我在login.aspx中放了一个login控件,在login.aspx.cs中写了如下登录代码: protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
bool Authenticated = false;
Authenticated = SiteLevelCustomAuthenticationMethod(Login1.UserName, Login1.Password);
e.Authenticated = Authenticated;
if (Authenticated == true)
{
Response.Redirect("MainForm.aspx");
}
}
private bool SiteLevelCustomAuthenticationMethod(string UserName, string Password)
{
bool boolReturnValue = false;
ConnectionStringSettings cs = ConfigurationManager.ConnectionStrings["CS"];
string strConnection = cs.ConnectionString;
SqlConnection Connection = new SqlConnection(strConnection);
String strSQL = "Select * From 用户";
SqlCommand command = new SqlCommand(strSQL, Connection);
SqlDataReader Dr;
Connection.Open();
Dr = command.ExecuteReader();
while (Dr.Read())
{
if ((UserName == Dr["工号"].ToString()) & (Password == Dr["密码"].ToString()))
{
boolReturnValue = true;
Session["username"] = Dr["姓名"].ToString();
Session["role"] = Dr["角色"].ToString();
}
}
Connection.Close();
return boolReturnValue;
web.config中写了如下配置:<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings/>
<connectionStrings>
<add name="CS" connectionString="Data Source=#######;Initial Catalog=DJS;Persist Security Info=True;User ID=sa;Password=******"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="true">
</compilation>
<authentication mode="Forms">
<forms name=".FormsAuthCookie" timeout="30" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>为什么登陆的时候,不提示登录失败,但始终停留在登陆页面
如果把“<authorization>
<deny users="?" />
</authorization>
”这段去掉,能够登录,但是其他页面匿名用户也能访问了应该怎么弄啊
??
{
bool Authenticated = false;
Authenticated = SiteLevelCustomAuthenticationMethod(Login1.UserName, Login1.Password);
e.Authenticated = Authenticated;
if (Authenticated == true)
{
Response.Redirect("MainForm.aspx");
}
}
private bool SiteLevelCustomAuthenticationMethod(string UserName, string Password)
{
bool boolReturnValue = false;
ConnectionStringSettings cs = ConfigurationManager.ConnectionStrings["CS"];
string strConnection = cs.ConnectionString;
SqlConnection Connection = new SqlConnection(strConnection);
String strSQL = "Select * From 用户";
SqlCommand command = new SqlCommand(strSQL, Connection);
SqlDataReader Dr;
Connection.Open();
Dr = command.ExecuteReader();
while (Dr.Read())
{
if ((UserName == Dr["工号"].ToString()) & (Password == Dr["密码"].ToString()))
{
boolReturnValue = true;
Session["username"] = Dr["姓名"].ToString();
Session["role"] = Dr["角色"].ToString();
}
}
Connection.Close();
return boolReturnValue;
web.config中写了如下配置:<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings/>
<connectionStrings>
<add name="CS" connectionString="Data Source=#######;Initial Catalog=DJS;Persist Security Info=True;User ID=sa;Password=******"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="true">
</compilation>
<authentication mode="Forms">
<forms name=".FormsAuthCookie" timeout="30" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>为什么登陆的时候,不提示登录失败,但始终停留在登陆页面
如果把“<authorization>
<deny users="?" />
</authorization>
”这段去掉,能够登录,但是其他页面匿名用户也能访问了应该怎么弄啊
??
解决方案 »
- .net 报表(rdlc)中 textbox怎么设置多行行距?
- 急求一篇英文文献+中文翻译 5000字左右,asp或c#或数据库方面的,急用,大家帮忙啊
- 谁知道一个第三方控件能将WORD窗口嵌入Winform
- 如何用GDI+生成镜面图像?
- 初学者问:vs2003中启动正常,直接运行.exe报system.outofmemoryException错误
- 如何用获取WORD文件页数
- 请问怎样实现blog增减版块?(我是初学者,请多多帮助)
- c#中,怎么得到系统目录?
- 特急:用程序实现由ACCESS向SQL导入数据过程中遇到的错误,请高手帮忙看看。
- c#的interfaces和java中的interface相差多少?
- 报错“调用目标发生异常”问题
- 卸载时删除虚拟目录,出错,恳请高手相助
<forms name=".FormsAuthCookie" timeout="30" />
<allow users="?" />
</authentication>
<forms name=".FormsAuthCookie" timeout="30" />
<deny users="?" />
</authentication>
刚看错了,,
authentication的顺序。
if ((UserName == Dr["工号"].ToString()) & (Password == Dr["密码"].ToString()))
//这应该是与的关系吧 你这是“异或”吧?
{
boolReturnValue = true;
Session["username"] = Dr["姓名"].ToString();
Session["role"] = Dr["角色"].ToString();
}
&注意这个
| --------------------- 按位或
^ --------------------- 按位异或“&”不就是“与”吗?我还是觉得我的登录代码没有把用户变成非匿名用户,因为在Web.config中deny匿名用户就始终停留在Login页面,如果不deny匿名用户,就可以完成正常登录和使用那么"e.Authenticated = true;"这句代码到底能不能通过cookie的验证啊,将当前用户变成非匿名用户啊??
Web.config配置没有问题,关键还是如我上面分析的那样,"e.Authenticated = true;"并没有完成验证,所以当前用户还是匿名的,只有加上"FormsAuthentication.RedirectFromLoginPage(Login1.UserName, false);"当前用户才会验证通过,成为非匿名用户,今天高手都不在吗?