在使用vb.net登录控件时,我是新手,所以请耐心等待......
Tp start我正在使用ASP.net 4.0和vb.net。
好的,我有一个简单的登录控件,可以根据sql数据库验证用户。 (我正在使用hostgator托管所以我无法使用正常的Windows身份验证)。现在我遇到的最大问题是,如果会话超时并且您被重定向到登录页面,那么无论您在登录表单中输入的用户名/密码是什么,它都会让您直接进入,即使用户名和密码错误或用户不存在?
如何确保登录控件真正对用户进行身份验证?
非常感谢任何帮助。 谢谢!
Public strLoginErrorMsg As String
Public type As String
Public rowcount As String
Protected Sub login_sbts_Authenticate(sender As Object, e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles login_sbts.Authenticate
Dim bauthenticated As Boolean = False
bauthenticated = isValidUser(login_sbts.UserName, login_sbts.Password)
If bauthenticated Then
e.Authenticated = True
Else
e.Authenticated = False
End If
lblInfo.Text = type
FormsAuthentication.RedirectFromLoginPage(Me.login_sbts.UserName, True)
If type = "ADMIN" Then
Response.Redirect("dailynote.aspx")
Else
Response.Redirect("other.aspx")
End If
End Sub
Private Function isValidUser(ByVal username As String, ByVal pwd As String) As [Boolean]
Dim con As New SqlConnection("Data Source=localhost;Initial Catalog=sbts-scheduling;User ID=userid;Password=password;")
Dim cmd As New SqlCommand("select * from tblusers where UserName='" & username & "' and Password='" & pwd & "'")
cmd.Connection = con
Dim dt As New DataTable()
Dim da As New SqlDataAdapter(cmd)
con.Open()
da.Fill(dt)
con.Close()
If dt.Rows.Count = 0 Then
strLoginErrorMsg = "Invalid User Name/Password"
dt.Dispose()
Return False
Else
type = dt.Rows(0).Item("UserType").Trim()
Session("usertype") = type
End If
Return True
End Function
Protected Sub login_sbts_LoginError(sender As Object, e As System.EventArgs) Handles login_sbts.LoginError
login_sbts.FailureText = strLoginErrorMsg
End Sub
答案 0 :(得分:0)
实际上......问题可能在你对FormsAuthentication.RedirectFromLoginPage的调用中有所帮助。但我冒昧地清理了你的代码。我还在您的身份验证方法中添加了FormsAuthentication.SetAuthCookie ..该cookie的名称和持续时间将在您的web.config文件中配置..或您的“配置设置”。
除非您愿意继承,清除和替换ASP.NET默认的FormAuthenticationModule ..否则您将不得不依赖web.config配置设置。
Public strLoginErrorMsg As String
Public type As String
Public rowcount As String
Protected Sub login_sbts_Authenticate(sender As Object, e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles login_sbts.Authenticate
If isValidUser(login_sbts.UserName, login_sbts.Password) Then
e.Authenticated = True
FormsAuthentication.SetAuthCookie(login_sbts.UserName, false, "/")
lblInfo.Text = type
If type = "ADMIN" Then
Response.Redirect("dailynote.aspx")
Else
FormsAuthentication.RedirectFromLoginPage(Me.login_sbts.UserName, True)
'Response.Redirect("other.aspx")
End If
Else
e.Authenticated = false
End If
End Sub
Private Function isValidUser(ByVal username As String, ByVal pwd As String) As Boolean
isValidUser = False
Dim conn As New SqlConnection("Data Source=localhost;Initial Catalog=sbts-scheduling;User ID=userid;Password=password;")
Dim cmd As New SqlCommand("select * from tblusers where UserName='" & username & "' and Password='" & pwd & "'", conn)
Using conn
conn.open
Using reader As system.data.sqlclient.SqlDataReader = comm.ExecuteReader
If reader.Count > 0 Then
'Not Checking for multible records here.
While reader.read
If Not( IsDBNull(reader("UserType")) Then
Session("usertype") = reader("UserType").Trim()
IsValidUser = True
End If
End While
End If
End Using
If Not( conn.State = State.Close) Then
conn.Close
End If
End Using
End Function
Protected Sub login_sbts_LoginError(sender As Object, e As System.EventArgs) Handles login_sbts.LoginError
login_sbts.FailureText = strLoginErrorMsg
End Sub
我建议你研究继承MembershipProvider。它使得使用asp服务器标签更容易,因为您只需在标签的属性中指定您的提供程序。 (在您的web.config,app.config ..或通过IIS引用并正确配置它之后(将需要放置在Global Cache Assembly中,并且所有其他循环都要成为可信赖的提供者。)