有些时候登录失败了 [英] Some time login failed
本文介绍了有些时候登录失败了的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我使用ajax,jquery和webmethod创建简单的登录页面第一次登录不成功。断点调用每次和sql查询执行成功但成功警报不会在一段时间内发生。一段时间成功执行。并且在iis租赁中使用时不会登录其他系统帮助我任何一个。提前谢谢。如果一次成功登录没有在特定时间内出现问题
我尝试过:
< script type = text / javascript >
function login_tracking(用户名,密码)
{
var obj = {};
obj.username = username;
obj.password =密码;
$ .ajax({
url: Tracking.aspx / login ,
数据: JSON .stringify(obj),
dataType: < span class =code-string> json,
type: POST,
contentType: application / json; charset = utf-8,
成功:功能(数据){
alert( sucess);
var d = data.d.length;
if (d == 0 )
{
alert( 登录Fai主导);
}
alert(data.d [ 0 ]。用户名+ < span class =code-string>登录成功);
},
错误: function (XMLHttpRequest,textStatus,errorThrown){
alert(' 登录错误');
}
});
}
< / script>
< span class =code-keyword> public static 列表< loginclass> login( string username, string password)
{
MasterLogic objMas = new MasterLogic();
List< loginclass> login = new List< loginclass>();
string qry = 选择a.CompanyCode ,CompanyName,来自webuser_master的用户名a,company_master b +
其中a.CompanyCode = b.CompanyCode和a.UserId =' +用户名+ '和 +
a.UserPWD =' + password + '和a.Status ='1'组由b.CompanyName;
DataTable dt = objMas.GetDataTable(qry);
if (dt == null )
返回登录;
DataSet ds = new DataSet();
ds.Tables.Add(dt);
string 代码,uname,cname;
列表< datarow> list = dt.AsEnumerable()。ToList();
foreach (DataRow dr in dt.Rows)
{
code = dr [ CompanyCode]。ToString();
uname = dr [ UserName]。ToString();
cname = dr [ CompanyName]。ToString();
login.Add( new loginclass(code,uname,cname));
}
返回登录;
}
解决方案
.ajax({
url : Tracking.aspx / login,
data: JSON .stringify(obj),
dataType: json,
类型: POST,
contentType: application / json; charset = utf-8,
成功: function (data){
alert( sucess);
var d = data.d.length;
if (d == 0 )
{
alert(< span class =code-string> 登录失败);
}
alert(data.d [ 0 ]。用户名+ < span class =code-string>登录成功);
},
错误: function (XMLHttpRequest,textStatus,errorThrown){
alert(' 登录错误');
}
});
}
< / script>
< span class =code-keyword> public static 列表< loginclass> login( string username, string password)
{
MasterLogic objMas = new MasterLogic();
List< loginclass> login = new List< loginclass>();
string qry = 选择a.CompanyCode ,CompanyName,来自webuser_master的用户名a,company_master b +
其中a.CompanyCode = b.CompanyCode和a.UserId =' +用户名+ '和 +
a.UserPWD =' + password + '和a.Status ='1'组由b.CompanyName;
DataTable dt = objMas.GetDataTable(qry);
if (dt == null )
返回登录;
DataSet ds = new DataSet();
ds.Tables.Add(dt);
string 代码,uname,cname;
列表< datarow> list = dt.AsEnumerable()。ToList();
foreach (DataRow dr in dt.Rows)
{
code = dr [ CompanyCode]。ToString();
uname = dr [ UserName]。ToString();
cname = dr [ CompanyName]。ToString();
login.Add( new loginclass(code,uname,cname));
}
返回登录;
}
这里有很多错误的事情......让我们来点击最重要的两个登录用户时最危险的事情列表:
1)永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。在登录时连接字符串不仅可以将数据库交给所有人,还可以完全绕过您的安全,并在您甚至不知道密码的情况下以您或任何其他用户身份登录...
2)切勿以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
i am creating simple login page using ajax,jquery and webmethod first time login not successfully . break point call every time and sql query executed successfully but success alert not come in some time. some time execute successfully. and not login other system when use in iis lease help me any one . thanks in advance.if once login successfully not come that issue in particular time
What I have tried:
<script type="text/javascript">
function login_tracking(username,password)
{
var obj = {};
obj.username = username;
obj.password= password;
$.ajax({
url: "Tracking.aspx/login",
data: JSON.stringify(obj),
dataType: "json",
type: "POST",
contentType: "application/json; charset=utf-8",
success: function(data) {
alert("sucess");
var d=data.d.length;
if(d==0)
{
alert("Login Failed");
}
alert(data.d[0].username + " Login Sucessfully");
},
error: function(XMLHttpRequest, textStatus, errorThrown) {
alert('Login Error');
}
});
}
</script>
public static List<loginclass> login(string username, string password)
{
MasterLogic objMas = new MasterLogic();
List<loginclass> login = new List<loginclass>();
string qry = " select a.CompanyCode,CompanyName,UserName from webuser_master a,company_master b " +
" where a.CompanyCode=b.CompanyCode and a.UserId ='" + username + "' and " +
" a.UserPWD='" + password + "' and a.Status='1' group by b.CompanyName ";
DataTable dt = objMas.GetDataTable(qry);
if (dt == null)
return login;
DataSet ds = new DataSet();
ds.Tables.Add(dt);
string code, uname,cname;
List<datarow> list = dt.AsEnumerable().ToList();
foreach (DataRow dr in dt.Rows)
{
code = dr["CompanyCode"].ToString();
uname = dr["UserName"].ToString();
cname = dr["CompanyName"].ToString();
login.Add(new loginclass(code,uname,cname));
}
return login;
}
解决方案
.ajax({ url: "Tracking.aspx/login", data: JSON.stringify(obj), dataType: "json", type: "POST", contentType: "application/json; charset=utf-8", success: function(data) { alert("sucess"); var d=data.d.length; if(d==0) { alert("Login Failed"); } alert(data.d[0].username + " Login Sucessfully"); }, error: function(XMLHttpRequest, textStatus, errorThrown) { alert('Login Error'); } }); } </script>
public static List<loginclass> login(string username, string password) { MasterLogic objMas = new MasterLogic(); List<loginclass> login = new List<loginclass>(); string qry = " select a.CompanyCode,CompanyName,UserName from webuser_master a,company_master b " + " where a.CompanyCode=b.CompanyCode and a.UserId ='" + username + "' and " + " a.UserPWD='" + password + "' and a.Status='1' group by b.CompanyName "; DataTable dt = objMas.GetDataTable(qry); if (dt == null) return login; DataSet ds = new DataSet(); ds.Tables.Add(dt); string code, uname,cname; List<datarow> list = dt.AsEnumerable().ToList(); foreach (DataRow dr in dt.Rows) { code = dr["CompanyCode"].ToString(); uname = dr["UserName"].ToString(); cname = dr["CompanyName"].ToString(); login.Add(new loginclass(code,uname,cname)); } return login; }
There are so many wrong things going on here...let's just hit the highlights with the top two "most dangerous things to do when logging in users" list:
1) Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. And concatenating strings at login not only hands your DB to everyone, it lest them bypass your security completely and login in as you or any other user without even knowing your password...
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
这篇关于有些时候登录失败了的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
