如何在asp.net中的登录页面上设置安全性 [英] How to set security on Login Page in asp.net
本文介绍了如何在asp.net中的登录页面上设置安全性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个登录页面和一个欢迎页面. 我已经在数据库中保存了用户详细信息.
I have a login page and a welcome page. I have saved user details in my database.
它工作正常,但问题是用户可以通过更改网页的网址来直接进入欢迎页面而无需登录. 如何设置没有登录的用户无法进入欢迎页面.
It is working fine but problem is that user can go to the welcome page without login by changing the url of the webpage. How to set that without login user can not go to welcome page.
这是我的登录页面代码-
Here is my login page code-
Login.aspx.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Data.SqlClient;
public partial class Login : System.Web.UI.Page
{
string con_string = ConfigurationManager.ConnectionStrings["testAzharConnectionString"].ConnectionString;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click1(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(con_string);
string query = ("select count(*) from UserProfile where UserId ='" + txtUserId.Text + "' and Password='" + txtPassword.Text + "'");
SqlCommand cmd = new SqlCommand(query, con);
cmd.Connection = con;
con.Open();
int u = Convert.ToInt32(cmd.ExecuteScalar());
con.Close();
Captcha1.ValidateCaptcha(txtCaptcha.Text.Trim());
if (u > 0 && Captcha1.UserValidated)
{
Response.Cookies["txtUserName"].Value = txtUserId.Text;
Response.Redirect("Main.aspx");
}
else if (u == 0)
{
lblCaptcha.Text = "Unauthorized User";
txtCaptcha.Text = "";
txtUserId.Text = "";
txtPassword.Text = "";
}
else
{
lblCaptcha.ForeColor = System.Drawing.Color.Red;
lblCaptcha.Text = "You have Entered InValid Captcha Characters please Enter again";
txtCaptcha.Text = "";
}
}
}
Login.aspx
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Login.aspx.cs" Inherits="Login" %>
<%@ Register Assembly="MSCaptcha" Namespace="MSCaptcha" TagPrefix="rsv" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
<title>Login</title>
<link rel="Stylesheet" href="StyleSheet.css" type="text/css" />
</head>
<body>
<form id="form1" runat="server">
<h1>Expense Management</h1>
<h3>Please Login to manage Company Expenses.</h3>
<table align="center" border="2" width="300">
<tr>
<td>User Id:</td>
<td><asp:TextBox ID="txtUserId" runat="server"></asp:TextBox></td>
</tr>
<tr>
<td>Password</td>
<td><asp:TextBox ID="txtPassword" TextMode="Password" runat="server"></asp:TextBox></td>
</tr>
<tr>
<td colspan="2">
<rsv:CaptchaControl ID="Captcha1" runat="server" CaptchaLength="5"
CaptchaHeight="60" CaptchaMinTimeout="5" CaptchaMaxTimeout="200"
ForeColor="#00FFCC" BackColor="White" CaptchaChars="ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"
FontColor="Red" Width="177px"/>
</td>
</tr>
<tr>
<td>Enter Captcha:</td>
<td><asp:TextBox ID="txtCaptcha" runat="server"></asp:TextBox></td>
</tr>
<tr>
<td><asp:Button ID="Button1" runat="server" Text="Login" onclick="Button1_Click1" /></td>
<td><asp:Label ID="lblCaptcha" runat="Server" ForeColor="Red"></asp:Label></td>
</tr>
<tr>
<td>
<asp:HyperLink ID="linkForgetPassword" runat="server" ForeColor="Red" NavigateUrl="~/ForgetPassword.aspx">Forget Password ?</asp:HyperLink></td>
</tr>
</table>
</form>
</body>
</html>
请告诉我如何在登录页面上设置安全性.
Please tell me how to set security on my login page.
推荐答案
C#代码:(设置会话)
C# Code : (Setting the Session)
protected void BtnLogin_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(con_string);
string query = ("select count(*) from UserProfile where UserId ='" + txtUserId.Text + "' and Password='" + txtPassword.Text + "'");
SqlCommand cmd = new SqlCommand(query, con);
cmd.Connection = con;
con.Open();
int u = Convert.ToInt32(cmd.ExecuteScalar());
con.Close();
Captcha1.ValidateCaptcha(txtCaptcha.Text.Trim());
if (u > 0 && Captcha1.UserValidated)
{
// Adding Session to your page
Session["user"] = txtUserId.Text;
Response.Cookies["txtUserName"].Value = txtUserId.Text;
Response.Redirect("Main.aspx");
}
else if (u == 0)
{
lblCaptcha.Text = "Unauthorized User";
txtCaptcha.Text = "";
txtUserId.Text = "";
txtPassword.Text = "";
}
else
{
lblCaptcha.ForeColor = System.Drawing.Color.Red;
lblCaptcha.Text = "You have Entered InValid Captcha Characters please Enter again";
txtCaptcha.Text = "";
}
}
在您要限制访问的页面上,在加载页面之前检查:
on the page you want restricted access, check before loading the page :
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Session["user"] != null)
{
// Checking this session on the page, on the page load event.
if (Session["user"] != null)
{
Response.Redirect("Home1.aspx");
}
}
else
{
Response.Redirect("Login.aspx");
}
}
}
最后,不要忘记在注销或全局文件中销毁会话.还要使用hashing to secure your password并进行比较.
Last of all, Don't forget to destroy the session on logout or in Global file. Also use hashing to secure your password and comparing them.
这篇关于如何在asp.net中的登录页面上设置安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
