login code Redirect do not work

Question

I made a web application and I want to Login in admincp for adminstrator and modcp for modrator manager. this is code for login page :

protected void btnOk_Click(object sender, EventArgs e)
{
    try
    {
        string user_n = txtUser.Text;
        string pass_n = txtPass.Text;
        Int32 res = 0;


        DAL.DAL log = new DAL.DAL();
        res = log.login_user_form(user_n, pass_n);




        if (res == 1)
        { 

           if (user_n == "admin")
              {
                  Response.Redirect("manage/AdminPage.aspx");
              }
       else 
         {
            Response.Redirect("modcp/defult3.aspx");
        }


        }
        else
        {
            lblRes.Text = "error username or password";
        }
    }
    catch (Exception ex)
    {
        lblRes.Text = ex.ToString();
    }


}

and in DAL layer this code :

public Int32 login_user_form(String username, String password)
{
    int res = 0;
    con = new SqlConnection(strcon);
    SqlCommand cmd = new SqlCommand("EXEC chek_user '" + username + "' , '" + password + "'", con);

    try
    {
        con.Open();
        if (cmd.ExecuteScalar() == null)
        {
            res = 0;
        }

        else
        {
            res = 1;
        }

        con.Close();

    }
    catch (SqlException)
    {
        throw;
    }

    return res;
}

and this is my stored procedures :

@username nvarchar(50) , @password nvarchar(50)
AS
BEGIN

SET NOCOUNT ON;
    SELECT username_l1 , password_l1 
    FROM user_L1
    WHERE username_l1 = @username AND password_l1 = @password
END

this cod in page login.aspx in work without this line:

Response.Redirect("manage/AdminPage.aspx");

if I clear this code and write :

txtPass.Visible = false;
lblRes.Text = "mesesege";

That is work corect but without Response.Redirect, it doesn't?

(I dont know how work whit session for level access)

Have you considered using the ASP.NET Membership providers instead of rolling your own? http://www.asp.net/web-forms/tutorials/moving-to-aspnet-20/membership — BStateham, Jan 09 '13 at 16:23
So, if the username is admin, you're not checking the password? I think I see a security hole. — zimdanen, Jan 09 '13 at 16:25
since you are expecting it to be admin in order for the redirect code to execute. what about trying txtUser.text.trim() — ZedBee, Jan 09 '13 at 16:31
this is code for web.config in manager folder : and this is code for web.config in root: — Strawberry, Jan 09 '13 at 16:45
Try putting a breakpoint on Response.Redirect("manage/AdminPage.aspx"); and see if its a hit or miss. — ZedBee, Jan 10 '13 at 07:58

score 0 · Answer 1 · edited May 23 '17 at 10:28

0

You should move the Response.Redirect() out of the try/catch since it actually throws an exception.

Even if the code was logically correct, the Response.Redirects would be swallowed up by the catch statement.

Edit:

This is explained in this question.

edited May 23 '17 at 10:28

Community

1
1

answered Jan 09 '13 at 16:31

Digbyswift

10,310
4
38
66

TanX ,I move code out of try/catch this is code : protected void btnOk_Click(object sender, EventArgs e) { string user_n = txtUser.Text; string pass_n = txtPass.Text; Int32 res = 0; DAL.DAL log = new DAL.DAL(); res = log.login_user_form(user_n, pass_n); if (res == 1) { if (user_n == "admin") { Response.Redirect("manage/AdminPage.aspx");}else{ Response.Redirect("modcp/defult3.aspx");}}} But yet dosent work :( – Strawberry Jan 09 '13 at 17:10

login code Redirect do not work

1 Answers1