ASP.NET Логин, чтобы предоставить доступ к определенному типу группы людей

Question

У меня есть страница входа в asp.net (vb.net), которую мне нужно настроить, чтобы предоставить доступ пользователям на основе EmployeeTypeID.Следующий код необходимо преобразовать в vb.net из Access vb6 или записать в vb.net

    If rs!EmployeeTypeID = 2 Then
        rs.Close
        Me.LoginLabel.Visible = False
        DoCmd.OpenForm "DetectIdleTIme", , , , , acHidden
        DoCmd.OpenForm "frmProcessTimer", , , , , acHidden
        DoCmd.OpenForm "frmCRMControlCenter"
        DoCmd.Close acForm, Me.Name
        Exit Sub
    End If
    If rs!EmployeeTypeID = 3 Then
        Dim prop As Property
        On Error GoTo SetProperty
        If MsgBox("Would you like to turn on the ByPass Key?", vbYesNo, "Allow Bypass?") = vbYes Then
            CurrentDb.Properties("AllowBypassKey") = True
        Else
            CurrentDb.Properties("AllowBypassKey") = False
        End If
        rs.Close
        Me.LoginLabel.Visible = False
        DoCmd.OpenForm "DetectIdleTIme", , , , , acHidden
        DoCmd.OpenForm "frmProcessTimer", , , , , acHidden
        DoCmd.OpenForm "frmCRMControlCenter"
        DoCmd.Close acForm, Me.Name
        Exit Sub

Answer 1

Это должно помочь:)

Protected Sub UserLogin()
    Dim Username As String = Me.txtUserName.Text
    Dim Password As String = Me.txtPassword.Text

    Dim Connstr As String = "SERVER:BLAHBALHUID" ' Your connection string <<<<
    Dim con As SqlConnection = New SqlConnection(Connstr)
    'Query string - using paramters (@User and @Pwd to set the username and password criteria)
    Dim qry As String = "SELECT Username, Password, EmployeeTypeID FROM Employees WHERE Username =@User AND Password=@Pwd"
    Dim cmd As SqlCommand = New SqlCommand(qry, con)

    'Using cmd.paramters means that you wont get any SQL injections 
    '- definately google SQL injections and check out some of the Youtubes!! :)

    cmd.Parameters.Add("@User", SqlDbType.VarChar).Value = Username
    cmd.Parameters.Add("@Pwd", SqlDbType.VarChar).Value = Password

    con.Open()
    Dim rdr As SqlDataReader = cmd.ExecuteReader
    Dim Found_A_Record As Boolean = False
    Dim EmployeeType As String = Nothing
    While rdr.Read
        'if there is a row - then we have found the username and password that matches
        'Therefore - this must be a user with the username and matching password
        Found_A_Record = True
        EmployeeType = rdr("EmployeeTypeID")
    End While
    cmd.Dispose()
    con.Close()

    If Not Found_A_Record Then
        'No records found - exit? or do whatever would be for not correct details
    End If

    Select Case EmployeeType
        Case "1"
            Response.Redirect("~/CustomerRelationshipManagement.aspx")
        Case "2"
            Response.Redirect("~/CRMControlCenter.aspx")
        Case "3"
            Response.Redirect("~/CRMControlCenter.aspx")
        Case Else
            Response.Write("<script>alert('Incorrect Username or Password.', 'Login Failed')</script>")
    End Select


End Sub