阻止访客查看管理员ASP.NET [英] Prevent guests to see admin ASP.NET

问题描述

嗨所有
i想要阻止除用户和管理员以外的其他人看到小组页面
i尝试用会话这样做但我不知道为什么它不工作
i有我的数据库中的一个表名为MemberId，MemberUser，MemberPass，MemberType 
i的表想检查membertype是否为admin重定向到adminpanel.aspx 
如果其用户重定向到userpanel.aspx 
 else重定向到404.aspx 
我有一个名为login.aspx的登录页面
i使用mdbl模型linq到sql执行此操作
这是登录按钮的代码
 
 protected void Button3_Click（object sender，EventArgs e）
 {
 EshopDataClassesDataContext db = new EshopDataClassesDataContext（）; 
成员UserOne = db.Members.Where（t => t.MemberUser == txtUser0.Text&& t.MemberPass == txtPass0.Text）.FirstOrDefault（）; 
 if（UserOne！= null）
 {
 Session [MemberId] = UserOne.MemberId.ToString（）; 
 Session [MemberType] = UserOne.MemberType; 
 Session [MemberUser] = UserOne.MemberUser; 
 if（UserOne.MemberType ==Admin）
 {
 Response.Redirect（〜/ Admin / AdminPanel.aspx）; 
} 
 else if（UserOne.MemberType ==User）{Response.Redirect（〜/ User / UserPanel.aspx）; } 
 else 
 {
 Label1.Visible = true; 
} 
} 
} 
 
这是管理面板页面的页面加载代码
 
 
但它有像这样的错误
 
对象引用未设置为对象的实例。 
 
描述：执行当前Web请求期间发生未处理的异常。请查看堆栈跟踪以获取有关错误及其源自代码的位置的更多信息。 
 
异常详细信息：System.NullReferenceException：未将对象引用设置为对象的实例。 
 
来源错误：
 
 
第10行：protected void Page_Load（object sender，EventArgs e）
第11行：{
第12行：if（Session [MemberType]。ToString（）==Admin）
第13行：{
第14行：Response.Redirect（〜/ Admin / AdminPanel.aspx）; 
 
源文件：g：\ ASP.net Capture\ASp\session 10 \\\ shop \Admin \AdminPanel.aspx.cs行：12 
 
我能做什么 ？ 
和非常不好的英语:( 

我尝试过：

 protected void Page_Load（object sender，EventArgs e）
 {
 if（Session [MemberType]。ToString（） ==Admin）
 {
 Response.Redirect（〜/ Admin / AdminPanel.aspx）; 
} 
 else if（Session [MemberType]。ToString （）==用户）
 {
 Response.Redirect（〜/ User / UserPanel.aspx）; 
} 
 else 
 {
 Response.Redirect（〜/ 404.asp）; 
} 
} 
 

解决方案

< blockquote>

 Session [MemberType] 

由于在MemberType会话变量中没有存储任何内容，因此它将为null。您必须检查在使用变量之前使用null。

 if（Session [MemberType]！= null&& Session [MemberType] .ToString（）==Admin）

注意page_load代码在按钮c之前运行舔即使这样做也许你想在按钮点击事件中的这个代码。如果他们知道页面网址，它也不会阻止人们直接导航到管理面板。考虑使用global.asa中的begin request事件来检查用户在所有页面的单个位置的权限，或者使用aquire授权事件但是我不认为你可以在那个事件中访问Session。

hi all
i want to prevent other people except user and admin see panel pages
i tried to do this with session but i dont know why its not working
i have a table in my database called members with MemberId,MemberUser,MemberPass,MemberType
i want to check if membertype is "admin" redirect to adminpanel.aspx
if its user redirect to userpanel.aspx
else redirect to 404.aspx
and i have a login page named login.aspx
i used mdbl model linq to sql to do this
this is the code of the login button

    protected void Button3_Click(object sender, EventArgs e)
    {
        EshopDataClassesDataContext db = new EshopDataClassesDataContext();
        Member UserOne = db.Members.Where(t => t.MemberUser == txtUser0.Text && t.MemberPass == txtPass0.Text).FirstOrDefault();
        if (UserOne != null)
        {
            Session["MemberId"] = UserOne.MemberId.ToString();
            Session["MemberType"] = UserOne.MemberType;
            Session["MemberUser"] = UserOne.MemberUser;
            if (UserOne.MemberType == "Admin")
            {
                Response.Redirect("~/Admin/AdminPanel.aspx");
            }
            else if (UserOne.MemberType == "User") { Response.Redirect("~/User/UserPanel.aspx"); }
            else
            {
                Label1.Visible = true;
            }
        }
    }

and this is the code of page load of admin panel page


but it has eror like this

    Object reference not set to an instance of an object.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error: 


Line 10:     protected void Page_Load(object sender, EventArgs e)
Line 11:     {
Line 12:         if (Session["MemberType"].ToString() == "Admin")
Line 13:         {
Line 14:             Response.Redirect("~/Admin/AdminPanel.aspx");

Source File: g:\ASP.net Capture\ASp\session 10\eshop\Admin\AdminPanel.aspx.cs    Line: 12 

what can i do ?
and very sry for bad english :(

What I have tried:

protected void Page_Load(object sender, EventArgs e)
{
    if (Session["MemberType"].ToString() == "Admin")
    {
        Response.Redirect("~/Admin/AdminPanel.aspx");
    }
    else if (Session["MemberType"].ToString() == "User")
    {
        Response.Redirect("~/User/UserPanel.aspx");
    }
    else
    {
        Response.Redirect("~/404.asp");
    }
}

解决方案

Session["MemberType"]

That will be null as nothing has been stored in the MemberType Session variable. You'll have to check for nulls before using the variable.

if (Session["MemberType"] != null && Session["MemberType"].ToString() == "Admin")

Note the page_load code runs before your button click even does so maybe you want this code inside the button click event. It also won't stop people navigating directly to the adminpanel if they know the page url. Consider using the begin request event in the global.asa to check the user's rights in a single place for all pages, or use the aquire authorisation event however I don't think you can access the Session in that event.

这篇关于阻止访客查看管理员ASP.NET的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！