首先在Web.config文件里修改相应信息如下:
<authentication mode="Forms" >
<forms name=".ASPXUSERDADIFH" loginUrl="Login.aspx" protection="All" timeout="30" path="/"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
下面一段为登录按钮触发的事件
if ( Page.IsValid )
{
string userID = txtAccount.Text ;
string userPwd = txtPassWord.Text ;
UserLogin userLogin = new UserLogin();
UserInfo userInfo;
string errMsg; if ( userLogin.UserAuthentication(userID,userPwd, out userInfo, out errMsg) )
{
//userLog setLogData=new userLog();
//string IP=Page.Request.UserHostAddress;
//string loginTime=DateTime.Now.ToString();
//setLogData.setUserLog(userID,loginTime,IP);
Session.Add("LoginUserInfo",userInfo);
FormsAuthentication.RedirectFromLoginPage(userID,false);
}
else
{
ErrMsg.Text=errMsg;
}
}
<authentication mode="Forms" >
<forms name=".ASPXUSERDADIFH" loginUrl="Login.aspx" protection="All" timeout="30" path="/"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>
下面一段为登录按钮触发的事件
if ( Page.IsValid )
{
string userID = txtAccount.Text ;
string userPwd = txtPassWord.Text ;
UserLogin userLogin = new UserLogin();
UserInfo userInfo;
string errMsg; if ( userLogin.UserAuthentication(userID,userPwd, out userInfo, out errMsg) )
{
//userLog setLogData=new userLog();
//string IP=Page.Request.UserHostAddress;
//string loginTime=DateTime.Now.ToString();
//setLogData.setUserLog(userID,loginTime,IP);
Session.Add("LoginUserInfo",userInfo);
FormsAuthentication.RedirectFromLoginPage(userID,false);
}
else
{
ErrMsg.Text=errMsg;
}
}
TextBox1为你输入的用户名,或者密码的文本框
登陆事件里
this.Session["orderuid"]=this.TextBox1.Text.Trim();
this.Response.Write("<script>window.location='a.aspx';</script>");
a.aspx的PAGE—LOAD里写
if(this.Session["orderuid"]!=null)
{ this.Response.Write("<script>alert('定单已经形成,请继续付款!')</script>");
this.Response.Write("<script>window.location='login.aspx';</script>");return;
}
至于你说已经登陆了,手工写URL,当然可以浏览了,因为你已经登陆了,这个不用考虑。
看petshop3.0,就是这么作的。
Con.ConnectionString = "Data Source = xxx;User ID = xxx;Password = xxx;Initial CataLog = xxx";
string SqlStr= "Select count(*) from db_user where usernumber = '"
+ TxtUserID.Text.Trim().ToString()+"'and userpassword = '"
+ TxtUserPsd.Text.Trim().ToString()+"'";
SqlCommand Com = new SqlCommand();
Com.CommandText = SqlStr;
Com.Connection = Con;
Con.Open();
int count = (int)Com.ExecuteScalar();
//判断数据库中是否有值
if(count==1)
{
//把用户信息存入session中
String[] userInfo = new String[2];
userInfo[0] = usernumberTxt;
userInfo[1] = userpasswordTxt;
Session["user_info"] = userInfo;
//转到别的页面
Response.Redirect("a.aspx");
}
//如果数据库不存在用户信息,则......
else
{
...............
}
Con.Close();到a.aspx程序中,在Page_Load()方法里,首先判断session的用户信息值是否为空,这是很安全的啦。
private void Page_Load(object sender, System.EventArgs e)
{
if (session.IsNewSession || session["user_info"] == null)
{
throw new Exception("会话超时");
}
}
假如你需要用到用户信息,可以直接从session中得到
String[] userInfo = new String[2];
userInfo[0] = Session["user_id"].ToString();
userInfo[1] = Session["user_name"].ToString();