<验证模式=“表格">不起作用? [英] <authentication mode="Forms"> doesnt work?

问题描述

我有一个登录页面，用户可以在其中登录.使用正确的详细信息登录后，他们将被发送到主管理页面.如果他们无法登录，他们将停留在登录页面上.我想做的是，如果是随机用户，则在他们未登录时将输入管理员页面的URL，而他们正在重定向到登录页面.

I have a login-page where users can log in. When they logging in with correctly details they are sent to an main admin-page. If they cant log in they are staying on the login-page. What I want to do is, if a random user, type in the URL for an admin-page when they are not logged in they are redirecting to the login-page.

我了解我必须在母版页或webconfig中完成！！！我有一个主要的管理页面和其他一些管理页面.

I have understood that I have to do it in the masterpage or webconfig!?! I have a main admin-page and some other admin-pages.

有什么提示吗?

我试图将其插入到我的webconfig中:

I tried to insert this into my webconfig:

<authentication mode="Forms">
    <forms loginUrl="InnUtlogging.aspx" timeout="2880"/>
  </authentication>

这是我的登录"按钮(在登录页面上)的代码；

here is my code for the "login"-button (on the login-page);

protected void Button1_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True");
        con.Open();
        SqlCommand cmd = new SqlCommand("select * FROM Ansatt WHERE epost='" + brukernavn.Text + "' and passord='" + passord.Text + "'");
        cmd.Connection = con;
        int OBJ = Convert.ToInt32(cmd.ExecuteScalar());

        if (OBJ > 0)

            {
            Session["name"] = brukernavn.Text;
            Response.Redirect("KunstnerAdmin.aspx");
        }
        else
            {
                melding.Text = "Feil brukernavn/passord";
            }
        if (brukernavn.Text == "")
        {
            melding.Text = "Du må fylle inn brukernavn";

        }
        if (passord.Text == "")
        {
            melding.Text = "Du må fylle inn passord";
        }
        }

登录"页面上的代码适用于该页面，但是我实际上要检查用户是否已登录母版页.我可以在母版页中做些什么来激活表单身份验证?

The code on the "login"-page works for that page, but I actually want to check if user is logged in in the master-page. Is there something I can do in the masterpage to activate the forms authentication?

推荐答案

您的代码缺少许多 FormsAuthentication 的代码.

Your code is missing a lot of pieces for FormsAuthentication.

首先，该代码易于

First of all, the code is prone to SQL Injection attack. You want to consider using Parameterized Query.

protected void Button1_Click(object sender, EventArgs e)
{
    // After validation successful 
    bool rememberMe = false; // Make it false for now
    FormsAuthentication.RedirectFromLoginPage(brukernavn.Text, rememberMe);
}

Global.asax.cs

您需要这样做以便从Cookie中检索用户名，并将其保存在IPrincipal Object中.

Global.asax.cs

You need this in order to retrieve the username from cookie, and save it in IPrincipal Object.

public class Global : HttpApplication
{
    private void Application_AuthenticateRequest(object sender, EventArgs e)
    {
        HttpCookie decryptedCookie =
            Context.Request.Cookies[FormsAuthentication.FormsCookieName];

        FormsAuthenticationTicket ticket =
            FormsAuthentication.Decrypt(decryptedCookie.Value);

        var identity = new GenericIdentity(ticket.Name);
        var principal = new GenericPrincipal(identity, null);

        HttpContext.Current.User = principal;
        Thread.CurrentPrincipal = HttpContext.Current.User;
    }
}

web.config

<authentication mode="Forms">
   <forms loginUrl="~/InnUtlogging.aspx" />
</authentication>

用法

protected void Page_Load(object sender, EventArgs e)
{
    if (User.Identity.IsAuthenticated)
    {
        string username = User.Identity.Name;
    }
}

这篇关于<验证模式=“表格">不起作用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！