密码保护ASP.Net中的页面 [英] Password Protect Pages in ASP.Net
本文介绍了密码保护ASP.Net中的页面的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
你好朋友
我的名字是Sarfaraz。我在保护我的asp.net网站的几个页面时遇到了一个问题,我应该从除了广告管理员之外的所有用户保护几页,只有一个人在SQL服务器中存储了用户名和密码。一切正常,但是当我直接在地址栏中输入安全页面的网址时,它会被打开而不会首先重定向到登录页面。请帮助
我的代码是
< br />
private bool AuthenticateUser(String username,string password)< br />
{< br />
string cs = ConfigurationManager .ConnectionStrings [HamdardConnectionString]。ConnectionString;< br />
使用(SqlConnection con = new SqlConnection(cs))< br />
{< br />
SqlCommand cmd = new SqlCommand(mp_authenticateadmin,con);< br />
cmd.CommandType = CommandType.StoredProcedure;< br />
< br />
SqlParameter paramUsername =新的SqlParameter(@ Username,用户名);< br />
SqlParameter paramPassword = new SqlParameter(@ Password,password);< br />
< br />
cmd.Parameters.Add(paramUsername);< br />
cmd.P arameters.Add(paramPassword);< br />
< br />
con.Open();< br />
int ReturnCode =(int)cmd.ExecuteScalar( );< br />
返回ReturnCode == 1;< br />
< br />
< br />
}< br />
< br />
}< br />
< br />
< br />
< br />
protected void btnloginn_click(object sender,EventArgs e)< br />
{< br />
if(AuthenticateUser(txtusername.Text,txtpassword.Text))< br />
{< br />
FormsAuthentication.RedirectFromLoginPage(txtusername.Text,true);< br />
< br />
< br />
} < br />
else< br />
{< br />
lblerror.Text =无效的用户名或/和密码;< br />
< br />
}< br />
}< br />
< br />
和我的web.config文件是
< br />
< configuration> < br />
< connectionStrings>< br />
< add name =HamdardConnectionStringconnectionString =Data Source = localhost; Initial Catalog = Hamdard; Integrated Security = True< br />
providerName =System.Data.SqlClient/>< br />
< / connectionStrings>< br />
< br />
< system.web>< br />
< compilation debug =truetargetFramework =4.0/>< br />
< br />
< authentication mode =Forms>< br />
< forms loginUrl =Login.aspxdefaultUrl =Default.aspx>< br />
< /表格>< br />
< / authentication>< br />
< br />
< br />
< authorization>< br />
< deny users =? />< br />
< br />
< / authorization>< br />
< /system.web>< br />
< / configuration>< br />
解决方案
首先,您不应该在任何地方存储任何密码;它是不安全的,绝对不需要授权。惊讶吗?不同意?那么请看我过去的答案:
我已经加密了我的密码,但是当我登录时给了我一个错误。如何解密 [ ^ ] ,
解密加密密码 [ ^ ],
存储密码值int sql server with secure方式 [ ^ ]。
因此,您根本不应该实现您尝试实现的功能。你需要先以合理的方式重新实现它,然后再解决bug,如果你再次拥有它们。
-SA
Hello friends
My name is Sarfaraz. I am facing a problem in securing few pages of my asp.net website where I am supposed to secure few pages from all users other than ad admin only a single person with a username and password stored in SQL server. Everything is working fine but when i type the url of the secured page directly in the address bar it gets opened up without redirecting to the login page first.Please help
my code is
<br />
private bool AuthenticateUser(String username, string password)<br />
{<br />
string cs = ConfigurationManager.ConnectionStrings["HamdardConnectionString"].ConnectionString;<br />
using (SqlConnection con = new SqlConnection(cs))<br />
{<br />
SqlCommand cmd = new SqlCommand("mp_authenticateadmin",con);<br />
cmd.CommandType = CommandType.StoredProcedure;<br />
<br />
SqlParameter paramUsername = new SqlParameter("@Username",username);<br />
SqlParameter paramPassword = new SqlParameter("@Password", password);<br />
<br />
cmd.Parameters.Add(paramUsername);<br />
cmd.Parameters.Add(paramPassword);<br />
<br />
con.Open();<br />
int ReturnCode = (int)cmd.ExecuteScalar();<br />
return ReturnCode == 1;<br />
<br />
<br />
}<br />
<br />
}<br />
<br />
<br />
<br />
protected void btnloginn_click(object sender, EventArgs e)<br />
{<br />
if (AuthenticateUser(txtusername.Text, txtpassword.Text))<br />
{<br />
FormsAuthentication.RedirectFromLoginPage(txtusername.Text,true);<br />
<br />
<br />
}<br />
else<br />
{<br />
lblerror.Text = "Invalid Username or /and Password";<br />
<br />
}<br />
}<br />
<br />
and my web.config file is
<br />
<configuration><br />
<connectionStrings><br />
<add name="HamdardConnectionString" connectionString="Data Source=localhost;Initial Catalog=Hamdard;Integrated Security=True"<br />
providerName="System.Data.SqlClient" /><br />
</connectionStrings><br />
<br />
<system.web><br />
<compilation debug="true" targetFramework="4.0"/><br />
<br />
<authentication mode="Forms"><br />
<forms loginUrl="Login.aspx" defaultUrl="Default.aspx"><br />
</forms><br />
</authentication><br />
<br />
<br />
<authorization><br />
<deny users ="?" /><br />
<br />
</authorization><br />
</system.web><br />
</configuration><br /> 解决方案
To start with, you should never store any passwords anywhere; it is unsafe and absolutely not needed for authorization. Surprised? Disagree? Then please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^].
So, you simply should not implement the functionality you are trying to implement. You need to re-implement it in a reasonable way first, and then address the bugs, if you have them again.
—SA
这篇关于密码保护ASP.Net中的页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
