C# 如何自动将用户角色赋予系统的新用户,以及如何将其显示在网站顶部?
我对employee表进行了以下数据库设计:C# 如何自动将用户角色赋予系统的新用户,以及如何将其显示在网站顶部?,c#,asp.net,C#,Asp.net,我对employee表进行了以下数据库设计: 用户名 名字 工作 等等 和一个角色表: 罗莱德 罗兰胺 最后,一个UserRole表: 用户角色ID 用户名 罗莱德 我正在为公司的部门开发一个基于内联网的应用程序。此应用程序只能由我的部门员工访问,并且应在网站顶部显示员工的用户名及其角色(访问类型)。我有四个不同的角色;经理、贡献者、助手和用户。我现在想做的是: private bool CheckUsername(string username) { if
- 用户名
- 名字
- 工作
- 等等
- 罗莱德
- 罗兰胺
- 用户角色ID
- 用户名
- 罗莱德
private bool CheckUsername(string username)
{
if (Service.GetPerson(username).GetProperty("RES_NETID").Equals("-"))
return false;
else if (Security.isPMODMember(username))
return true;
else
return false;
//string connString = "Data Source=localhost\\sqlexpress;Initial Catalog=psspdb;Integrated Security=True";
//string cmdText = "SELECT Count(*) FROM employee WHERE Username = '" + username + "'";
//using (SqlConnection conn = new SqlConnection(connString))
//{
// conn.Open();
// // Open DB connection.
// using (SqlCommand cmd = new SqlCommand(cmdText, conn))
// {
// int count = (int)cmd.ExecuteScalar();
// // True (> 0) when the username exists, false (= 0) when the username does not exist.
// return (count > 0);
// }
//}
}
protected void Wizard1_NextButtonClick(object sender, WizardNavigationEventArgs e)
{
string username = TextBox1.Text;
string connString = "Data Source=localhost\\sqlexpress;Initial Catalog=psspdb;Integrated Security=True";
switch (Wizard1.WizardSteps[e.NextStepIndex].ID)
{
case "WizardStep2":
//For checking the user
if (!String.IsNullOrEmpty(username) && CheckUsername(username))
{
try
{
SqlConnection conn = new SqlConnection(connString);
conn.Open();
string cmdText = @"SELECT dbo.employee.Username, dbo.employee.Name, dbo.employee.JobTitle, dbo.employee.BadgeNo,
ISNULL(dbo.Roles.RoleID, 3) AS RoleID, dbo.Divisions.DivisionName, dbo.Roles.RoleName
FROM dbo.Divisions INNER JOIN dbo.employee ON dbo.Divisions.SapCode = dbo.employee.DivisionCode
LEFT OUTER JOIN dbo.Roles RIGHT OUTER JOIN dbo.UserRole ON dbo.Roles.RoleID = dbo.UserRole.RoleID ON
dbo.employee.Username = dbo.UserRole.Username
WHERE (dbo.employee.Username = @Username)";
SqlCommand myCommand = new SqlCommand(cmdText, conn);
myCommand.Parameters.AddWithValue("@Username", username);
DataTable table = new DataTable();
SqlDataAdapter adapter = new SqlDataAdapter(myCommand);
adapter.Fill(table);
ObjectUser user = new ObjectUser(username, true);
string Name = user.Name;
string Username = user.ID;
string DivisionName = user.Org.Title;
string JobTitle = user.GetProperty("EMP_TITLE");
string BadgeNo = user.GetProperty("EMP_BADGE_NUMBER");
string role = "User";
string roleid = "3";
if (table.Rows.Count > 0)
{
role = table.Rows[0]["RoleName"] as string;
roleid = table.Rows[0]["RoleID"].ToString();
}
lblName.Text = Name;
lblUsername.Text = Username;
lblDivision.Text = DivisionName;
lblJobTitle.Text = JobTitle;
lblBadgeNo.Text = BadgeNo;
lblRole.Text = role;
radio1.SelectedValue = roleid;
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
else
{
//If the user does not exist or a blank value has been entered
//Cancel the nextstep redirection and display an error message in a span
e.Cancel = true;
errorSpan.InnerText = "The username specified is blank or does not belong to PMOD";
}
break;
case "WizardStep3":
break;
}
}
protected void Wizard1_FinishButtonClick(object sender, WizardNavigationEventArgs e)
{
//If one of the items is selected AND a username exists in the Username session object update the user role
string username = TextBox1.Text;
if (!String.IsNullOrEmpty(radio1.SelectedValue) && !String.IsNullOrEmpty(username))
{
string connString = "Data Source=localhost\\sqlexpress;Initial Catalog=psspdb;Integrated Security=True";
//This for adding the new PMOD user to the system
string insertUserCommand = "INSERT INTO employee (Name, Username, JobTitle, BadgeNo, EmpOrgType, DivisionCode) values (@Name, @Username, @JobTitle, @BadgeNo, @EmpOrgType, @DivisionCode)";
string cmdText = "SELECT Count(*) FROM employee WHERE Username = '" + username + "'";
using (SqlConnection conn = new SqlConnection(connString))
{
conn.Open();
// Open DB connection.
