如何在不使用web.config中的身份验证的情况下在ASP.NET中进行基于角色的控制 [英] How to make role based control in ASP.NET without using authentication in web.config
本文介绍了如何在不使用web.config中的身份验证的情况下在ASP.NET中进行基于角色的控制的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Hi
我想在登录页面中进行基于角色的身份验证,而不使用不使用web.config文件中的身份验证。可能使用C#代码吗?
我的尝试:
< pre> protected void btlogin_Click( object sender,EventArgs e)
{
cn.Open();
SqlCommand cmd = new SqlCommand( 选择*来自Adduser,其中Username = @ username和Password = @ password,cn);
cmd.Parameters.AddWithValue( @ username,txtUserName.Text);
cmd.Parameters.AddWithValue( @ password,txtPwd.Text);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count > 0 )
{
Response.Redirect( Default.aspx的跨度>);
}
else
{
ClientScript.RegisterStartupScript(Page.GetType(), validation, < script language ='javascript'> alert('无效的用户名和密码')< / script>);
}
}
我的aspx
< pre > < 表格 id = form1 runat = 服务器 >
< fieldset style = width:270px; height:174px; margin-left:345px >
< 图例 class = auto-style1 > 登录 < / legend >
< div class =' container' >
< asp:标签 ID = 名称 runat = server 文本 = 用户名: CssClass = lbl / > ;
< br / >
< asp:TextBox ID = txtUserName runat = server ValidationGroup = lgn 高度 = 22px / >
< asp:RequiredFieldValidator ID = RV1 runat = server ValidationGroup = lgn
< span class =code-attribute> < span class =code-attribute> ControlToValidate = txtUserName
< span class =code-attribute> ErrorMessage = 请输入用户名
< span class =code-attribute> SetFocusOnError = True style < span class =code-keyword> = color:#FF0000 > *
< / asp:RequiredFieldValidator > < br / >
< / div >
< div class =' container' >
< asp :标签 ID = lblPwd runat = 服务器 文本 = 密码: CssClass = lbl / >
< br / >
< ; asp:TextBox ID = txtPwd runat = server TextMode = 密码 ValidationGroup < span class =code-keyword> = lgn
< span class =code-attribute>
CssClass = pwd 高度 = 22px / >
< asp:RequiredFieldValidator ID = RV2 runat = server
ControlToValidate = txtPwd < span class =code-attribute>
< span class =code-attribute> ValidationGroup = lgn
ErrorMessage = 您的密码
SetFocusOnError = True 样式 = 颜色:#FF0000 > *
< / asp: RequiredFieldValidator > < br / >
< / div >
< tr >
< td style = width:360px > < / td >
< td >
< ; asp:按钮 ID = btlogin runat = < span class =code-keyword> server 文本 = 登录 ValidationGroup = lgn OnClick = btlogin_Click / >
< asp:按钮 ID = btnsp runat = server 文字 = SignUp OnClick = btnsp_Click / >
< / td > ;
< / t r >
< / form >
< pre > ; 以下是页面的ID:
< a id = menu1 href = Default.aspx > 主页< / a >
< a id = menu2 href = 添加%20User.aspx > 添加用户< / a >
< a id = menu3 href = 注册page.aspx > 注册员工< / a >
< a id = menu4 href < span class =code-keyword> = Contact.aspx > 联系方式< / a >
解决方案
用户可以选择直接输入Default.aspx
url在浏览器地址栏中,通过这样做安全性失败。
为避免这种情况,您必须将经过身份验证的密钥存储在会话中,并在所有页面的页面加载方法中使用它进行验证。
登录页面
da.Fill(dt);
会话[ isValidUser] = 0;
if (dt.Rows.Count > 0 )
{
会话[ isValidUser] = 1;
Response.Redirect( Default.aspx);
}
其他页面:
protected void Page_Load( object sender,EventArgs e)
{
if (Session [ isValidUser]!= 1)
{
Response.Redirect( ErrorPage.aspx< /跨度>);
}
// 您的代码....
Hi
I want to do Role based authentication in login page,without using without using authentication in web.config file.Is that possible with C# codes?
What I have tried:
<pre>protected void btlogin_Click(object sender, EventArgs e)
{
cn.Open();
SqlCommand cmd = new SqlCommand("Select * from Adduser where Username =@username and Password=@password", cn);
cmd.Parameters.AddWithValue("@username", txtUserName.Text);
cmd.Parameters.AddWithValue("@password", txtPwd.Text);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count > 0)
{
Response.Redirect("Default.aspx");
}
else
{
ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Invalid Username and Password')</script>");
}
}
My aspx
<pre><form id="form1" runat="server">
<fieldset style="width: 270px; height: 174px; margin-left: 345px">
<legend class="auto-style1">Login</legend>
<div class='container'>
<asp:Label ID="Name" runat="server" Text="UserName:" CssClass="lbl"/>
<br/>
<asp:TextBox ID="txtUserName" runat="server" ValidationGroup="lgn" Height="22px"/>
<asp:RequiredFieldValidator ID="RV1" runat="server" ValidationGroup="lgn"
ControlToValidate="txtUserName"
ErrorMessage="Please Enter User Name"
SetFocusOnError="True" style="color: #FF0000">*
</asp:RequiredFieldValidator><br />
</div>
<div class='container'>
<asp:Label ID="lblPwd" runat="server" Text="Password:" CssClass="lbl"/>
<br/>
<asp:TextBox ID="txtPwd" runat="server" TextMode="Password" ValidationGroup="lgn"
CssClass="pwd" Height="22px"/>
<asp:RequiredFieldValidator ID="RV2" runat="server"
ControlToValidate="txtPwd"
ValidationGroup="lgn"
ErrorMessage="Your Password"
SetFocusOnError="True" style="color: #FF0000">*
</asp:RequiredFieldValidator><br />
</div>
<tr>
<td style="width: 360px"></td>
<td>
<asp:Button ID="btlogin" runat="server" Text="Login" ValidationGroup="lgn" OnClick="btlogin_Click" />
<asp:Button ID="btnsp" runat="server" Text="SignUp" OnClick="btnsp_Click" />
</td>
</tr>
</form>
<pre>The below are the ids of the pages::
<a id="menu1" href="Default.aspx">Home</a>
<a id="menu2" href="Add%20User.aspx">Add User</a>
<a id="menu3" href="Registrationpage.aspx">Register Employee</a>
<a id="menu4" href="Contact.aspx">Contact</a>
解决方案
The user has an option to enter the "Default.aspx
" url directly in the browser address bar, by doing so the security fails.
To avoid this situation you will have to store the authenticated key in a session and use it across the page load method of all the pages for validation.
Login page
da.Fill(dt); Session["isValidUser"] ="0"; if (dt.Rows.Count > 0) { Session["isValidUser"] ="1"; Response.Redirect("Default.aspx"); }
Other page:
protected void Page_Load(object sender, EventArgs e) { if(Session["isValidUser"] !="1") { Response.Redirect("ErrorPage.aspx"); } // your code....
这篇关于如何在不使用web.config中的身份验证的情况下在ASP.NET中进行基于角色的控制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文