Stored Procedure For User Authentication

I have a stored procedure that checks , for user authentication , but now i want to define the roles for user , there is one admin and another users/members so i want to keep a check whether its a user or an admin and perform authentication accordingly....

CREATE PROCEDURE [dbo].[spAuthenticateUser]
	@USerName nvarchar(20),
	@Password nvarchar(20)
AS
Begin
		Declare @Count int

		Select @Count = COUNT (USerName) from USerData 
		where [USerName]=@USerName and [Password]=@Password

		if(@COUNT=1)
		Begin
			Select 1 as ReturnCode
		End
		Else
		Begin
			Select -1 as ReturnCode
		End
End

Open in new window


Code for Login.aspx

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
using System.Web.Security;

namespace housing1
{
    public partial class Login : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void Button1_Click(object sender, EventArgs e)
        {
            if (AuthenticateUser(TextBoxUN.Text, TextBoxP.Text))
            {
                FormsAuthentication.RedirectFromLoginPage(TextBoxUN.Text, CheckBoxRM.Checked);
                Response.Redirect("/webform1.aspx");
            }
            else
            {
                lblMessage.Text = "Invalid Username Or Password";
            }
        }

        private bool AuthenticateUser(string username, string password)
        {

            string CS = ConfigurationManager.ConnectionStrings["HousingConnectionString"].ConnectionString;

            using (SqlConnection conn = new SqlConnection(CS))
            {
                SqlCommand cmd = new SqlCommand("spAuthenticateUser", conn);
                cmd.CommandType = CommandType.StoredProcedure;


                SqlParameter paramUsername = new SqlParameter("@UserName", username);
                SqlParameter paramPassword = new SqlParameter("@Password", password);

                cmd.Parameters.Add(paramUsername);
                cmd.Parameters.Add(paramPassword);

                conn.Open();
                int ReturnCode = (int)cmd.ExecuteScalar();
                return ReturnCode == 1;
            }
        }
    }
}

Open in new window

Sukesh ShuklaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Easwaran ParamasivamCommented:
Well. In the SP you just validated whether the username and password exists in the DB. The Role is not taken place. Add a table which stores the UserName and Role accordingly. While designing consider whether one user could have more than one role or not. If so, design your table accordingly.

BTW, in the Sqlparameter datatype is not mentioned. Please mention that along with the length as 20.
In the SP, use the Role table accordingly to check the role.

Otherwise your code looks good.


HTH.
0
Prakash SamariyaIT ProfessionalCommented:
There are two thing 1) Authentication and 2) Authorization
Authentication: used to verify the user.
Authorization:  used to verify the user for the particular(s) action that he/she wants to perform.

Your code looks like Okay for Authentication!

You need to create table for Roles and mapping for Roles and Users; then you can get the Role for the current users and perform actions based on that!

Please check below link which describes the authentication and (Role base) authorization in details
http://www.codeproject.com/Articles/36836/Forms-Authentication-and-Role-based-Authorization
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.