分享程序员开发的那些事...
更新时间:2023-12-01 17:33:16
哦,亲爱的......
从不存储明文密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]但更好(特别是基于角色的登录系统)根本不自己酿造 。
相反,请查看成员资格: MSDN - 会员介绍 [ ^ ]它提供了一个基于角色的安全会员系统,专为您要做的事情而设计。
好吧,我的错:我错过了WinForms位:忽略会员资格,只是正确实施密码。
然后你登录时所要做的就是检查角色并打开相应的表格:string role = ...
表格frm = null ;
switch (role.ToLower())
{
case user:
frm = new FrmUserRole();
break ;
case admin :
frm = new UserPanelFrm();
break ;
}
如果(frm!= null )
{
隐藏();
frm.ShowDialog();
Show();
}
BTW:请重命名你的表格 - 尽量保持一致,下次你的生活会变得更轻松必须看看它...
当你进行身份验证时,你可以通过更改选择声明获得StaffID从tbl_Staff中选择StaffID,其中Username = @ Username and Password = @ Password
如果您的数据表有行意味着身份验证成功,那么您已经这样做了。如果你得到的值dt.Rows [0] .ItemArray [0]value给你StaffID。
接下来执行下面的givn声明value作为参数从tbl_StaffRoles中选择RoleDescription,其中[ id] = @id
然后你可以阅读分配给给定用户的角色,根据该值你可以决定打开哪个表格。
Hello, I want to create a Login form which redirects the user login to the two different form according to the roles of users. I have two forms 1. UserPanelFrm and 2.FrmUserRole and two user role . 1. Admin and 2.User . I want to redirect Admin to UserPanelFrm and User to form FrmUserRole. I researched for this process but only could found useful resources for ASP.NET.
tbl_Staff :
CREATE TABLE [dbo].[tbl_Staff](
[StaffID] [int] IDENTITY(1,1) NOT NULL,
[Name] [nvarchar](100) NOT NULL,
[Address] [nvarchar](500) NULL,
[Phone] [nvarchar](100) NULL,
[Email] [nvarchar](100) NULL,
[JoinedDate] [date] NULL,
[Username] [nvarchar](50) NULL,
[Password] [nvarchar](max) NULL,
[CreatedDate] [date] NULL,
[Roles] [nvarchar](200) NULL,
[Status] [int] NULL
}
tbl_StaffRoles :
CREATE TABLE [dbo].[tbl_StaffRoles](
[id] [int] NULL,
[RoleDescription] [nvarchar](50) NULL
)
tbl_StaffRoles data :
id RoleDescription
1 Admin
2 User
Hi , I am currently using following code for normal login.
LoginForm btnLogin :
private void btnLogin_Click(object sender, EventArgs e)
{
try
{
int result = uc.Login(txtUserName.Text, txtPassword.Text);
if (result == 1)
{
this.Hide();
UserPanelFrm frm = new UserPanelFrm();
frm.ShowDialog();
this.Close();
}
else
{
MessageBox.Show("INVALID USERNAME OR PASSWORD");
MakeFieldBlank();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
UserClass.cs Login class :
public int Login(String Username, String Password)
{
try
{
int result = 0;
SqlCommand cmd = new SqlCommand("Select * from tbl_Staff where Username=@Username and Password=@Password", conn);
cmd.Parameters.AddWithValue("@Username", Username);
cmd.Parameters.AddWithValue("@Password", Password);
conn.Open();
SqlDataReader dr = cmd.ExecuteReader();
DataTable dt = new DataTable();
dt.Load(dr);
conn.Close();
if (dt.Rows.Count > 0)
result = 1;
else
result = 0;
return result;
}
catch (Exception ex)
{
throw ex;
}
}
Oh, dear...
Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]But better (particularly for a role-based login system) don't "brew it yourself" at all.
Instead, look at Membership: MSDN - Introduction to Membership[^] it provides a role based, secure membership system that is designed for what you are trying to do.
OK, my fault: I missed the WinForms bit: ignore membership, just implement passwords properly.
Then all you have to do when they log in is check the role and open the appropriate form:string role = ... Form frm = null; switch(role.ToLower()) { case "user": frm = new FrmUserRole(); break; case "admin": frm = new UserPanelFrm(); break; } if (frm != null) { Hide(); frm.ShowDialog(); Show(); }
BTW: Please, rename your forms - try to be consistent, it makes life a lot easier next time you have to look at it...
when you authenticate you can get the StaffID by changing the select statement"Select StaffID from tbl_Staff where Username=@Username and Password=@Password"
if your datatable having rows means authentication success, you already done that. if you get the value ofdt.Rows[0].ItemArray[0]value gives you StaffID .
next execute below statement by givn above value as parameter"select RoleDescription from tbl_StaffRoles where [id]= @id"
then you can read the role assigned to given user, based on that value you can decide which form to open.