<验证模式=“表格">不起作用? [英] <authentication mode="Forms"> doesnt work?
问题描述
我有一个登录页面,用户可以在其中登录.使用正确的详细信息登录后,他们将被发送到主管理页面.如果他们无法登录,他们将停留在登录页面上.我想做的是,如果是随机用户,则在他们未登录时将输入管理员页面的URL,而他们正在重定向到登录页面.
I have a login-page where users can log in. When they logging in with correctly details they are sent to an main admin-page. If they cant log in they are staying on the login-page. What I want to do is, if a random user, type in the URL for an admin-page when they are not logged in they are redirecting to the login-page.
我了解我必须在母版页或webconfig中完成!!!我有一个主要的管理页面和其他一些管理页面.
I have understood that I have to do it in the masterpage or webconfig!?! I have a main admin-page and some other admin-pages.
有什么提示吗?
我试图将其插入到我的webconfig中:
I tried to insert this into my webconfig:
<authentication mode="Forms">
<forms loginUrl="InnUtlogging.aspx" timeout="2880"/>
</authentication>
这是我的登录"按钮(在登录页面上)的代码;
here is my code for the "login"-button (on the login-page);
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True");
con.Open();
SqlCommand cmd = new SqlCommand("select * FROM Ansatt WHERE epost='" + brukernavn.Text + "' and passord='" + passord.Text + "'");
cmd.Connection = con;
int OBJ = Convert.ToInt32(cmd.ExecuteScalar());
if (OBJ > 0)
{
Session["name"] = brukernavn.Text;
Response.Redirect("KunstnerAdmin.aspx");
}
else
{
melding.Text = "Feil brukernavn/passord";
}
if (brukernavn.Text == "")
{
melding.Text = "Du må fylle inn brukernavn";
}
if (passord.Text == "")
{
melding.Text = "Du må fylle inn passord";
}
}
登录"页面上的代码适用于该页面,但是我实际上要检查用户是否已登录母版页.我可以在母版页中做些什么来激活表单身份验证?
The code on the "login"-page works for that page, but I actually want to check if user is logged in in the master-page. Is there something I can do in the masterpage to activate the forms authentication?
推荐答案
您的代码缺少许多 FormsAuthentication 的代码.
Your code is missing a lot of pieces for FormsAuthentication.
First of all, the code is prone to SQL Injection attack. You want to consider using Parameterized Query.
protected void Button1_Click(object sender, EventArgs e)
{
// After validation successful
bool rememberMe = false; // Make it false for now
FormsAuthentication.RedirectFromLoginPage(brukernavn.Text, rememberMe);
}
Global.asax.cs
您需要这样做以便从Cookie中检索用户名,并将其保存在IPrincipal Object中.
Global.asax.cs
You need this in order to retrieve the username from cookie, and save it in IPrincipal Object.
public class Global : HttpApplication
{
private void Application_AuthenticateRequest(object sender, EventArgs e)
{
HttpCookie decryptedCookie =
Context.Request.Cookies[FormsAuthentication.FormsCookieName];
FormsAuthenticationTicket ticket =
FormsAuthentication.Decrypt(decryptedCookie.Value);
var identity = new GenericIdentity(ticket.Name);
var principal = new GenericPrincipal(identity, null);
HttpContext.Current.User = principal;
Thread.CurrentPrincipal = HttpContext.Current.User;
}
}
web.config
<authentication mode="Forms">
<forms loginUrl="~/InnUtlogging.aspx" />
</authentication>
用法
protected void Page_Load(object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
{
string username = User.Identity.Name;
}
}
这篇关于<验证模式=“表格">不起作用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!