ASP.NET 登录以授予对特定类型人群的访问权限

Posted 2023-05-07

【中文标题】ASP.NET 登录以授予对特定类型人群的访问权限

【英文标题】：ASP.NET Login to grant access to specific type of group of people

【发布时间】：2018-10-03 14:38:03

【问题描述】：

有一个我需要设置的 asp.net(vb.net) 登录页面，以根据 EmployeeTypeID 授予用户访问权限。以下代码需要从Access vb6转成vb.net或者用vb.net编写

    If rs!EmployeeTypeID = 2 Then
        rs.Close
        Me.LoginLabel.Visible = False
        DoCmd.OpenForm "DetectIdleTIme", , , , , acHidden
        DoCmd.OpenForm "frmProcessTimer", , , , , acHidden
        DoCmd.OpenForm "frmCRMControlCenter"
        DoCmd.Close acForm, Me.Name
        Exit Sub
    End If
    If rs!EmployeeTypeID = 3 Then
        Dim prop As Property
        On Error GoTo SetProperty
        If MsgBox("Would you like to turn on the ByPass Key?", vbYesNo, "Allow Bypass?") = vbYes Then
            CurrentDb.Properties("AllowBypassKey") = True
        Else
            CurrentDb.Properties("AllowBypassKey") = False
        End If
        rs.Close
        Me.LoginLabel.Visible = False
        DoCmd.OpenForm "DetectIdleTIme", , , , , acHidden
        DoCmd.OpenForm "frmProcessTimer", , , , , acHidden
        DoCmd.OpenForm "frmCRMControlCenter"
        DoCmd.Close acForm, Me.Name
        Exit Sub

【问题讨论】：

您编写问题的方式意味着您希望我们为您完成此工作产品，而不是针对您在处理代码时遇到的问题提出问题。完成您（或团队或组织等）不了解的工作产品是顾问的职责。

只需要斯蒂芬·赖顿的建议。

好的，我想出了一些事情，但现在我希望每个基于employeeTypeID 的用户被重定向到某个页面。一直转到同一页面。

大家好，感谢您的意见，度过了沮丧的一天。找出我的问题并在 2 小时内完成了很多工作，而不是我在 8 小时内完成的工作。 :)

【参考方案1】：

这应该会有所帮助:)

Protected Sub UserLogin()
    Dim Username As String = Me.txtUserName.Text
    Dim Password As String = Me.txtPassword.Text

    Dim Connstr As String = "SERVER:BLAHBALHUID" ' Your connection string <<<<
    Dim con As SqlConnection = New SqlConnection(Connstr)
    'Query string - using paramters (@User and @Pwd to set the username and password criteria)
    Dim qry As String = "SELECT Username, Password, EmployeeTypeID FROM Employees WHERE Username =@User AND Password=@Pwd"
    Dim cmd As SqlCommand = New SqlCommand(qry, con)

    'Using cmd.paramters means that you wont get any SQL injections 
    '- definately google SQL injections and check out some of the Youtubes!! :)

    cmd.Parameters.Add("@User", SqlDbType.VarChar).Value = Username
    cmd.Parameters.Add("@Pwd", SqlDbType.VarChar).Value = Password

    con.Open()
    Dim rdr As SqlDataReader = cmd.ExecuteReader
    Dim Found_A_Record As Boolean = False
    Dim EmployeeType As String = Nothing
    While rdr.Read
        'if there is a row - then we have found the username and password that matches
        'Therefore - this must be a user with the username and matching password
        Found_A_Record = True
        EmployeeType = rdr("EmployeeTypeID")
    End While
    cmd.Dispose()
    con.Close()

    If Not Found_A_Record Then
        'No records found - exit? or do whatever would be for not correct details
    End If

    Select Case EmployeeType
        Case "1"
            Response.Redirect("~/CustomerRelationshipManagement.aspx")
        Case "2"
            Response.Redirect("~/CRMControlCenter.aspx")
        Case "3"
            Response.Redirect("~/CRMControlCenter.aspx")
        Case Else
            Response.Write("<script>alert('Incorrect Username or Password.', 'Login Failed')</script>")
    End Select


End Sub