用户登陆Roles(使用身份验证)

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;
using System.Text;

public partial class userlogins : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void btnclike_Click(object sender, EventArgs e)
    {
        string username = txtuserName.Text.Trim();
        string userpwd = txtPwd.Text.Trim();
        string roles = "";
        //判断用户是否存在
        if (string.IsNullOrEmpty(username))
        {
            Response.Write("请输入用户名！");
            return;
        }
        if (string.IsNullOrEmpty(userpwd))
        {
            Response.Write("请输入密码！");
            return;
        }
        if (checkUser(username, userpwd))
        {          

            roles =Convert.ToString( rolesname(username));
            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, username, System.DateTime.Now, System.DateTime.Now.AddDays(2), false, roles);
            Response.Cookies[FormsAuthentication.FormsCookieName].Value = FormsAuthentication.Encrypt(ticket);

            Response.Redirect("admin/Massage.aspx");
 
        }

       
       
    }
    //判断用户名是否在数据库中
    public bool  checkUser(string username,string userpwd)
    {
        SqlConnection con = new SqlConnection("server=.;uid=sa;pwd=sa;database=Users");
        SqlCommand cmd = new SqlCommand(@"if exists (select *from Users where userName=@username and userpwd=@userpwd)
                                                            begin
                                                            select 1
                                                            end
                                                            else
                                                            begin
                                                            select 0
                                                            end", con);
        SqlParameter[] par = new SqlParameter[]
        {
            new SqlParameter("@username",username),
            new SqlParameter("@userpwd",userpwd)
        };
        if (par != null)
        {
            foreach (SqlParameter p in par)
            {
                cmd.Parameters.Add(p);
            }
        }
        con.Open();
        int i =Convert.ToInt32( cmd.ExecuteScalar());
        con.Close();
        if (i == 1)
        {
            return true;
        }
        else
        {
            return false;
        }
 
    }
    public string rolesname(string username)
    {
        SqlConnection con = new SqlConnection("server=.;uid=sa;pwd=sa;database=Users");
        SqlCommand cmd = new SqlCommand(@"select c.roleName from UserInRole a inner join Users b on a.userid=b.userid
                                           inner join Roles c on a.roleid=c.roleId and b.userName=@username", con);
        SqlParameter par = new SqlParameter("@username", username);
        cmd.Parameters.Add(par);
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        DataTable dt = new DataTable();
        da.Fill(dt);
        con.Open();
        SqlDataReader dr = cmd.ExecuteReader();
        StringBuilder sb=new StringBuilder();
        string roles = "";
        if (dr.Read())
        {
            for (int i = 0; i < dt.Rows.Count; i++)
            {
                roles = sb.Append(dt.Rows[i]["roleName"].ToString() + ",").ToString();
            }
        }
        con.Close();
        return roles;

 

    }
}