我必须向网站管理员实施asp.net login control:
我做的是:
我做了3件事
在网站管理员中,我写了以下内容:
<form id="form1" runat="server">
<div>
<asp:Login ID="Login1" runat="server" OnAuthenticate="Login1_Authenticate" OnLoginError="Login1_LoginError">
</asp:Login>
</div>
<div>
<asp:ContentPlaceHolder ID="ContentPlaceHolder1" runat="server">
</asp:ContentPlaceHolder>
</div>
</form>
在后面的代码中,我写了以下内容:
public partial class SiteMaster1 : System.Web.UI.MasterPage
{
protected void Page_Load(object sender, EventArgs e)
{
if (!this.IsPostBack)
ViewState["LoginErrors"] = 0;
}
#region Login Functionality
/// <summary>
/// will validation if the username and password while click on login button from asp.net login button
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
if (YourValidationFunction(Login1.UserName, Login1.Password))
{
//e.Authenticated = true;
Login1.Visible = false;
//MessageLabel.Text = "Successfully Logged In";
}
else
{
e.Authenticated = false;
}
}
/// <summary>
/// Will show the error
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Login1_LoginError(object sender, EventArgs e)
{
if (ViewState["LoginErrors"] == null)
ViewState["LoginErrors"] = 0;
int ErrorCount = (int)ViewState["LoginErrors"] + 1;
ViewState["LoginErrors"] = ErrorCount;
if ((ErrorCount > 3) && (Login1.PasswordRecoveryUrl != string.Empty))
Response.Redirect(Login1.PasswordRecoveryUrl);
}
/// <summary>
/// function to check the username and password to server
/// </summary>
/// <param name="UserName"></param>
/// <param name="Password"></param>
/// <returns></returns>
private bool YourValidationFunction(string UserName, string Password)
{
bool boolReturnValue = false;
string strConnection = "i wrote correct string, cannot write here on stackoverflow";
SqlConnection sqlConnection = new SqlConnection(strConnection);
String SQLQuery = "SELECT UserName, Password FROM aspnet_Users";
SqlCommand command = new SqlCommand(SQLQuery, sqlConnection);
SqlDataReader Dr;
sqlConnection.Open();
Dr = command.ExecuteReader();
while (Dr.Read())
{
if ((UserName == Dr["UserName"].ToString()) & (Password == Dr["Password"].ToString()))
{
boolReturnValue = true;
}
Dr.Close();
return boolReturnValue;
}
return boolReturnValue;
}
#endregion
}
我的问题是:我想管理如何显示
Asp.Net登录控制:
让我们说,当我转到其他页面webform1.aspx时,我仍然可以看到asp.net登录控件(即使我隐藏了该控件)。而不是这个,我想显示welcome [Username]
答案 0 :(得分:0)
将Login控件的DestinationPageUrl属性设置为您想要的页面
作为旁注,您验证用户的方法存在严重问题
private bool YourValidationFunction(string UserName, string Password)
{
bool boolReturnValue = false;
string strConnection = "i wrote correct string, cannot write here on stackoverflow";
String SQLQuery = "SELECT count(*) FROM aspnet_Users where Username=@uname AND Password = @pwd";
using(SqlConnection sqlConnection = new SqlConnection(strConnection))
using(SqlCommand command = new SqlCommand(SQLQuery, sqlConnection))
{
sqlConnection.Open();
command.Parameters.AddWithValue("@uname", Username);
command.Parameters.AddWithValue("@pwd", Password);
int result = Convert.ToInt32(command.ExecuteScalar());
boolReturnValue = (result > 0);
}
return boolReturnValue;
}
在重写函数时,我使用using statement确保在使用后关闭并销毁连接。我还引入了parameterized query以避免Sql Injection问题,我已经更改了查询命令以使用ExecuteScalar方法
连接是一种宝贵的资源,应该在使用后立即发布到操作系统。 using语句确保即使在异常情况下连接也会关闭并放置在右括号中。参数化查询避免将恶意字符串传递给数据库,并允许框架在数值中正确格式化字符串,日期和小数。当您只需要从数据库返回的单个值时,ExecuteScalar非常有用,就像您只需要知道数据库中是否存在对用户+密码一样。