在ASP.netand SQLServer2008之间传输登录信息 [英] Transfering login information between ASP.netand SQLServer2008
本文介绍了在ASP.netand SQLServer2008之间传输登录信息的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
hi
我的存储过程是:
hi
my stored procedure is:
GO
/****** Object: StoredProcedure [dbo].[SelectUserPassExist] Script Date: 01/26/2015 12:28:14 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
-- =============================================
-- Author: <author,,name>
-- Create date: <create>
-- Description: <description,,>
-- =============================================
ALTER PROCEDURE [dbo].[SelectUserPassExist]
@Usr nvarchar,
@Pass nvarchar
AS
BEGIN
if not exists( select [UserName],[Passcode] from Users where ([UserName]=@Usr and [Passcode]=@Pass))
Begin
return -3
end
else
Begin
return 2
end
end
我的登录按钮代码是:
And my Log in Button code is:
protected void Button1_Click(object sender, EventArgs e)
{
int userExists;
// string strUserExists,strUser;
//SelectFullName objSelectFullName = new SelectFullName();
//string strUserName;
//DataRow drFullname;
//drFullname = objSelectFullName.SelectName(txtUsername.Text, txtPassword.Text);
//strUserName = drFullname.ToString();
userExists= CheckUserPass(txtUsername.Text,txtPassword.Text);
//strUser= DRow["Username"].ToString();
if (userExists == -3)
{
lblMsg.Text = "Username or Password is wrong.";
}
else
{
{
Session["Usr"] = txtUsername.Text;
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, chkRememberMe.Checked);
}
}
}
private int CheckUserPass(string strUsr,string strPass)
{
int retVal;
string strConnectionString = ConfigurationManager.ConnectionStrings["GarnetWebsiteConnectionString"].ConnectionString;
SqlConnection con = new SqlConnection(strConnectionString);
SqlCommand com = new SqlCommand();
com.Connection = con;
com.CommandType = CommandType.StoredProcedure;
com.CommandText = "SelectUserPassExist";
SqlParameter retParam = new SqlParameter("@Return", SqlDbType.Int);
retParam.Direction = ParameterDirection.ReturnValue;
com.Parameters.Add(retParam);
com.Parameters.AddWithValue("@Usr", strUsr);
com.Parameters.AddWithValue("@Pass", strPass);
con.Open();
int intRows = com.ExecuteNonQuery();
retVal = (int)com.Parameters["@Return"].Value;
con.Close();
return retVal;
}
每当我输入用户名和密码并点击登录按钮时,即使我的用户名和密码正确,我也会收到返回值-3请帮助我,谢谢。
Every time i enter my username and password and I click on log in button I receive the return value -3 even if my username and password has properly entered please help me , thank you.
推荐答案
绝不以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
你应该做的是使用ExecuteScalar而不是ExecuteNonQuery,并查看它呈现的返回值:
Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
And what you should be doing is using ExecuteScalar instead of ExecuteNonQuery, and looking at the return value it presents:
retVal = com.ExecuteScalar();
我的解决方案是更改存储过程..
My solution is to alter your stored procedure..
ALTER PROCEDURE [dbo].[SelectUserPassExist]
@Usr varchar,
@Pass varchar
AS
BEGIN
Print @Usr -- Will only prompt first character
Print @Pass -- Will only prompt first character
if not exists( select FirstName,LastName from [User] where (FirstName=@Usr and LastName=@Pass))
Begin
return -3
end
else
Begin
return 2
end
end
更改为f.ex
Alter to f.ex
ALTER PROCEDURE [dbo].[SelectUserPassExist]
@Usr varchar(max), -- To allow more than one character
@Pass varchar(max) -- To allow more than one character
if not exists( select FirstName,LastName from [User] where (FirstName=@Usr and LastName=@Pass))
Begin
return -3
end
else
Begin
return 2
end
end
我更改了代码并且我用ExecuteScalar()方法交换了Executenonquery(),现在我收到的每种情况存储过程中的0,我认为你不理解我的问题。事实上,我不知道为什么存储过程的返回值总是反之亦然!(当然有executetenonquery()方法)。如果我输入usr并正确传递,我收到值为-3的返回值,表示密码错误。我不知道问题出在哪里:(。在存储过程中或在代码隐藏中?
我认为我的代码有一些问题,因为我没有正确理解C#如何接收返回值的机制sql server存储过程。
I changed the code and I swapped "Executenonquery()" whith "ExecuteScalar()" method,now in every situation I receive"0" from the Stored Procedure , I think you didnot understand my problem. In fact I dont know that why the return value from stored procedure always is vice versa!(ofcourse with executenonquery() method). If I enter usr and pass properly I receive the return value with value "-3",means wrong password. I dont know where is the problem occurred :(. In stored procedure or in codebehind?
I think somewher of mycode has a little problem,because I dont properly understood the mechanism of how C# receive return values from sql server stored procedures.
这篇关于在ASP.netand SQLServer2008之间传输登录信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文