using (SqlCommand cmd = new SqlCommand(cmdText, conn))
{
if ((int)cmd.ExecuteScalar() == 0)
{
//An object from ObjectUser class to get the user information from the Secure system and insert them to the database
ObjectUser user = new ObjectUser(username, true);
SqlCommand cmd2 = new SqlCommand(insertUserCommand, conn);
cmd2.Parameters.AddWithValue("@Name", user.Name);
cmd2.Parameters.AddWithValue("@Username", username);
cmd2.Parameters.AddWithValue("@JobTitle", user.GetProperty("EMP_TITLE"));
cmd2.Parameters.AddWithValue("@BadgeNo", user.GetProperty("EMP_BADGE_NUMBER"));
cmd2.Parameters.AddWithValue("@EmpOrgType", user.GetProperty("EMP_EMPTYPE"));
cmd2.Parameters.AddWithValue("@DivisionCode", user.Org.Division.SapCode);
cmd2.ExecuteNonQuery();
}
}
}
//For updating the role of the user by deleting its current role and inserting a new role
string deleteCommand = "DELETE FROM UserRole where Username=@Username";
string insertCommand = "INSERT INTO UserRole (RoleID,Username) values(@RoleID,@Username)";
using (SqlConnection conn = new SqlConnection(connString))
{
conn.Open();
//using (SqlCommand cmd = new SqlCommand(cmdText, conn))
using (SqlCommand cmd = new SqlCommand(deleteCommand, conn))
{
cmd.Parameters.AddWithValue("@Username", username);
cmd.ExecuteNonQuery();
//Now the insert
cmd.CommandText = insertCommand;
cmd.Parameters.Clear(); //need this because still has params from del comm
cmd.Parameters.AddWithValue("@RoleID", radio1.SelectedValue);
cmd.Parameters.AddWithValue("@Username", username);
cmd.ExecuteNonQuery();
//infoSpan.InnerText = String.Format("The users role has been updated to - {0}", radio1.SelectedValue);
//cmd.ExecuteScalar();
//infoSpan.InnerText = String.Format("The users role has been updated to - {0}", radio1.SelectedValue);
}
}
Wizard1.Visible = false;
wizard.InnerHtml = @"<p><b>The task has been done successfully.</b> <br /> <a href='UserManagement.aspx'>Edit Another User</a></p>";
}
}
private bool CheckUsername(string username)
{
if (Service.GetPerson(username).GetProperty("RES_NETID").Equals("-"))
return false;
else if (Security.isPMODMember(username))
return true;
else
return false;
//string connString = "Data Source=localhost\\sqlexpress;Initial Catalog=psspdb;Integrated Security=True";
//string cmdText = "SELECT Count(*) FROM employee WHERE Username = '" + username + "'";
//using (SqlConnection conn = new SqlConnection(connString))
//{
// conn.Open();
// // Open DB connection.
// using (SqlCommand cmd = new SqlCommand(cmdText, conn))
// {
// int count = (int)cmd.ExecuteScalar();
// // True (> 0) when the username exists, false (= 0) when the username does not exist.
