C# .NET - how can i find current userid login in c# and store it as a fk in db?

Asked By sara asa on 01-Nov-13 09:50 AM
hi guys,
actually i searched this forum and find all suggestion as httpcontext.current.user.identity.name save it in session...
but i dont need it.because i should get userid login after he log in and store it as fk in  another table as user_id field in database as int type.so Please help me ..i really need it. i used my login code that can control better things.u can see my code in login page.my login work correctly but when it go to another page after login i need in that page save user details as userid  but its not possible for me because cmd.parameters.addwithvalue("user_id",i need sth hidden field here not txtbox or ddl)


using


System;

using


System.Collections;

using


System.Configuration;

using


System.Data;

using


System.Linq;

using


System.Web;

using


System.Web.Security;

using


System.Web.UI;

using


System.Web.UI.WebControls;

using


System.Web.UI.WebControls.WebParts;

using


System.Web.UI.HtmlControls;

using


System.Xml.Linq;

using


System.Data.SqlClient;

namespace


CMS

{


public partial class Loginn : System.Web.UI.Page

{


protected void Page_Load(object sender, EventArgs e)

{

}


protected void cvlogin_ServerValidate(object source, ServerValidateEventArgs args)

{

args.IsValid = checklogin();

}


private bool checklogin()

{


bool result = false;

SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["cmsDBConnectionString2"].ConnectionString);

try

{

con.Open();


string sql = "select * from Users where Username=@Username and Password=@Password ";

SqlCommand cmd = new SqlCommand(sql, con);

cmd.Parameters.AddWithValue(

"Username", txtusername.Text);

cmd.Parameters.AddWithValue(

"Password", txtpass.Text);

result = cmd.ExecuteReader().HasRows;

}


catch (Exception exp)

{

Response.Write(

"<b>Error:</b>");

Response.Write(exp.Message);

}


finally

{

con.Close();

}


return result;

}


protected void btnlogin_Click(object sender, EventArgs e)

{



if (Page.IsValid)

{


FormsAuthentication.RedirectFromLoginPage(txtusername.Text,chkremember.Checked);

//FormsAuthentication.RedirectFromLoginPage(HttpContext.Current.User.Identity.ToString(),chkremember.Checked);

}

}

}

}

Robbe Morris replied to sara asa on 01-Nov-13 09:51 AM
For starters, you do not communicate well.  Your two posts don't make much sense.  What I can now gather is that you haven't figured out the basics of how authentication works.  The identity name or username either entered by a user into a web form or captured via windows authentication is a "string".  Something like "rmorris" or "sasa" is pretty common.

As you've done here, you perform a query against the database using the username and/or password to obtain the full User record.  Which, in your case, has a "user_id column that is some form of a number int, bigint, numeric, etc...

However...

Your current method "checklogin" returns a bool which only tells you whether the username/pwd is valid.  It does not return the "user_id" column value either as a return value or perhaps the enter User record altogether.  Thus, you are not retrieving the real value you need for use elsewhere in the application:  "user_id".

What people are suggesting you do is create a new method called GetUserByUserNameAndPassword(string username, string password) with either a class called User that contains all of the properties in the table User OR just return the user_id column value as the return value for the method.  Once you get the user_id value, store it in Session, querystring, cookie, or somewhere else for use throughout your application while they are signed.

Throughout the application, you'd check to see if the user_id value is still in Session (or wherever you put it) to see if they are still signed in or whether the session has expired due to inactivity.  If so, then redirect them (code on each page of your site) to the login screen.
sara asa replied to Robbe Morris on 02-Nov-13 10:14 AM
yes..u are right..actually i searched this forum then notice what ever i need after login..the best way is to store userid into a session and from that time i work with session.i did the same and it worked correctly.so i notice sth that with httpcontext.current.user.identity u cant have userid easily.u need connection to db and find userid from there then store it in session to work through.and about that user_id i mentain in my question its a fk in second table....its not related to login.my login work good because i wrote it with custom validation and it check the db with a bool query.