asp.net的登录安全性 [英] login security for asp.net

问题描述

在我的应用程序中，我有25-30页
n登录后即可访问该页面.
但是我想要当用户键入任何内部页面的URL时，如果他未登录，则应将其重定向到登录页面
无论如何，我能达到这个目标吗
或者我必须在所有页面的每个page_load事件的每个n中检查条件

请尽快回复.
同样，如果会话过期或为null，则重定向到登录页面.

我要在一个地方而不是每种形式做的所有事情.....

In my application i have 25-30 pages
n after login the page can be access.
but i want when user type the url of any inside page, he should be redirect to login page if he is not logged in
is there anyway i can achive this
or i have to check the condition in each n every page_load event of all page

plz reply asap.
also if session is expired or its null then redirect to login page.

all this i want to do in single place instead of each form.....

推荐答案

对于Session过期，请参见此..
会话超时警告和重定向 [

For Session expire see this..
Session Timeout Warning and Redirect[^]

make login page as default home page by right clicking the login.aspx

，将登录页面作为默认主页，我认为您可以通过使用ASP.NET的成员身份和角色来完成此操作.最好不要对每个页面的加载进行检查，而是使用web.config进行相同的操作.阅读此内容可获得更多信息:

了解ASP.NET角色和成员资格-入门教程 [ ^ ]

I think you can do this by using membership and roles of ASP.NET. Putting a check on each page load is rather not recommended instead have a web.config to do the same. read this to get more:

Understanding ASP.NET Roles and Membership - A Beginner''s Tutorial[^]

还有另外两种方法

1.使用母版页，然后将代码放置在该页中.
2.您可以添加Global.asax类并在那里处理会话的开始/结束.

您应该能够将用户重定向到会话开始和结束时的登录页面.



这是Global.asax根据要求检查的代码

VB:

There are two other methods

1. Use a master page, and place the code within the page load there.
2. You can add a Global.asax class and handle the Session Start/End there.

You should be able to redirect the user to the login page on session start and end.



Here is the code for the Global.asax to check as requested

VB:

Private Sub Global_asax_AcquireRequestState(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.AcquireRequestState
       If HttpContext.Current.Session Is Nothing Then
           Return
       End If

       Dim requestedUri As System.Uri = HttpContext.Current.Request.Url
       Dim baseUri As New System.Uri(requestedUri.AbsoluteUri.Substring(0, requestedUri.AbsoluteUri.Length() - requestedUri.PathAndQuery.Length))

       '' They are either logged in, or are requesting the login page
       If requestedUri.AbsoluteUri = baseUri.AbsoluteUri & "login.aspx" OrElse HttpContext.Current.Session("UserLoggedInAttribute") = True Then
           Return
       End If


       HttpContext.Current.Response.Redirect("login.aspx", True)

   End Sub

C#-您需要添加处理程序

C# - you need to add the handler

private void Global_asax_AcquireRequestState(object sender, System.EventArgs e)
{
	if (HttpContext.Current.Session == null) {
		return;
	}

	System.Uri requestedUri = HttpContext.Current.Request.Url;
	System.Uri baseUri = new System.Uri(requestedUri.AbsoluteUri.Substring(0, requestedUri.AbsoluteUri.Length() - requestedUri.PathAndQuery.Length));

	//' They are either logged in, or are requesting the login page
	if (requestedUri.AbsoluteUri == baseUri.AbsoluteUri + "login.aspx" || HttpContext.Current.Session["UserLoggedInAttribute"] == true) {
		return;
	}
	HttpContext.Current.Response.Redirect("login.aspx", true);

}

这篇关于asp.net的登录安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！