but this post has already become long-winded enough).

Hope this helps. Let me know if you have any further questions.

-----------------------------------------------

http://www.liquidfuzion.com

"The night sky over the planet Krikkit is the least interesting sight in the entire universe."
-Hitch Hiker's Guide To The Galaxy

 

[ietprofessional]

I don't have much time right now to but wanted to add the reason I need to use the three tables. Firstly, they are already in existence and have data in them. Secondly, the relationships formed in the database calls for some users to have data relationship with *certain* tables.

Thanks for all your help on this subject.

I think this is very important to talk about.

-Harold