website problem: update and permmisson
I have a website code in C# and html, the code is in Visual Studies 2022.
the update problem is whenever if your logged in or not it lets you go the update page even when u dont have anything to update.
permission is i want to let only logged-in members to enter some pages but nothing I tried worked.
I think the problem might be because I have a topnav bar to each page the any member in the website can enter but idk
if you think you could help me send a messge here and I send the codes need to
13 Replies
If you're using Identity, then
[Authorize] attribute on the page/action/controller/whatever will restrict it tologged-in users only
Also, Visual Studio 2022 is the IDE
It has a grand total of 0 (zero) effect on your project
Knowing the .NET and C# version would be useful information, thoughI did try the [Authorize] way but i could be just wrting it worng sense it wont work but also not show me any erorrs too
atm Im just learining the information because im stil new at this
Well then, show some code
Tell us what's the C# and .NET version
The basic info
this is the 1 of the 2 pages behind code the i want to only give logged in users to enter: if(Request.IsAuthenticated == true )
{
}
else
{
Response.Redirect(Request.Url.ToString());
}
this is the other second behind code: protected void Page_Load(object sender, EventArgs e)
{
if (Session["status"] == null) { Response.Redirect("Error.aspx"); } } this is the update page : protected void Page_Load(object sender, EventArgs e) { string filname = "MyDB.mdf"; string select = "SELECT * FROM users WHERE usern ='" + Session["status"].ToString() + "'"; DataTable table = MyAdoHelper.ExecuteDataTable(filname, select); int len = table.Rows.Count; if (len > 0) { globalusername = table.Rows[0]["usern"].ToString(); globalpassword = table.Rows[0]["userpass"].ToString(); } if (Request.Form["updateuser"] != null)//did you update? { string umameupdate = Request.Form["uname"].ToString(); string passwordupdate = Request.Form["upass"].ToString(); string updateq = "UPDATE users SET "; updateq += "usern='" + umameupdate + "'"; updateq += ",userpass='" + passwordupdate + "'"; updateq += "WHERE usern='" + Session["status"].ToString() + "'"; MyAdoHelper.DoQuery(filname, updateq); Response.Write("Update!"); Response.Redirect("HomePage.aspx"); } } all of them are written is webform.aspx and in each page there is a topnav to connect them
if (Session["status"] == null) { Response.Redirect("Error.aspx"); } } this is the update page : protected void Page_Load(object sender, EventArgs e) { string filname = "MyDB.mdf"; string select = "SELECT * FROM users WHERE usern ='" + Session["status"].ToString() + "'"; DataTable table = MyAdoHelper.ExecuteDataTable(filname, select); int len = table.Rows.Count; if (len > 0) { globalusername = table.Rows[0]["usern"].ToString(); globalpassword = table.Rows[0]["userpass"].ToString(); } if (Request.Form["updateuser"] != null)//did you update? { string umameupdate = Request.Form["uname"].ToString(); string passwordupdate = Request.Form["upass"].ToString(); string updateq = "UPDATE users SET "; updateq += "usern='" + umameupdate + "'"; updateq += ",userpass='" + passwordupdate + "'"; updateq += "WHERE usern='" + Session["status"].ToString() + "'"; MyAdoHelper.DoQuery(filname, updateq); Response.Write("Update!"); Response.Redirect("HomePage.aspx"); } } all of them are written is webform.aspx and in each page there is a topnav to connect them
$code
To post C# code type the following:
```cs
// code here
```
Get an example by typing
$codegif in chat
For longer snippets, use: https://paste.mod.gg/Also, oof
Seems you're not using Identity, or even EF for that matter, so
[Authorize] won't do anything
Also, it seems to be some 1999 Webforms project
So I will not be able to help, unfortunately
I was never much of an archeologist
Or a necromancer, really, at this pointoh man well thanks for the help anyway.
it pretty much is filled with a bunch of webforms conncted to each other
Is this a school/work project, out of curiosity?
yeah it is
Ah, rip
yeah lol
a quick pointer
get to fixing that super glorious sql injection prone code immediately
oh school project, nevermind. I guess everything goes
my condolences