Prevent guests to see admin ASP.NET

Question

0.00/5 (No votes)

See more:

hi all
i want to prevent other people except user and admin see panel pages
i tried to do this with session but i dont know why its not working
i have a table in my database called members with MemberId,MemberUser,MemberPass,MemberType
i want to check if membertype is "admin" redirect to adminpanel.aspx
if its user redirect to userpanel.aspx
else redirect to 404.aspx
and i have a login page named login.aspx
i used mdbl model linq to sql to do this
this is the code of the login button

    protected void Button3_Click(object sender, EventArgs e)
    {
        EshopDataClassesDataContext db = new EshopDataClassesDataContext();
        Member UserOne = db.Members.Where(t => t.MemberUser == txtUser0.Text && t.MemberPass == txtPass0.Text).FirstOrDefault();
        if (UserOne != null)
        {
            Session["MemberId"] = UserOne.MemberId.ToString();
            Session["MemberType"] = UserOne.MemberType;
            Session["MemberUser"] = UserOne.MemberUser;
            if (UserOne.MemberType == "Admin")
            {
                Response.Redirect("~/Admin/AdminPanel.aspx");
            }
            else if (UserOne.MemberType == "User") { Response.Redirect("~/User/UserPanel.aspx"); }
            else
            {
                Label1.Visible = true;
            }
        }
    }

and this is the code of page load of admin panel page


but it has eror like this

    Object reference not set to an instance of an object.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error: 


Line 10:     protected void Page_Load(object sender, EventArgs e)
Line 11:     {
Line 12:         if (Session["MemberType"].ToString() == "Admin")
Line 13:         {
Line 14:             Response.Redirect("~/Admin/AdminPanel.aspx");

Source File: g:\ASP.net Capture\ASp\session 10\eshop\Admin\AdminPanel.aspx.cs    Line: 12 

what can i do ?
and very sry for bad english :(

What I have tried:

protected void Page_Load(object sender, EventArgs e)
{
    if (Session["MemberType"].ToString() == "Admin")
    {
        Response.Redirect("~/Admin/AdminPanel.aspx");
    }
    else if (Session["MemberType"].ToString() == "User")
    {
        Response.Redirect("~/User/UserPanel.aspx");
    }
    else
    {
        Response.Redirect("~/404.asp");
    }
}

Posted 23-May-17 6:06am

Member 13019612

Updated 23-May-17 6:27am

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Accepted Answer · 2017-05-23T06:27:00

Session["MemberType"]

That will be null as nothing has been stored in the MemberType Session variable. You'll have to check for nulls before using the variable.

if (Session["MemberType"] != null && Session["MemberType"].ToString() == "Admin")

Note the page_load code runs before your button click even does so maybe you want this code inside the button click event. It also won't stop people navigating directly to the adminpanel if they know the page url. Consider using the begin request event in the global.asa to check the user's rights in a single place for all pages, or use the aquire authorisation event however I don't think you can access the Session in that event.