关于asp.net中的登录和注销以及网址疑惑 [英] About login and logout and url doubts in asp.net

问题描述

实际上我创建了一个小的登录和注销按钮，



1.当我登录我的主页打开它没关系但是当我在浏览器中单击它时它会转到返回登录页面并显示我的用户名和密码。





2.当我点击退出按钮时它会退出但是当我点击前进按钮它来到主页



3.在我的本地系统中，当我测试我的主页url粘贴在mybrowser时它会打开没有登录和注销等信用如何解决所有这些问题都可以在.NET中的任何专家提供明确的材料示例和良好的解释..........



它对我很有用请分享您的知识...........

actually i create small login and logout buttons,

1.when i login my home page is opening it's ok but when i click back in browser it going to back login page and showing my username and password.


2.when i click logout button it is going to logout but when i click forward button its coming to homepage

3. in my local system when i testing my home page url pasted in mybrowser it will openig without credinalities like login and logout how to solve all this problems can anyone experts in .NET please give clear cut material examples with good explanation ..........

it is very use to me please share your knowledge ...........

推荐答案

在这里，您需要考虑应用程序最重要的功能，即身份验证和授权安全目的。

当你有登录应用程序时，记住一件事，firt和从安全角度考虑的最重要的事情是你发布的这个查询。

现在你的查询，你需要使用 Windows.History.Forward（）
javascript中的
功能 Windows历史记录转发 [ ^ ]

上述方法允许您操纵浏览器历史记录。因此后退按钮不会以类似的方式工作。

在两个页面中使用它将解决您的问题1& 2.

另一个建议是在ASP.NET中使用会话或表单身份验证以达到安全目的。

几个链接： -

MSDN [ ^ ]

ASP.NET中的表单身份验证和授权 [ ^ ]

这些肯定会帮助您进行第三次查询。您还可以为唯一的用户名或电子邮件设置会话（微不足道），然后使用Authorize属性检查会话是否存在，然后允许导航到登录页面以外的页面。

And on注销只是删除会话，以便他们无法直接进入页面。

我希望我能让你理解一些东西。

回复你的任何疑问。

谢谢。

Here, you need to consider the most important feature of an application i.e. Authentication and Authorization for security purpose.
Remember one thing when you have login application, firt and foremost thing to consider from security point of view is this query which you have posted.
Nowcoming to your queries, you need to have to use Windows.History.Forward()
feature in javascript Windows history forward[^]
The above method allows you to manipulate the browsers history. So the back button would not work in the similar fashion.
Using this in both the pages will solve your problem 1 & 2.
Another suggestion is to use session or forms authentication in ASP.NET for security purpose.
Few links:-
MSDN[^]
Form authentication and authorization in ASP.NET[^]
These would surely help you for 3rd query. You could also set the Session(trivial) for the unique username or email and then use Authorize attribute to check if the session exists or not then allow to navigate into the pages else the login page.
And on logout just remove the session, so that they cannot get into the pages directly without login.
I hope I could make you understand some thing.
Post back any queries you have.
thanks.

这篇关于关于asp.net中的登录和注销以及网址疑惑的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！