安全的电子投票系统 [英] Secure E-Voting System
本文介绍了安全的电子投票系统的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
AM是尼日利亚奥苏州大学的最后一年学生,正在学习计算机科学,正在使用asp.net和C#编写一个关于安全电子投票系统的项目,但在登录方面遇到了我的代码问题。
这是ASP设计
AM a final year student of osun state university Nigeria,studying computer science, am writing a project on Secure E-Voting System using asp.net and C# but having issue with my code on the log on side.
THis is the ASP Design
<%@ Page Title="Log In" Language="C#" MasterPageFile="~/Site.master" AutoEventWireup="true"
CodeFile="Login.aspx.cs" Inherits="Account_Login" %>
<asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent">
</asp:Content>
<asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent">
<h2>
Log In to Your Voter Account
</h2>
<p>
Please enter your username and password.
<asp:HyperLink ID="RegisterHyperLink" runat="server" EnableViewState="false">Register</asp:HyperLink> if you don't have an account.
</p>
<asp:Login ID="LoginUser" runat="server" >
<LayoutTemplate>
<span class="failureNotification">
<asp:Literal ID="FailureText" runat="server"></asp:Literal>
</span>
<asp:ValidationSummary ID="LoginUserValidationSummary" runat="server" CssClass="failureNotification"
ValidationGroup="LoginUserValidationGroup"/>
<div class="accountInfo">
<form id="form1" runat="server">
<fieldset class="login">
<legend>Voters Information</legend>
<p>
<asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">Username:</asp:Label>
<asp:TextBox ID="txtUserName" runat="server" CssClass="textEntry"></asp:TextBox>
<asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName"
CssClass="failureNotification" ErrorMessage="User Name is required." ToolTip="User Name is required."
ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label>
<asp:TextBox ID="txtPassword" runat="server" CssClass="passwordEntry" TextMode="Password"></asp:TextBox>
<asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password"
CssClass="failureNotification" ErrorMessage="Password is required." ToolTip="Password is required."
ValidationGroup="LoginUserValidationGroup">*</asp:RequiredFieldValidator>
</p>
<p>
<asp:CheckBox ID="RememberMe" runat="server"/>
<asp:Label ID="RememberMeLabel" runat="server" AssociatedControlID="RememberMe" CssClass="inline">Keep me logged in</asp:Label>
</p>
</fieldset>
</form>
<p class="submitButton">
<asp:Button ID="LoginButton" runat="server" CommandName="Login" OnClick="LoginButton_Click" Text="Log In" ValidationGroup="LoginUserValidationGroup"/>
</p>
</div>
</LayoutTemplate>
</asp:Login>
</asp:Content>
代码方C#
The Code side C#
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
public partial class Account_Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
RegisterHyperLink.NavigateUrl = "VResgister.aspx?ReturnUrl=" + HttpUtility.UrlEncode(Request.QueryString["ReturnUrl"]);
}
protected void LoginButton_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection("Data Source=SUNKEE-PC;Initial Catalog=voters; User ID=sa;Password=password1");
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
string sql;
sql = "exec Logon'" + txtUserName.text + "', '" + txtPassword.text + "'";
cmd.CommandText = sql;
con.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
Response.Redirect("Home.aspx");
}
}
}
错误显示为:
the error is showing is :
Server Error in '/E-Voting' Application.
Compilation Error
Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately.
Compiler Error Message: CS0103: The name 'txtUserName' does not exist in the current context
Source Error:
Line 21: cmd.Connection = con;
Line 22: string sql;
Line 23: sql = "exec Logon'" + txtUserName.text + "', '" + txtPassword.text + "'";
Line 24: cmd.CommandText = sql;
Line 25: con.Open();
Source File: c:\Users\Sunkee\Documents\Visual Studio 2010\WebSites\E-Voting\voting\Login.aspx.cs Line: 23
Show Detailed Compiler Output:
Show Complete Compilation Source:
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.272
推荐答案
正如Richard MacCutchan建议的那样,请阅读:如何:防止ASP.NET中的注入攻击 [ ^ ],尤其是步骤4.使用SQL查询的命令参数。
然后检查以下行:
As Richard MacCutchan suggests, please read this: How to: Protect From Injection Attacks in ASP.NET[^], especially Step 4. Use Command Parameters for SQL Queries.
Then check this line:
sql = "exec Logon'" + txtUserName.text + "', '" + txtPassword.text + "'";
txtUserName
和 txtPassword
是TextBox控件的名称吗?如果是,请尝试以下方法:
Does txtUserName
and txtPassword
is the name of TextBox control? If yes, try this:
String uName = Me.txtUserName.Text;
String uPass = Me.txtPassword.Text;
这篇关于安全的电子投票系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文