如何保持用户登录 [英] how to keep users logged in

问题描述

大家好，
我的项目包括创建一个基于Web的搜索应用程序，该应用程序允许用户使用名为"Employee"的Sql数据库表搜索员工.我创建了一个页面，用户在其中输入搜索条件，然后单击搜索按钮，网格视图将显示结果，在发现的每一行旁边都有一个链接，该链接将用户引导到另一个页面，该页面包含有关该员工的详细信息，此页面为DetailsView .第三页包括创建数据库中找不到的新员工.因此它也包含DetailsView.我也有一个登录页面.
这里有个要点:我想允许所有人访问搜索结果页面(Gridview)，但是只有Admins(存在于名为Roles的sql DB表中)有权修改DetailsView Detailses信息页面上的数据，我已经做到了使用

Hi everybody,
My project consist of creating a web-based search application that allows users to search for employees using a Sql database table named "Employee". I have created a page where the user enters search criteria, hit search button a grid view will display results, next to each row found there is a link that lead the user to another page containing detailed information about that Employee, this page is a DetailsView. the 3rd page consist of creating a new employee not found in database. so it also consist of DetailsView. I also have a login Page.
here is the catch: I want to allow everybody to access the search result page (Gridview) but only Admins (who exist in a sql DB table named Roles) have the right to modify data on the DetailsView Detailes info Page, I ve done this using the

DetailsView1.AutoGenerateEditButton = true;
                    DetailsView1.AutoGenerateDeleteButton = true;

但是我想限制普通用户在Edit模式下使用gridview访问AddNewEmployee页面和Searchresult页面，我的登录页面如下所示:

but I want restrict regular users from accessing AddNewEmployee Page and Searchresult page with gridview on Edit mode, my login page looks like that:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Web.Security;
using System.Text;
using System.Security.Cryptography;
using System.IO;


namespace Phonebook
{
    public partial class LoginUser : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            
        }
       

        public string encryptQueryString(string strQueryString)
        {
            
            return BLL.Encryption64.Encrypt(strQueryString, "!#$a54?3");
        }


        protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
        {

            string username = Login1.UserName;
            string pwd = Login1.Password;
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString);
            conn.Open();
            string sqlUserName = "SELECT UserId, Password FROM Roles ";
            sqlUserName += " WHERE (UserId ='" + username + "')";
            sqlUserName += " AND (Password ='" + pwd + "')";
            sqlUserName += " AND (Admin = 'Y')";
            SqlCommand cmd = new SqlCommand(sqlUserName, conn);
            cmd.Parameters.AddWithValue("@UserId", username);
            cmd.Parameters.AddWithValue("@Password", pwd);

            string currentName;
            currentName = (string)cmd.ExecuteScalar();
            if (currentName != null)
            {
                //AddEmployee AdEmp = new AddEmployee();
                Session["UserAuthentication"] = username;
                Session.Timeout = 1;
                Response.Redirect("~/AddEmployee.aspx?search=" + encryptQueryString(username) + "");
            }
            else
            {
                Session["UserAuthentication"] = "";
            }
        }

我使用的是登录控件，但未使用ASP.NET配置工具.
有什么办法可以创建执行此操作的登录逻辑?谢谢

I am using login control but not the ASP.NET configuration tool.
Is there any way I can create a login logic that does this? Thank you

推荐答案

a54?3"); } 受保护的 无效 Login1_Authenticate(对象发​​件人，AuthenticateEventArgs e) { 字符串 username = Login1.UserName; 字符串 pwd = Login1.Password; SqlConnection conn = 新 SqlConnection(ConfigurationManager.ConnectionStrings [" ].ConnectionString); conn.Open(); 字符串 sqlUserName = " ; sqlUserName + = " +用户名+ " ; sqlUserName + = " + pwd + " ; sqlUserName + = " ; SqlCommand cmd = 新 SqlCommand(sqlUserName，conn); cmd.Parameters.AddWithValue(" ，用户名); cmd.Parameters.AddWithValue(" ，pwd)； 字符串 currentName； currentName =(字符串)cmd.ExecuteScalar(); 如果(currentName！= 空) { // AddEmployee AdEmp = new AddEmployee(); 会话[" ] =用户名； Session.Timeout = 1 ; Response.Redirect(" + cryptoQueryString(username)+ " ); } 其他 { 会话[" ] = " "; } }

a54?3"); } protected void Login1_Authenticate(object sender, AuthenticateEventArgs e) { string username = Login1.UserName; string pwd = Login1.Password; SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString); conn.Open(); string sqlUserName = "SELECT UserId, Password FROM Roles "; sqlUserName += " WHERE (UserId ='" + username + "')"; sqlUserName += " AND (Password ='" + pwd + "')"; sqlUserName += " AND (Admin = 'Y')"; SqlCommand cmd = new SqlCommand(sqlUserName, conn); cmd.Parameters.AddWithValue("@UserId", username); cmd.Parameters.AddWithValue("@Password", pwd); string currentName; currentName = (string)cmd.ExecuteScalar(); if (currentName != null) { //AddEmployee AdEmp = new AddEmployee(); Session["UserAuthentication"] = username; Session.Timeout = 1; Response.Redirect("~/AddEmployee.aspx?search=" + encryptQueryString(username) + ""); } else { Session["UserAuthentication"] = ""; } }

我使用的是登录控件，但未使用ASP.NET配置工具.
有什么办法可以创建执行此操作的登录逻辑?谢谢

I am using login control but not the ASP.NET configuration tool.
Is there any way I can create a login logic that does this? Thank you

看看，



http://stackoverflow.com/questions/5956224/keep-me-登录Windows表单登录 [ ^ ]

have a look,



http://stackoverflow.com/questions/5956224/keep-me-logged-in-for-windows-forms-login[^]

这篇关于如何保持用户登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！