// return (count > 0);
// }
//}
}
protected void Wizard1_NextButtonClick(object sender, WizardNavigationEventArgs e)
{
string username = TextBox1.Text;
string connString = "Data Source=localhost\\sqlexpress;Initial Catalog=psspdb;Integrated Security=True";
switch (Wizard1.WizardSteps[e.NextStepIndex].ID)
{
case "WizardStep2":
//For checking the user
if (!String.IsNullOrEmpty(username) && CheckUsername(username))
{
try
{
SqlConnection conn = new SqlConnection(connString);
conn.Open();
string cmdText = @"SELECT dbo.employee.Username, dbo.employee.Name, dbo.employee.JobTitle, dbo.employee.BadgeNo,
ISNULL(dbo.Roles.RoleID, 3) AS RoleID, dbo.Divisions.DivisionName, dbo.Roles.RoleName
FROM dbo.Divisions INNER JOIN dbo.employee ON dbo.Divisions.SapCode = dbo.employee.DivisionCode
LEFT OUTER JOIN dbo.Roles RIGHT OUTER JOIN dbo.UserRole ON dbo.Roles.RoleID = dbo.UserRole.RoleID ON
dbo.employee.Username = dbo.UserRole.Username
WHERE (dbo.employee.Username = @Username)";
SqlCommand myCommand = new SqlCommand(cmdText, conn);
myCommand.Parameters.AddWithValue("@Username", username);
DataTable table = new DataTable();
SqlDataAdapter adapter = new SqlDataAdapter(myCommand);
adapter.Fill(table);
ObjectUser user = new ObjectUser(username, true);
string Name = user.Name;
string Username = user.ID;
string DivisionName = user.Org.Title;
string JobTitle = user.GetProperty("EMP_TITLE");
string BadgeNo = user.GetProperty("EMP_BADGE_NUMBER");
string role = "User";
string roleid = "3";
if (table.Rows.Count > 0)
{
role = table.Rows[0]["RoleName"] as string;
roleid = table.Rows[0]["RoleID"].ToString();
}
lblName.Text = Name;
lblUsername.Text = Username;
lblDivision.Text = DivisionName;
lblJobTitle.Text = JobTitle;
lblBadgeNo.Text = BadgeNo;
lblRole.Text = role;
radio1.SelectedValue = roleid;
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
else
{
//If the user does not exist or a blank value has been entered
//Cancel the nextstep redirection and display an error message in a span
e.Cancel = true;
errorSpan.InnerText = "The username specified is blank or does not belong to PMOD";
}
break;
case "WizardStep3":
break;
}
}
protected void Wizard1_FinishButtonClick(object sender, WizardNavigationEventArgs e)
{
//If one of the items is selected AND a username exists in the Username session object update the user role
string username = TextBox1.Text;
if (!String.IsNullOrEmpty(radio1.SelectedValue) && !String.IsNullOrEmpty(username))
{
string connString = "Data Source=localhost\\sqlexpress;Initial Catalog=psspdb;Integrated Security=True";
//This for adding the new PMOD user to the system
string insertUserCommand = "INSERT INTO employee (Name, Username, JobTitle, BadgeNo, EmpOrgType, DivisionCode) values (@Name, @Username, @JobTitle, @BadgeNo, @EmpOrgType, @DivisionCode)";
string cmdText = "SELECT Count(*) FROM employee WHERE Username = '" + username + "'";
using (SqlConnection conn = new SqlConnection(connString))
{
conn.Open();
// Open DB connection.
using (SqlCommand cmd = new SqlCommand(cmdText, conn))
{
if ((int)cmd.ExecuteScalar() == 0)
{
//An object from ObjectUser class to get the user information from the Secure system and insert them to the database
ObjectUser user = new ObjectUser(username, true);
SqlCommand cmd2 = new SqlCommand(insertUserCommand, conn);
cmd2.Parameters.AddWithValue("@Name", user.Name);
cmd2.Parameters.AddWithValue("@Username", username);
cmd2.Parameters.AddWithValue("@JobTitle", user.GetProperty("EMP_TITLE"));
cmd2.Parameters.AddWithValue("@BadgeNo", user.GetProperty("EMP_BADGE_NUMBER"));
