如何在不使用web.config中的身份验证的情况下在ASP.NET中进行基于角色的控制 [英] How to make role based control in ASP.NET without using authentication in web.config
本文介绍了如何在不使用web.config中的身份验证的情况下在ASP.NET中进行基于角色的控制的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Hi
我想在登录页面中进行基于角色的身份验证,而不使用不使用web.config文件中的身份验证。可能使用C#代码吗?
我的尝试:
< pre> protected void btlogin_Click( object sender,EventArgs e)
{
cn.Open();
SqlCommand cmd = new SqlCommand( 选择*来自Adduser,其中Username = @ username和Password = @ password,cn);
cmd.Parameters.AddWithValue( @ username,txtUserName.Text);
cmd.Parameters.AddWithValue( @ password,txtPwd.Text);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count > 0 )
{
Response.Redirect( Default.aspx的);
}
else
{
ClientScript.RegisterStartupScript(Page.GetType(), validation, < script language ='javascript'> alert('无效的用户名和密码')< / script>);
}
}
我的aspx
< pre > < 表格 id = form1 runat = 服务器 >
< fieldset style = width:270px; height:174px; margin-left:345px >
< 图例 class = auto-style1 > 登录 < / legend >
< div class =' container' >
< asp:标签 ID = 名称 runat = server 文本 = 用户名: CssClass = lbl / > ;
< br / >
< asp:TextBox ID = txtUserName runat = server ValidationGroup = lgn 高度 = 22px / >
< asp:RequiredFieldValidator ID = RV1 runat = server ValidationGroup = lgn
< span class =code-attribute> < span class =code-attribute> ControlToValidate = txtUserName
< span class =code-attribute> ErrorMessage = 请输入用户名
< span class =code-attribute> SetFocusOnError = True style < span class =code-keyword> = color:#FF0000 > *
< / asp:RequiredFieldValidator > < br / >
< / div >
< div class =' container' >
< asp :标签 ID = lblPwd runat = 服务器 文本 = 密码: CssClass = lbl / >
< br / >
< ; asp:TextBox ID = txtPwd runat = server TextMode = 密码 ValidationGroup < span class =code-keyword> = lgn
< span class =code-attribute>
CssClass = pwd 高度 = 22px / >
< asp:RequiredFieldValidator ID = RV2 runat = server
ControlToValidate = txtPwd < span class =code-attribute>
< span class =code-attribute> ValidationGroup = lgn
ErrorMessage = 您的密码
SetFocusOnError = True 样式 = 颜色:#FF0000 > *
< / asp: RequiredFieldValidator > < br / >
< / div >
< tr >
< td style = width:360px > < / td >
< td >
< ; asp:按钮 ID = btlogin runat = < span class =code-keyword> server 文本 = 登录 ValidationGroup = lgn OnClick = btlogin_Click / >
< asp:按钮 ID = btnsp runat = server 文字 = SignUp OnClick = btnsp_Click / >
< / td > ;
< / t r >
< / form >
< pre > ; 以下是页面的ID:
< a id = menu1 href = Default.aspx > 主页< / a >
< a id = menu2 href = 添加%20User.aspx > 添加用户< / a >
< a id = menu3 href = 注册page.aspx > 注册员工< / a >
< a id = menu4 href < span class =code-keyword> = Contact.aspx > 联系方式< / a >
解决方案
用户可以选择直接输入Default.aspxurl在浏览器地址栏中,通过这样做安全性失败。
为避免这种情况,您必须将经过身份验证的密钥存储在会话中,并在所有页面的页面加载方法中使用它进行验证。
登录页面
da.Fill(dt);
会话[ isValidUser] = 0;
if (dt.Rows.Count > 0 )
{
会话[ isValidUser] = 1;
Response.Redirect( Default.aspx);
}
其他页面:
protected void Page_Load( object sender,EventArgs e)
{
if (Session [ isValidUser]!= 1)
{
Response.Redirect( ErrorPage.aspx< /跨度>);
}
// 您的代码....
Hi
I want to do Role based authentication in login page,without using without using authentication in web.config file.Is that possible with C# codes?
What I have tried:
<pre>protected void btlogin_Click(object sender, EventArgs e)
{
cn.Open();
SqlCommand cmd = new SqlCommand("Select * from Adduser where Username =@username and Password=@password", cn);
cmd.Parameters.AddWithValue("@username", txtUserName.Text);
cmd.Parameters.AddWithValue("@password", txtPwd.Text);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count > 0)
{
Response.Redirect("Default.aspx");
}
else
{
ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Invalid Username and Password')</script>");
}
}
My aspx
<pre><form id="form1" runat="server">
<fieldset style="width: 270px; height: 174px; margin-left: 345px">
<legend class="auto-style1">Login</legend>
<div class='container'>
<asp:Label ID="Name" runat="server" Text="UserName:" CssClass="lbl"/>
<br/>
<asp:TextBox ID="txtUserName" runat="server" ValidationGroup="lgn" Height="22px"/>
<asp:RequiredFieldValidator ID="RV1" runat="server" ValidationGroup="lgn"
ControlToValidate="txtUserName"
ErrorMessage="Please Enter User Name"
SetFocusOnError="True" style="color: #FF0000">*
</asp:RequiredFieldValidator><br />
</div>
<div class='container'>
<asp:Label ID="lblPwd" runat="server" Text="Password:" CssClass="lbl"/>
<br/>
<asp:TextBox ID="txtPwd" runat="server" TextMode="Password" ValidationGroup="lgn"
CssClass="pwd" Height="22px"/>
<asp:RequiredFieldValidator ID="RV2" runat="server"
ControlToValidate="txtPwd"
ValidationGroup="lgn"
ErrorMessage="Your Password"
SetFocusOnError="True" style="color: #FF0000">*
</asp:RequiredFieldValidator><br />
</div>
<tr>
<td style="width: 360px"></td>
<td>
<asp:Button ID="btlogin" runat="server" Text="Login" ValidationGroup="lgn" OnClick="btlogin_Click" />
<asp:Button ID="btnsp" runat="server" Text="SignUp" OnClick="btnsp_Click" />
</td>
</tr>
</form>
<pre>The below are the ids of the pages::
<a id="menu1" href="Default.aspx">Home</a>
<a id="menu2" href="Add%20User.aspx">Add User</a>
<a id="menu3" href="Registrationpage.aspx">Register Employee</a>
<a id="menu4" href="Contact.aspx">Contact</a> 解决方案
The user has an option to enter the "Default.aspx" url directly in the browser address bar, by doing so the security fails.
To avoid this situation you will have to store the authenticated key in a session and use it across the page load method of all the pages for validation.
Login page
da.Fill(dt); Session["isValidUser"] ="0"; if (dt.Rows.Count > 0) { Session["isValidUser"] ="1"; Response.Redirect("Default.aspx"); }
Other page:
protected void Page_Load(object sender, EventArgs e) { if(Session["isValidUser"] !="1") { Response.Redirect("ErrorPage.aspx"); } // your code....
这篇关于如何在不使用web.config中的身份验证的情况下在ASP.NET中进行基于角色的控制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
