基于用户的授权不起作用.... [英] User based authorisation not working....
问题描述
亲爱的所有
我正在尝试为某些网址提供基于用户的授权。
我已经配置了web.config根目录如下
< authentication mode =Forms>
< forms
name =MyAuth
loginUrl =ABC / Login.aspx
protection =All
path =/
/>
< / authentication>
ABC目录中的另一个web.config如下
<?xml version =1.0?>
< configuration>
< system.web>
< authorization>
< deny users =? />
< / authorization>
< /system.web>
< / configuration>
除了登录之外,每件事情都工作正常
当我访问目录ABC登录页面即使在提供正确的用户名和密码后也会显示,页面将被重定向到登录页面本身。
我是C#和ASP.net的新手
请帮帮我
我在aspx.cs的代码如下所示
protected void Login1_Authenticate(object sender,AuthenticateEventArgs e)
{
string selectString =SELECT * FROM users+WHERE Username ='+ Login1.UserName +'AND Password ='+ Login1.Password +';
MySqlCommand mySqlCommand = new MySqlCommand(selectString,con);
con.Open();
String strResult = String.Empty;
strResult = mySqlCommand.ExecuteScalar()。ToString();
con.Close();
if(strResult.Length> 0)
{
e.Authenticated = true;
Response.Redirect(up.aspx);
}
其他
{
MsgBox(错误的用户名或密码!。,this.Page,this);
返回;
}
}
请帮帮我
谢谢
Santosh Sharma
我认为你需要创建一个表单身份验证票证对象,在重定向到经过身份验证的页面之前加密并存储在cookie中。
FormsAuthentication.SignOut();
Session.RemoveAll();
// 创建表单身份验证票据
var ticket = new FormsAuthenticationTicket(
1 , // 故障单版本
txtMemUserName.Text.Trim(), // 与此票证关联的用户名
DateTime.Now, / / 发布日期/时间票据
DateTime.Now.AddMinutes( 2880 ), // Cookie过期的日期和时间
false , // 如果用户已检查过,请记住我,然后创建持久性cookie
mem, // 存储用户数据,在这种情况下是用户的角色
FormsAuthentication.FormsCookiePath); // < Forms>中的web.config文件中指定的Cookie路径标记(如果有)。
// 为了提高安全性,建议使用hash it
var hashCookies = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName,hashCookies); // 哈希票
// 将cookie添加到响应,用户浏览器
Response.Cookies.Add(cookie);
Dear All
I am trying to give a user based authorisation to certain urls.
I have configured the web.config at the root as below
<authentication mode="Forms"> <forms name="MyAuth" loginUrl="ABC/Login.aspx" protection="All" path="/" /> </authentication>
another web.config at the ABC Directory as below
<?xml version="1.0"?> <configuration> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </configuration>
every thing is working fine except the login
when I access the directory ABC login page is displayed even after giving correct username and password the page is redirected to login page itself.
I am new to C# and ASP.net
Please help me
my Code at aspx.cs is as below
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e) { string selectString = "SELECT * FROM users " + "WHERE Username = '" + Login1.UserName + "' AND Password = '" + Login1.Password + "'"; MySqlCommand mySqlCommand = new MySqlCommand(selectString,con); con.Open(); String strResult = String.Empty; strResult = mySqlCommand.ExecuteScalar().ToString(); con.Close(); if (strResult.Length > 0) { e.Authenticated = true; Response.Redirect("up.aspx"); } else { MsgBox("Wrong username or password!.", this.Page, this); return; } }
Please help me
Thank You
Santosh Sharma
I think you need to create a forms authentication ticket object, encrypt and store the same in cookie before redirecting to authenticated pages.
FormsAuthentication.SignOut(); Session.RemoveAll(); // Create forms authentication ticket var ticket = new FormsAuthenticationTicket( 1, // Ticket version txtMemUserName.Text.Trim(),// Username to be associated with this ticket DateTime.Now, // Date/time ticket was issued DateTime.Now.AddMinutes(2880), // Date and time the cookie will expire false, // if user has checked remember me then create persistent cookie "mem", // store the user data, in this case roles of the user FormsAuthentication.FormsCookiePath); // Cookie path specified in the web.config file in <Forms> tag if any. // To give more security it is suggested to hash it var hashCookies = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies); // Hashed ticket // Add the cookie to the response, user browser Response.Cookies.Add(cookie);
这篇关于基于用户的授权不起作用....的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!