在ASP.net中登录程序 [英] Sign-in program in ASP.net

问题描述

您好！

如何在ASP.net中创建登录程序，其中输入的用户名将保存在变量中并将传递到另一个webform？



我试图使用这段代码：

Response.Redirect（todo.aspx？id =+ TextBox1.Text +）;



这个，在另一个webform中：

string str = Request.QueryString [idname]。ToString（）;



但它没有用。

Hello!
How can I make a sign-in program in ASP.net wherein the entered username will be saved in a variable and will be passed into another webform?

I''ve tried to used this code:
Response.Redirect("todo.aspx?id= "+TextBox1.Text+" ");

and this, in another webform:
string str = Request.QueryString["idname"].ToString();

but it didn''t function.

推荐答案

首先，尽量不要传递用户名密码组合（特别是密码）。

在网址中传递密码将是系统可能遇到的最大风险。



传递参数说明此处 [ ^ ]。



使用 UrlEncode [ ^ ]加密您传递的任何网址参数。

First of all, try not to pass the user name password combination (especially password) around.
Passing the password in the url would be the biggest risk your system could possibly have.

Passing parameters is explained here[^].

Use UrlEncode[^] to encrypt any url parameters you pass around.

按照 Abhinav S 和 Sergey Alexandrovich Kryukov 给出的答案，该答案表示不会在页面之间传递用户名和密码，因为这是安全威胁，并会为您创建漏洞申请。



使用会话

所以，试着保存在会话中您可以在任何页面访问它们，直到用户退出，这将是安全的。



参考获奖者文章 - 在ASP.NET中探索会话 [ ^ ]探索sess离子的细节。 存储和检索会话中的值 [ ^ ]文章的部分将为您提供简单的内容示例如何操作。



代码中的问题

现在来了对于你的代码，问题如下......



1.你发送名为id的QueryString ，但是尝试把它作为 idname 来获取，你没有获得数据。 （ 所有带下划线的 ）

Follow the answers given by Abhinav S and Sergey Alexandrovich Kryukov, which says not to pass the username and password in between pages as it is security threat and will create hole to your application.

Use Sessions
So, try to save in session so that you can access them in any page till user signs out, which will be secure.

Refer Prize winner article - Exploring Session in ASP.NET[^] to explore about sessions in details. Storing and retrieving values from Session[^] section of the article will give you simple example how to do it.

Problem in your code
Now coming to your code, the problems are as follows...

1. You are sending the QueryString named as "id", but trying to get it as "idname", for which you are not getting the data. (All underlined)

Response.Redirect("todo.aspx?id= "+TextBox1.Text+" ");

string str = Request.QueryString["idname"].ToString();

2.在id后面有一个空格和+在QueryString中签名，这也是一个问题。

并且在 TextBox1.Text 之后还有额外的+和引号，这些都不是必需的。 （ 所有带下划线的 ）。

2. There is one space after "id" and "+" sign in the QueryString, which is also create problem.
And there are extra "+" and quotes after the TextBox1.Text, which are not required. (All underlined).

Response.Redirect("todo.aspx?id= "+TextBox1.Text+" ");

所以，代码如下所示......

So, the code will be like below...

Response.Redirect("todo.aspx?id=" + HttpUtility.UrlEncode(TextBox1.Text));
string str = Request.QueryString["id"].ToString();

谢谢......

Thanks...

首先要学习的是：永远不要在任何地方存储密码，不要使用不安全的协议将密码传递给网络。您可能会问如何验证呢？这是整个想法。您永远不需要它进行身份验证。不同意？难道不敢相信？继续阅读。



请查看我过去的答案：

以安全的方式存储密码值int sql server [ ^ ]，

< a href =http://www.codeproject.com/Answers/427708/Decryption-of-Encrypted-Password#answer3>解密加密密码 [ ^ ]，

我已经加密了我的密码，但是当我登录时给了我一个错误。如何解密 [ ^ ] ，

使用用户名和密码进行TCP连接 [ ^ ]。

-SA

First thing you have to learn: never store a password anywhere, never pass it through the network using insecure protocol. You may ask "how to authenticate then?" This is the whole idea. You never need it for authentication. Disagree? Cannot believe that? Keep reading.

Please see my past answers:
storing password value int sql server with secure way[^],
Decryption of Encrypted Password[^],
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
TCP Connection with username and password[^].

—SA

这篇关于在ASP.net中登录程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！