用户登录验证 [英] Login Validation of User

问题描述

大家好，



我在数据库中创建了一个新的注册页面Register.aspx和一个新的表，aspnet_UserMembership。这些都没有问题。这是我的登录页面，Login.aspx和代码页，Login.aspx.cs，无法正常工作。当我尝试登录并验证UserName和Password时，我直接转到login.aspx页面而不是Default.aspx。如果UserName和Password没有验证，它应该发送到ErrorExist.aspx，但是当我尝试登录并且不验证时它会将我发送回登录页面。这些页面的代码如下：



Page Login.aspx，

Hi Everyone,

I have created a new registration page, Register.aspx, and a new Table, aspnet_UserMembership, in the database. These are all working with no problem. It is my login page, Login.aspx, and the code page, Login.aspx.cs, do not work properly. When I try to login, and validate UserName and Password, I go straight to the login.aspx page instead of the Default.aspx. If the UserName and Password do not validate, it should send go to ErrorExist.aspx, but instead it sends me back to the login page when ever I try to login and does not validate. The code for these pages is as follows below:

Page Login.aspx,

<%@ Page Title="" Language="C#" MasterPageFile="~/Register.master" AutoEventWireup="true" CodeFile="Login.aspx.cs" Inherits="Login" %>
 
<asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server">
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">
    <br />
    <link href="Styles/Content.css" rel="stylesheet" />
    <div id="content">
        <div style="text-align: center; height: 53px">
            <span style="font-family: Arial, Helvetica, sans-serif; font-size: large">Welcome to Genealogy-Biography.com Login Page </span>
        </div>
        <div style="text-align: justify">
            If you are already a member, you can just login. If not a member yet, please press the register link below to register it is FREE!:</div>
        <br />
        <table cellpadding="0" cellspacing="0" style="width: 159%">
            <tr>
                <td style="background-color: #990000"> </td>
                <td style="text-align: left; font-family: Arial, Helvetica, sans-serif; font-size: large; color: #9F9F6F; width: 163px; background-color: #990000">Login<br />
                    <br />
                    </td>
                <td style="background-color: #FFFFFF">
                     </td>
            </tr>
            <tr>
                <td style="text-align: right"> </td>
                <td style="width: 163px"> </td>
                <td> </td>
            </tr>
            <tr>
                <td style="text-align: right; font-family: Arial, Helvetica, sans-serif; font-size: medium; height: 22px; border-left-color: #A0A0A0; border-right-color: #C0C0C0; border-top-color: #A0A0A0; border-bottom-color: #C0C0C0">User Name:</td>
                <td style="width: 163px; height: 22px">
                    <asp:TextBox ID="UserName" runat="server" style="margin-left: 0px" Width="200px"></asp:TextBox>
                </td>
                <td style="height: 22px">
                    <asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ControlToValidate="UserName" ErrorMessage="User Name Required......" ForeColor="Red"></asp:RequiredFieldValidator>
                </td>
            </tr>
            <tr>
                <td style="text-align: right; font-family: Arial, Helvetica, sans-serif; font-size: medium; border-left-color: #A0A0A0; border-right-color: #C0C0C0; border-top-color: #A0A0A0; border-bottom-color: #C0C0C0">Password:</td>
                <td style="width: 163px">
                    <asp:TextBox ID="Password1" runat="server" TextMode="Password" Width="200px"></asp:TextBox>
                </td>
                <td>
                    <asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server" ControlToValidate="Password1" ErrorMessage="Password Required......." ForeColor="Red"></asp:RequiredFieldValidator>
                </td>
            </tr>
            <tr>
                <td style="text-align: right"> </td>
                <td style="width: 163px"> </td>
                <td> </td>
            </tr>
            <tr>
                <td> </td>
                <td style="width: 163px; text-align: right">     
                    <asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Login" />
                </td>
                <td>
                    <asp:HyperLink ID="HyperLink1" runat="server" NavigateUrl="~/Register.aspx">Register</asp:HyperLink>
                </td>
            </tr>
        </table>
        <br />
        <br />
        <br />
        <br />
    </div>
    <div id ="content1"></div>
    <div id="ad"></div>
</asp:Content>

Login.aspx.cs

Login.aspx.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using Microsoft.SqlServer.Server;

public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }


    protected void Button1_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["GenealogyConnectionString1"].ConnectionString);


        con.Open();
        String cmdStr = "Select count (*) from aspnet_UserMembership where UserName = '" + UserName.Text + "'";
        SqlCommand Checkuser = new SqlCommand(cmdStr, con);
        int temp = Convert.ToInt32(Checkuser.ExecuteScalar().ToString());
        con.Close();

        if (temp == 1)
        {
            con.Open();
            String cmdStr2 = "Select Password from aspnet_UserMembership where UserName = '" + UserName.Text + "'";
            SqlCommand pass = new SqlCommand(cmdStr2, con);
            String Password = pass.ExecuteScalar().ToString();
            con.Close();


            if (Password == Password1.Text)
            {
                Session["New"] = UserName.Text;
                Response.Redirect("Default.aspx");
            }
            else
            {
                Response.Redirect("ErrorExist.aspx");

            }
        }
        else
        {
            Response.Redirect("ErrorExist.aspx");

        }
    }
}

谢谢，非常感谢您的帮助，期待在不久的将来收到您的回复。







谢谢











ASW

Thanks, your help would be much appreciated, and look forward to hearing from you in the near future.



Thanks





ASW

推荐答案

三件事：

1）不要以明文形式存储密码 - 这是一个主要的安全风险。请改为使用它们：密码存储：如何操作。 [< a href =http://www.codeproject.com/Tips/186585/Password-Storage-How-to-do-ittarget =_ blanktitle =New Window> ^ ] br />
2）不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。这是一个网站的主要问题，当登录代码很容易破坏你的数据库时，这是一个非常愚蠢的方式开始......

3）你有没有机会检查登录你的母版？从那里指向登录页面？因为如果你是，那么你可能不应该使用登录错误报告页面的母版页，如果你...



不要这样做 - 实施会员资格 [ ^ ]。它可能涵盖了您所需要的一切，并且比您自己酝酿自己更快，更可靠。该链接指导您完成，但总共不应超过30分钟。

Three things:
1) Don't store your passwords in clear text - it is a major security risk. Hash them instead: Password Storage: How to do it.[^]
2) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. This is a major problem with a web site, and when the login code can easily destroy your database it is a very foolish way to start...
3) Are you by any chance checking for login in your master page? And directing to the login page from there? Because if you are, then you probably shouldn't use the master page fro your login error report page, should you...

Don't do it like that - implement Membership[^] instead. It covers probably everything you need and is a lot quicker, and more reliable than "brewing your own" as you are. The link guides you through, but it shouldn't take you more than 30 minutes in total.

这篇关于用户登录验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！