使用默认控件存储登录信息时出现问题 [英] Problem storing login information with default control
本文介绍了使用默认控件存储登录信息时出现问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已经使用了asp.net的默认登录控件,它无法正常工作,但是我点击了记住我,就不记得了我
这是我的密码
LOGIN.CS
i have using the default logincontrol of asp.net it is not working but i click on remember me it not remember me
THIS IS MY CODE
LOGIN.CS
protected void ctlLogin_Authenticate(object sender, AuthenticateEventArgs e)
{
bool Authenticated = false;
CheckBox chBox = (CheckBox)ctlLogin.FindControl("RememberMe");
Authenticated = UserAuthenticate(ctlLogin.UserName, ctlLogin.Password);
e.Authenticated = Authenticated;
if (Authenticated == true)
{
if (chBox.Checked == true)
{
Response.Cookies["RFriend_Email"].Value = ctlLogin.UserName;
Response.Cookies["RFriend_PWD"].Value = ctlLogin.Password;
Response.Cookies["RFriend_UID"].Value = Session["Id"].ToString(); Why not remember me?
Response.Cookies["RFriend_Email"].Expires = DateTime.Now.AddMonths (3); is it not code for reading data
Response.Cookies["RFriend_PWD"].Expires = DateTime.Now.AddMonths(3);
Response.Cookies["RFriend_UID"].Expires = DateTime.Now.AddMonths(3);
}
Response.Redirect("UserDetails.aspx?Id=" +Session["Id"].ToString());
}
}
private bool UserAuthenticate(string UserName, string Password)
{
bool boolReturnValue = false;
//--------------------------------
//Check UserID From Config File
//--------------------------------
dt = new DataTable();
SqlConnection con = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\omar\Documents\Visual Studio 2005\WebSites\Project1\App_Data\Database.mdf;Integrated Security=True;User Instance=True");
string chkUser = "Select * FROM [User] where Email=''" + UserName + "'' AND Password=''" + Password + "''";
dt = dbClass.ConnectDataBaseReturnDT(chkUser);
if (dt.Rows.Count > 0)
{
boolReturnValue = true;
Session["Id"] = dt.Rows[0]["Id"].ToString();
string que = "UPDATE [User] SET LastLogin = GETDATE() where Id=" + Session["Id"].ToString();
// DateTime registerdate = (DateTime)dt.Rows[0]["RegisterDate"];
//string que1 = "UPDATE [User] SET RegisterDate = GETDATE() where Id=" + Session["UserId"].ToString();
dbClass.ConnectDataBaseToInsert(que);
//dbClass.ConnectDataBaseToInsert(que1);
}
return boolReturnValue;
}
protected void LinkButton1_Click(object sender, EventArgs e)
{
Response.Redirect("Register.aspx");
}
<pre lang="cs">protected void Page_Load(object sender, EventArgs e)
{
if ((!object.Equals(Request.Cookies["RFriend_Email"], null)) && (!object.Equals(Request.Cookies["RFriend_PWD"], null)) && (!object.Equals(Request.Cookies["RFriend_UID"], null)))
{
if ((!object.Equals(Request.Cookies["RFriend_Email"].Value, "")) && (!object.Equals(Request.Cookies["RFriend_PWD"].Value, "")) && (!object.Equals(Request.Cookies["RFriend_UID"], "")))
{
Session["Email"] = Request.Cookies["RFriend_Email"].Value;
Session["Password"] = Request.Cookies["RFriend_PWD"].Value;
Session["Id"] = Request.Cookies["RFriend_UID"].Value;
}
else
{
}
}
推荐答案
登录控件是否剥离输入内容,以便保护您的站点免受SQL攻击,或者任何人都可以通过猜测您的表名登录或擦除您的数据库随心所欲吗?
从Cookie读取值的代码在哪里?您是否发现人们可以找到读取这些Cookie值的方法?
Does the login control strip the inputs so that your site is protected from SQL attacks, or can anyone login by guessing your table names, or erase your DB at will ?
Where is your code to read the values from your cookie ? Did it occur to you that people can find ways to read those cookie values ?
这篇关于使用默认控件存储登录信息时出现问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
