表单的登录安全性 [英] Login security for a form
问题描述
我有一个表单会提示输入用户名/密码。在VS.NET中,我在名为Admin的文件夹中将受保护的表单保留为
。我在那个
文件夹中也有一个Web.config文件。它包含以下部分:
< authorization>
< deny users ="?" />
< allow users =" *" />
< / authorization>
在其他表单所在的根文件夹中,我有一个Web.config
文件包含以下部分:
<身份验证模式="表单">
< forms loginUrl =" LoginPage.aspx? DB =照片"超时= QUOT; 10080" />
< / authentication>
在LoginPage.aspx中,我有一个用户名和密码编辑框和一个登录
按钮。单击它时,它执行以下代码:
private void Login_Click(object sender,System.EventArgs e)
{
if (Authenticated(UserName.Text,Password.Text))
{
string userData ="" ;;
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket (
1,
UserName.Text,
System.DateTime.Now,
System.DateTime.Now .AddMinutes(30),
Persistent.Checked,
userData,
FormsAuthentication.FormsCookiePath);
//加密票证。
string encTicket = FormsAuthentication.Encrypt(票证);
//创建cookie。
Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,encTicket));
Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text,
Persistent.Checked));
}
else
消息(无效登录);
}
如果我指定了无效的登录组合,则会执行Message语句。
这很好。如果我指定一个好的组合,表单永远不会从
登录页面移动。表单在显示它们的页面上的框架中运行。
为什么在身份验证有效时页面不会被重定向?
I have a form that will prompt for a user name/password. In VS.NET, I have
the protected form in a folder named Admin. I have a Web.config file in that
folder as well. It contains the following section:
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
In the root folder where the other forms are located I have a Web.config
file with the following section:
<authentication mode="Forms">
<forms loginUrl="LoginPage.aspx?DB=Photos" timeout="10080" />
</authentication>
In LoginPage.aspx, I have a user name and password edit box and a Login
button. When clicked it executes the following code:
private void Login_Click(object sender, System.EventArgs e)
{
if (Authenticated (UserName.Text, Password.Text))
{
string userData = "";
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
UserName.Text,
System.DateTime.Now,
System.DateTime.Now.AddMinutes(30),
Persistent.Checked,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
Response.Redirect (FormsAuthentication.GetRedirectUrl(UserName.Text,
Persistent.Checked));
}
else
Message("Invalid login");
}
If I specify an invalid login combination, the Message statement executes.
This is good. If I specify a good combination, the form never moves from the
login page. The forms are running in a frame on the page that presents them.
Why would the page not be redirected when authentication is valid?
推荐答案
更多信息:
看来从FormsAuthentication.GetRedirectUrl获取的网址是
不是完全限定的网址。这是一个相对的网址。有没有办法完全获得
的资格?如果我在Response.Redirect中放置 http://www.microsoft.com
方法,重定向发生。
" David W. Simmonds" <哒*** @ simmonds.ca>写在消息
news:v38Zb.564404
More info:
It appears the the url obtained from FormsAuthentication.GetRedirectUrl is
not a fully qualified url. It is a relative url. Is there a way for fully
qualify it? If I put http://www.microsoft.com in the Response.Redirect
method, the redirect occurs.
"David W. Simmonds" <da***@simmonds.ca> wrote in message
news:v38Zb.564404
X%5.377677@pd7tw2no ...
X%5.377677@pd7tw2no...
我有一个表单会提示用户名/密码。在VS.NET中,我在名为Admin的文件夹中有受保护的表单。我在
的文件夹中也有一个Web.config文件。它包含以下部分:
< authorization>
< deny users ="?" />
< allow users =" *" />
< / authorization>
在其他表单所在的根文件夹中,我有一个Web.config
文件,其中包含以下部分:
< authentication mode =" Forms">
< forms loginUrl =" LoginPage.aspx?DB = Photos"超时= QUOT; 10080" />
< / authentication>
在LoginPage.aspx中,我有一个用户名和密码编辑框以及一个Login
按钮。单击它时,它执行以下代码:
private void Login_Click(object sender,System.EventArgs e)
{
if(Authenticated(UserName.Text,Password.Text))
{/> string userData ="" ;;
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
UserName.Text,
System.DateTime.Now ,
System.DateTime.Now.AddMinutes(30),
Persistent.Checked,
userData,
FormsAuthentication.FormsCookiePath);
//加密票证。
字符串encTicket = FormsAuthentication.Encrypt(票证);
//创建cookie。
Response.Cookies.Add(新的
HttpCookie(FormsAuthentication。 FormsCookieName,encTicket));
Response.Redirect
(FormsAuthentication.GetRedirectUrl(UserName.Text,Persistent.Checked));
}
消息(无效登录);
}
如果我指定了无效的登录组合,则会执行Message语句。
这很好。如果我指定一个好的组合,表单永远不会从登录页面的
移动。表单在页面上的框架中运行,它们显示
。为什么在身份验证有效时页面不会被重定向?
I have a form that will prompt for a user name/password. In VS.NET, I have
the protected form in a folder named Admin. I have a Web.config file in that folder as well. It contains the following section:
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
In the root folder where the other forms are located I have a Web.config
file with the following section:
<authentication mode="Forms">
<forms loginUrl="LoginPage.aspx?DB=Photos" timeout="10080" />
</authentication>
In LoginPage.aspx, I have a user name and password edit box and a Login
button. When clicked it executes the following code:
private void Login_Click(object sender, System.EventArgs e)
{
if (Authenticated (UserName.Text, Password.Text))
{
string userData = "";
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
UserName.Text,
System.DateTime.Now,
System.DateTime.Now.AddMinutes(30),
Persistent.Checked,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
Response.Redirect (FormsAuthentication.GetRedirectUrl(UserName.Text, Persistent.Checked));
}
else
Message("Invalid login");
}
If I specify an invalid login combination, the Message statement executes.
This is good. If I specify a good combination, the form never moves from the login page. The forms are running in a frame on the page that presents them. Why would the page not be redirected when authentication is valid?
更多信息:
似乎Redirect工作正常,但它重定向回登录页面
,即使url不包含LoginPage.aspx。它
包含受保护文件夹中的aspx页面的URL。现在我
真的不知道现在发生了什么。这就好像身份验证
成功,但它会将我重定向回相同的登录页面。
" David W. Simmonds" <哒*** @ simmonds.ca>在消息中写道
news:lo8Zb.564544
Even more info:
It seems that the Redirect is working fine, but it is redirecting back to
the login page even though the url does not contain LoginPage.aspx. It
contains the url to the aspx page that is in the protected folder. Now I
really don''t know what is happening now. It''s as if the authentication
succeeds, but it redirects me back to the same login page anyway.
"David W. Simmonds" <da***@simmonds.ca> wrote in message
news:lo8Zb.564544
这篇关于表单的登录安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