cmd2.Parameters.AddWithValue("@EmpOrgType", user.GetProperty("EMP_EMPTYPE"));
cmd2.Parameters.AddWithValue("@DivisionCode", user.Org.Division.SapCode);
cmd2.ExecuteNonQuery();
}
}
}
//For updating the role of the user by deleting its current role and inserting a new role
string deleteCommand = "DELETE FROM UserRole where Username=@Username";
string insertCommand = "INSERT INTO UserRole (RoleID,Username) values(@RoleID,@Username)";
using (SqlConnection conn = new SqlConnection(connString))
{
conn.Open();
//using (SqlCommand cmd = new SqlCommand(cmdText, conn))
using (SqlCommand cmd = new SqlCommand(deleteCommand, conn))
{
cmd.Parameters.AddWithValue("@Username", username);
cmd.ExecuteNonQuery();
//Now the insert
cmd.CommandText = insertCommand;
cmd.Parameters.Clear(); //need this because still has params from del comm
cmd.Parameters.AddWithValue("@RoleID", radio1.SelectedValue);
cmd.Parameters.AddWithValue("@Username", username);
cmd.ExecuteNonQuery();
//infoSpan.InnerText = String.Format("The users role has been updated to - {0}", radio1.SelectedValue);
//cmd.ExecuteScalar();
//infoSpan.InnerText = String.Format("The users role has been updated to - {0}", radio1.SelectedValue);
}
}
Wizard1.Visible = false;
wizard.InnerHtml = @"<p><b>The task has been done successfully.</b> <br /> <a href='UserManagement.aspx'>Edit Another User</a></p>";
}
}
private bool CheckUsername(字符串用户名)
{
if(Service.GetPerson(username.GetProperty(“RES_NETID”).Equals(“-”))
返回false;
else if(Security.isPMODMember(用户名))
返回true;
其他的
返回false;
//string connString=“数据源=localhost\\sqlexpress;初始目录=psspdb;集成安全性=True”;
//string cmdText=“从用户名为“+”用户名为“+”的员工中选择计数(*);
//使用(SqlConnection conn=newsqlconnection(connString))
//{
//conn.Open();
////打开数据库连接。
//使用(SqlCommand cmd=newsqlcommand(cmdText,conn))
// {
//int count=(int)cmd.ExecuteScalar();
////如果用户名存在,则为True(>0);如果用户名不存在,则为false(=0)。
//返回(计数>0);
// }
//}
}
受保护的无效向导1_NextButtonClick(对象发送方,向导导航目标)
{
字符串username=TextBox1.Text;
string connString=“数据源=localhost\\sqlexpress;初始目录=psspdb;集成安全性=True”;
开关(Wizard1.WizardSteps[e.NextStepIndex].ID)
{
案例“向导步骤2”:
//用于检查用户
如果(!String.IsNullOrEmpty(用户名)&&CheckUsername(用户名))
{
尝试
{
SqlConnection conn=新的SqlConnection(connString);
conn.Open();
string cmdText=@“选择dbo.employee.Username、dbo.employee.Name、dbo.employee.JobTitle、dbo.employee.BadgeNo、,
ISNULL(dbo.Roles.RoleID,3)作为RoleID,dbo.Divisions.DivisionName,dbo.Roles.RoleName
从dbo.Divisions内部连接dbo.Divisions.SapCode=dbo.employee.DivisionCode上的dbo.employee
左外部联接dbo.Roles右外部联接dbo.UserRole ON dbo.Roles.RoleID=dbo.UserRole.RoleID ON
dbo.employee.Username=dbo.UserRole.Username
其中(dbo.employee.Username=@Username)”;
SqlCommand myCommand=新的SqlCommand(cmdText,conn);
myCommand.Parameters.AddWithValue(“@Username”,Username);
DataTable=新的DataTable();
SqlDataAdapter=新的SqlDataAdapter(myCommand);
适配器。填充(表格);
ObjectUser=新的ObjectUser(用户名,true);
字符串名称=user.Name;
字符串Username=user.ID;
字符串DivisionName=user.Org.Title;
字符串JobTitle=user.GetProperty(“EMP_TITLE”);
字符串BadgeNo=user.GetProperty(“EMP_-BADGE_-NUMBER”);
字符串role=“User”;
字符串roleid=“3”;
如果(table.Rows.Count>0)
{
role=表。行[0][“RoleName”]作为字符串;
roleid=table.Rows[0][“roleid”].ToString();
}
lblName.Text=名称;
lblUsername.Text=用户名;
lblDivision.Text=部门名称;
lblJobTitle.Text=JobTitle;
lblBadgeNo.Text=BadgeNo;
lblRole.Text=角色;
radio1.SelectedValue=roleid;
}
捕获(例外情况除外)
{
Console.WriteLine(例如ToString());
}
}
其他的
{
//如果用户不存在或输入了空值
//取消下一步重定向并在范围中显示错误消息
e、 取消=真;
errorSpan.InnerText=“指定的用户名为空或不属于PMOD”;
}
打破
案例“向导步骤3”:
打破
}
}